The definition of ‘Processing’ is obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes paper based personal data as well as that kept on computer.
The definition of “Personal data” and “Personal information” includes sensitive information.
In line with the Belgian Privacy Act, all volunteers acting on behalf of the BCT will ensure that personal data will:
• Be obtained fairly and lawfully and shall not be processed unless necessary
• Be obtained for a specific and lawful purpose
• Be adequate, relevant but not excessive
• Be accurate and kept up to date
• Not be held longer than necessary
• Be processed in accordance with the rights of data subjects
• Be subject to appropriate security measures
• Not to be transferred outside the European Economic Area (EEA)
In that respect the BCT seeks to abide by 5 principles in relation to all the personal data it processes, i.e.
• Accountability: those handling personal data follow publicised data principles to help gain public trust and safeguard personal data.
• Visibility: Data subjects should have access to the information about themselves that an organisation holds. This includes the right to have incorrect personal data corrected and to know who has had access to this data.
• Consent: The collection and use of personal data must be fair and lawful. Personal data should only be used for the purposes agreed by the data subject. If personal data is to be shared with a third party or used for another purpose, the data subject’s consent should be explicitly obtained.
• Access: Everyone should have the right to know the roles and groups of people within an organisation who have access to their personal data and who has used this data.
• Stewardship: Those collecting personal data have a duty of care to protect this data.
To ensure that personal information is kept accurate, information will be processed within an acceptable timeframe of new information being provided.