The General Data Protection Regulation comes into force on 25th May 2018 and replaces the Data Protection Act. This document acts as a general statement and overview of information for Stakeholders of the Karten Network.
Data Recorded – Data recorded on our internal systems is varied and can include contact information, names and photographs where supplied.
Data Shared – the Karten Network does not process or share any information without the express permission of the individual concerned. No personal data from our internal systems is shared to other organisations or third parties.
Retention – all decisions regarding data retention are at the discretion of the Data Protection Officer (DPO). We will not retain personal data for any longer than is necessary. What is deemed necessary will depend on the circumstances of each case, considering the reasons that the personal data was obtained, but should be determined in a manner consistent with current data retention guidelines.
Data Access – should a data subject access request be required, the Karten Network will provide details on request as to how to extract the relevant information to respond to a data subject access request.
Data Security – We will take necessary steps to keep personal data secure against loss or misuse. On the rare occasions that other organisations process personal data as a service on our behalf, the DPO will establish what, if any, additional specific data security arrangements need to be implemented in contracts with those third-party organisations. Maintaining appropriate standards of data protection is a collective task. All personal data must be secured against loss or misuse. User names and passwords may not be shared except for the disaster recover policy or when a shared account is used.
GDPR and The Karten Network – The Karten Network will be GDPR compliant across all aspects of operation. This includes the use of personal data in respective business activities and in any networking/sharing/practitioner exchange activity.