In the course of its activities, Fettercairn Farmers Club processes Members Personal Data. In this respect, Fettercairn Farmers Club protects the Personal Data it processes on behalf of its Members by the implementation of appropriate technical, physical and administrative measures and controls. Such controls shall ensure that the processing of Personal Data in a consistent manner.
As a consequence of the above and taking into consideration standards, regulations and laws applicable in the field of data protection, and the requirements introduced by the European Regulation 2016/679 adopted on 27th April 2016 (hereinafter, the “EU Regulation”) Fettercairn Farmers Club will process data in accordance with the following principles:
a. Lawfulness – Personal Data shall be collected, and Processed with the Data Subject having given consent to the Processing or when Processing is legitimate or necessary in accordance with Applicable Data Protection Legislation;
b. Fairness – Personal Data Processing shall take into account the specific circumstances and context in which such Personal Data is Processed;
c. Transparency – Information and communication relating to the Processing of Personal Data shall be easily accessible, easy to understand, clear and in plain and simple language;
d. Purpose limitation – Personal Data shall be collected for specified, explicit and legitimate purposes and not further Processed in a manner that is incompatible with those purposes;
e. Data minimisation – Collected Personal Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are Processed
f. Accuracy – Personal Data shall be accurate and, where necessary, kept up to date. Every reasonable step must be taken to ensure that Personal Data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without undue delay;
g. Storage limitation – Personal Data shall be kept in a form which permits identification of Data Subjects for no longer than is necessary for the purposes for which the Personal Data is Processed or any other lawful retention;
h. Integrity and confidentiality – Personal Data shall be Processed in a manner that ensures appropriate security of the Personal Data, including protection against unauthorised or unlawful Processing and against accidental loss, destruction or damage, using appropriate technical, physical and administrative measures.
Due to the range of activities Fettercairn Farmers Club covers, Fettercairn Farmers Club may have to process various categories of Personal Data, such as:
• Financial data;
• Identification data;
• Sensitive Personal Data.
3. Our Committee and Employees
4. PRINCIPLES FOR PROCESSING PERSONAL DATA
The Applicable Data Protection Legislation defines a set of principles to be observed when Processing Personal Data. Fettercairn Farmers Club undertakes to comply with these principles as Data Controller.
When Personal Data is being Processed, it is required that such Processing relies upon an appropriate legal basis, such legal basis being the foundation that allows for lawful Processing.
Unless specifically authorised by Applicable Data Protection Legislation, Fettercairn Farmers Club shall ensure that it has ascertained a lawful, fair, explicit and legitimate purpose prior to any collection or Processing of Personal Data.
Fettercairn Farmers Club undertakes to ensure that the purposes it defines do not breach the Applicable Data Protection Legislation and appear to be legitimate while ensuring Personal Data is not further Processed in a manner that is incompatible with those purposes.
4.1 Minimising Personal Data collection
Fettercairn Farmers Club commits to collect and process Personal Data which is strictly adequate, relevant and limited to what is necessary in relation to the purposes for which it is Processed.
Personal Data shall not be collected widely in the perspective of a further undefined purpose.
4.2 Accuracy of the Personal Data
Fettercairn Farmers Club shall implement adequate measures and controls to ensure that the Personal Data it collects, and processes remains accurate and, where necessary kept up to date. To this end, Fettercairn Farmers Club undertakes to implement any required actions to take every reasonable step to ensure that Personal Data that is inaccurate, having regard to the purposes for which it is Processed, are erased or rectified.
4.3 Defining a Data Retention Period
Fettercairn Farmers Club will not keep the Personal Data for a longer period than is strictly necessary having regard to the purpose for which such Personal Data is collected. In this respect, Fettercairn Farmers Club commits to a data retention period of 6 years.
4.4 Implementing security measures
Fettercairn Farmers Club has implemented appropriate technical, physical and administrative measures and controls to ensure that Personal Data is not unlawfully accessed and/or Processed. Such technical, physical and administrative measures shall ensure a level of security appropriate to the risk, including, but not limited to, accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise Processed by Fettercairn Farmers Club.
4.5 Sharing data outside the Fettercairn Farmers Club
4.6 Implementing Personal Data Breach notification measures
Where a Personal Data Breach occurs, Fettercairn Farmers Club shall comply with the applicable Data Breach procedure adopted by Fettercairn Farmers Club.
In any case, Fettercairn Farmers Club will without undue delay, and where feasible, not later than 72 hours after having become aware of it, notify the Personal Data Breach to the competent supervisory authority, unless the Personal Data Breach is unlikely to result in a risk to the rights and freedoms of natural persons.
Fettercairn Farmers Club may also need to communicate to the Data Subjects about the Personal Data Breach where it results in a high risk to the rights and freedoms of natural persons. In such circumstances, the communication shall take place without undue delay, and shall cover the abovementioned elements as the one which would be communicated to the competent data protection authority.
5. Data Subjects’ rights
Fettercairn Farmers Club acknowledges that the Data Subject shall be entitled to – lodge a complaint with a supervisory authority, in particular in the member state of his or her habitual residence.
Pursuant to the Applicable Data Protection Legislation, Data Subjects are entitled to benefit from the following rights:
• Have access to the Personal Data relating to him/her and Processed by Fettercairn Farmers Club;
• Request the rectification or deletion of any inaccurate or incomplete Personal Data relating to him/her, and of any Personal Data with respect to which the purpose of Processing is no longer legal or appropriate;
• Request that the Personal Data Processing relating to him/her be limited;
• Object to the Processing of their Personal Data at any time, unless such Processing is required by applicable law and provided that the Data Subject demonstrates that he/she has a legitimate ground relating to his/her particular situation; and
• Receive their Personal Data in a structured, commonly used, machine-readable format and interoperable when the Processing is carried out by automated means.
6. Handling Data Subjects’ complaints
Such complaint will be handled by Fettercairn Farmers Club in due course and with particular care and attention according to the steps and timing defined herein. Such provisions are also be applicable in relation to Data Subjects requests to exercise their rights to access, update or delete their Personal Data.
In practice, complaints made by Data Subjects will be handled according to the procedure defined on our website.
Fettercairn Farmers Club commits to revert to a Data Subject with a reply to his/her complaint within one month from the date such complaint is lodged in accordance with the provisions herein.
In the event Fettercairn Farmers Club decides to reject a complaint made by a Data Subject, Fettercairn Farmers Club undertakes to inform such Data Subject about its decision and to provide him/her with information regarding the reason for such dismissal. In such a case, Fettercairn Farmers Club acknowledges that Data Subjects remain entitled to lodge a claim before a court and/or data protection authority.
In the event Fettercairn Farmers Club considers that a complaint made by a Data Subject is justified, Fettercairn Farmers Club commits to implement the corrective measures it deems adequate to remedy such situation as soon as reasonably possible. In addition, Fettercairn Farmers Club will also inform the concerned Data Subject once the corrective measures have been implemented and the situation is remedied.
7. DATA PROTECTION GOVERNANCE
Protecting Personal Data is not only a matter of compliance with privacy laws, but is part of the embodiment of Fettercairn Farmers Club’s core values. In this context, fostering a privacy culture within the group is essential to make all Committee Members, employees, and other persons whose conduct, in the performance of work is under the direct control of Fettercairn Farmers Club accountable for the protection of Personal Data Processed as part of Fettercairn Farmers Club’s operations.
Such training is aimed at: (i) individuals having permanent or regular access to Personal Data; and (ii) individuals involved in the collection of Personal Data.
8. TRANSPARENCY AND COOPERATION
Fettercairn Farmers Club, shall provide Data Subjects any information required by the Applicable Data Protection Legislation. Such information shall at the time when Personal Data is obtained, be composed at least of the following elements:
• The purposes of the Processing and its legal basis;
• The recipients of the Personal Data;
• The data retention period;
• The rights of the Data Subjects as defined under Section 7 above. (e.g. the existence of the right to request from the Data Controller access to and rectification or erasure of Personal Data or restriction of Processing concerning the Data Subject or to object to Processing as well as the right to data portability);
• The right to lodge a complaint before a supervisory authority;
• If the Processing is based on the consent of the Data Subjects, the right for them to withdraw their consent at any time without affecting the lawfulness of Processing based on consent before its withdrawal;
• If the Processing is based on Fettercairn Farmers Club’s legitimate interest, explanations regarding the said legitimate interest;
Fettercairn Farmers Club undertakes to provide such information to Data Subjects in accessible, easy to understand, clear and in plain and simple language
The audit program will enable Fettercairn Farmers Club to define:
• a reasonable frequency according to which audits shall be carried out;
• the expected scope of the audit; and
• the team in charge of the audit.
The results of each audit will be submitted to the Committee for information. Remedial actions will be defined with a prioritisation to determine a schedule for implementing such measures.
Fettercairn Farmers Club acknowledges that competent data protection authorities as well as Fettercairn Farmers Club’s Clients, if directly impacted by the audit, can request communication of the audit results and thus agree to grant them access thereto upon request. If required, Fettercairn Farmers Club entitles data protection authorities to carry out data protection audits themselves.