Privacy Statement
The Argyll District Salmon Fishery Board holds certain data for the purpose of fulfilling its statutory responsibilities under the Salmon and Freshwater Fisheries (Consolidation) (Scotland) Act 2003, which includes the protection of salmon fisheries within its district. We will only pass personal data to third parties without the consent of the data subject where it is necessary for us to do so in support of our statutory responsibilities. Data is held subject to our Data Handling Policy (see below). The Board’s responsible officer for data is Robert Younger and queries regarding this Privacy Statement should be directed to him.
Data Handling Policy
- The Board has rights and duties under the Salmon and Freshwater Fisheries (Consolidation) (Scotland) Act 2003 which necessitate the processing of data. The Board accepts that this is a data controller for the purposes of the General Data Protection Regulation and that is must comply the following six principles of personal data:
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate and relevant and limited to what is necessary
- Accurate and where necessary up to date
- Not kept in a way that people can be identified from it longer than is necessary
- Processed in a way that ensures appropriate security
- The Board’s officer responsible for compliance with GDPR is the clerk. They will maintain the Board’s databases in compliance with GDPR. The Board will hold five different databases:
- Fishing Proprietors within the district
- Mandatories of fishing proprietors
- A public task database held necessary to uphold the Board’s statutory duties
- A contract database with information required in fulfilment of those contracts
- A legitimate Interests database held subject to satisfaction of a ‘legitimate interests’ assessments (LIA assessment)
- The Board will audit its information annually to ensure that its data bases are compliant with the six principles of GDPR. The audit will ensure:
- The data is held in compliance with the act
- Data held is accurate
- That no more data is held than is necessary
- That data will be held only for so long as it is needed
After each annual audit the responsible officer will note that the audit has taken place and that he/she certifies the Board’s database as being compliant with GDPR.
- The Board will ensure that all the data held is securely stored. This will apply to physical copies of data as well as computer-based data.
- The Board will respond within 28 days to any written request by a data subject for details of information held by the Board on them.
- The Board will publish a privacy notice on its website.