The Brussels Childbirth Trust (BCT) needs to keep certain information (including personal and sensitive information) on its members to carry out its day to day operations, to meet its objectives and to comply with legal obligations.
The organisation is committed to ensuring any personal data will be dealt with fairly, stored safely and not disclosed to any other person unlawfully. Data will only be accessible by those volunteers who require it for their volunteering role with the BCT.
The aim of this policy is to ensure that everyone handling personal data is fully aware of the requirements and acts in accordance with data protection procedures. This document refers to the “Privacy Act” to refer to the current Privacy Act in force in Belgium see footnote 1. This document also highlights key data protection procedures within the organisation.
This policy covers volunteers working for the BCT, and website host.
This policy also outlines to our members how data collect is used within the BCT.
In line with the Privacy Act, the BCT will ensure that personal data (including sensitive information) will:
• Be obtained fairly and lawfully and shall not be processed unless necessary
• Be obtained for a specific and lawful purpose
• Be adequate, relevant but not excessive
• Be accurate and kept up to date
• Not be held longer than necessary
• Be processed in accordance with the rights of data subjects
• Be subject to appropriate security measures
• Not to be transferred outside the European Economic Area (EEA)
The definition of ‘Processing’ is obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes paper based personal data as well as that kept on computer.
In reference to the Privacy Act the data we process is non-encoded personal data. That is personal data which has not been encoded.
The definition of “Personal data” and “Personal information” includes sensitive information.
The organisation will seek to abide by 5 principles in relation to all the personal data it processes, i.e.
• Accountability: those handling personal data follow publicised data principles to help gain public trust and safeguard personal data.
• Visibility: Data subjects should have access to the information about themselves that an organisation holds. This includes the right to have incorrect personal data corrected and to know who has had access to this data.
• Consent: The collection and use of personal data must be fair and lawful. Personal data should only be used for the purposes agreed by the data subject. If personal data is to be shared with a third party or used for another purpose, the data subject’s consent should be explicitly obtained.
• Access: Everyone should have the right to know the roles and groups of people within an organisation who have access to their personal data and who has used this data.
• Stewardship: Those collecting personal data have a duty of care to protect the data.
Type of information processed and its uses
The BCT processes the following personal information:
• Physical and virtual addresses;
• Phone number(s);
• Membership status;
• Country of origin;
• Personal details;
• Role within the BCT if relevant.
Personal information is kept in the following forms:
• Electronically within the database;
• Spreadsheets on personal computers;
• In personal and BCT e-mail addresses.
Groups of people within the organisation who will process personal information are:
• Executive team (Vice President, President, Past President and Treasurer);
• Membership team;
• Services team;
• Group leaders;
• Special interest groups;
• Volunteers co-ordinator
• Experiences Register team will come across sensitive information on members but only as is provided by the member themselves.
Overall responsibility for personal data in an “asbl” (not for profit organisation) rests with the governing body. In the case of the BCT, this is the board.
The BCT board delegates tasks to the team leaders for the membership and services teams. The team leaders are responsible for:
• understanding and communicating obligations under the Privacy act through signing of the BCT data protection policy (this document or the one page version of this document);
• identifying potential problem areas or risks;
• producing clear and effective procedures for their team.
All volunteers who process personal information must ensure they not only understand but also act in line with this policy and the Privacy act.
Breach of this policy will result in disciplinary proceedings.
To meet our responsibilities volunteers will:
• Ensure any personal data is collected in a fair and lawful way;
• Explain why it is needed at the start;
• Ensure that only the minimum amount of information needed is collected and used;
• Ensure the information used is up to date and accurate;
• Review the length of time information is held;
• Ensure it is kept safely;
• Ensure the rights people have in relation to their personal data can be exercised
We will ensure that:
• Everyone managing and handling personal information is informed how to do so (including ensuring computers are password protected);
• For roles where personal information will be processed, simple data protection requirements will be outlined in the Role Description to ensure the volunteer is aware of their responsibilities;
• Anyone wanting to make enquiries about handling personal information, whether a member of staff, volunteer or service user, knows what to do;
• Any disclosure of personal data will be in line with our procedures.
• Queries about handling personal information will be dealt with swiftly and politely.
Awareness will be raised about the Privacy act and how it is followed in this organisation will take the following forms:
General awareness raising:
• Made aware of the Privacy act;
• Provided with a copy of this document;
• When training is complete this document is to be signed and a copy held for administrative purposes;
• Reminders sent to volunteers processing data on an annual basis.
Gathering and checking information
Before personal information is collected, we will consider: What information is necessary for providing BCT.
To ensure that personal information is kept accurate, information will be processed within an acceptable timeframe of new information being provided.
Personal and sensitive information will not be used apart from the exact purpose for which permission was given.
The organisation will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. The following measures will be taken:
• Data protection officer position voted on by the BCT board;
• Password protected database;
• Volunteers are only provided with the password when taking on a role requiring access to the information;
• Password to be changed when a volunteer with access no longer requires access;
• Data is backed up in the same process as the website, as the database forms part of the BCT website.
• Volunteers on the experiences register and services team who will have access to sensitive information are trained on confidentiality prior to working as a volunteer for the BCT.
Any unauthorised disclosure of personal data to a third party by a volunteer may result in disciplinary proceedings.
Subject Access Requests
Anyone whose personal information we process has the right to know:
• What information we hold and process on them
• How to gain access to this information
• How to keep it up to date
• What we are doing to comply with the Privacy act.
They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block or erase information regarded as wrong.
Individuals have a right under the Privacy act to access certain personal data being kept about them on computer and certain files. Any person wishing to exercise this right should apply in writing to the current President at firstname.lastname@example.org.
The following information will be required before access is granted:
• A current form of identification of person requesting information (passport or Belgian ID card);
• What information they require;
• Membership status (only current or previously-registered members of the BCT will be granted access to this information).
Queries about handling personal information will be dealt with swiftly and politely.
We will aim to comply with requests for access to personal information as soon as possible, but will ensure that rectifications are made within 1 month of the request as required by the Privacy act.
This policy will be updated whenever an issue arises or laws are changed to ensure it remains up to date and compliant with the law. The volunteer with the responsibility of Data Protection Officer will be responsible for making this update.
The current President is to inform the current Vice President of the data protection policy. This has been outlined in the Presidents Role Description.