The International Association for the Study of Arabia (“the IASA”) needs to collect and use certain types of information (“personal data”) about its members, staff, volunteers, supporters and sponsors (“the data subjects”) in order to carry on its activities. Personal data must be collected and dealt with in accordance with the General Data Protection Regulation (EU Regulation 2016/679) and the Data Protection Act 2018.
Collection, processing and use
(a) The IASA will take all necessary measures to ensure that it will be able to adhere to the Principles in Article 5 of the Regulation and the six data protection principles in sections 86 to 91 of the Act.
(b) When collecting personal data, the IASA will tell the data subject what the data will be used for.
(c) The IASA will ensure that personal data will be stored securely; accessible only to authorised staff and authorised volunteers; kept up to date; corrected if requested by the data subject; retained for only as long as either it is –
• needed for the purpose for which the data was collected or a purpose to which the data subject has since consented, or
• required or permitted by law to be retained; disposed of in accordance with the Regulation and the Act.
(d) The IASA will maintain a procedure for responding to a request from a data subject for access to personal data held by the IASA. Requests for personal data held by the IASA should be made in writing to the Chair (by email or by post c/o55 Cromer Street
York YO306DL) and will be fulfilled within 24 working days.
• The IASA will not disclose personal data to another person unless the data subject consents, or
• the law requires or permits disclosure without consent.