Exchange2 Harleston


1. Exchange2 has established that it does not need to notify [register] as a Data Controller with the Information Commissioner in the UK under the provisions of the Data Protection Act 1998 as it is exempt because it is a not-for-profit organisation.

2. Under the terms of this exemption, Exchange2 agrees that:

  1. It holds personal information only for the purposes of communicating with, increasing or maintaining the number of trustees or volunteers of the charity and young people who attend events organised by the charity.

  1. Any personal information held will only be for those who are either trustees, volunteers of the charity and young people who attend events organised by the charity

  1. The only persons whose personal data is held will be those for whom the personal information is necessary in order to meet point (i)

  1. The only data held will be that necessary to meet point (i) above e.g.names, addresses, phone numbers, email addresses

  1. The club will not disclose any personal information, other than that made with the consent of the individual(s) concerned, to any third party

  1. Exchange2 will not keep personal information once the relationship between the charity and the individual(s) concerned ends

3. Exchange2 agrees to hold and process personal data in accordance with the eight basic Data Protection Principles, namely that data must be:

Fairly and lawfully processed;

Processed for limited purposes;

Adequate, relevant and not excessive;


Not kept for longer than is necessary;

Processed in line with your rights;

Secure; and,

Not transferred to countries without adequate protection.

4. In order to comply with the Data Protection Act 1998 all charity members who collect personal information; e.g. either by paper or electronic application forms, telephone calls, surveys or on-line on the web should ensure that an appropriate Data Protection Act statement is made. A suggested statement is:

Data Protection: the information supplied by individuals will be used solely for maintaining records of those who are either trustees, volunteers, employees or young people associated with Exchange2. These data will be maintained in accordance with the Act and will not be passed on or sold to any other organisation other than with the prior consent of the individual concerned.

5. Exchange2 may disclose personal data as required by law or if pertinent to judicial or governmental investigations.

Adopted: 7-January-2013

To be reviewed: January-2014