The Members agree to indemnify, defend and hold harmless the Trust, its directors, trustees, officers, employees, consultants, agents, and affiliates, from any and all third party claims, liability, damages and/or costs (including, but not limited to, legal fees) arising from their payment using this online platform, and/or from their breach of these Terms & Conditions or the API Rules .
New data protection legislation came into effect in the EU which aims to protect people’s privacy further. The new law applies to all public bodies, businesses and other organizations that process personal data. The legislation comprises the General Data Protection Regulation. This will provide a single regulation across the European Union (EU) and place obligations on organizations that operate outside of the EU but provide goods or services to EU citizens.
1. Our principles
- we will process all personal data fairly and lawfully
- we will only process personal data for specified and lawful purposes
- we will endeavor to hold relevant and accurate personal data, and where practical, we will keep it up to date
- we will not keep personal data for longer than is necessary
- we will keep all personal data secure
- we will endeavor to ensure that personal data is not transferred without adequate protection
As part of our process, we are reviewing and updating all our internal processes, procedures, data systems and documentation.
We will implement the relevant policies and practices to ensure we protect any data for our employees, customers, suppliers, partners and stakeholders, specifically including the following:
- employees have been made aware of data handling restrictions and obligations within it as may be relevant to them, with the relevant training provided as necessary. all new employees will receive awareness training as part of our induction program.
- suppliers who process personal data on behalf of API have been identified and asked to provide details of their state of compliance with the GDPR (where appropriate. Any new supplier will not be taken on unless we are satisfied that they comply with the new data protection regulations
3. Our actions to date
- We are reviewing and updating our range of policies, including our data protection policy.
- We have added SSL (single socket layer) protection on all pages of the API website.
- we are introducing mechanisms to identify a potential personal data breach, how these will be investigated and reported, where necessary within 72 hours
- we are undertaking a systematic review of the personal data we store, manage, maintain, collect, process and control
- we have assessed our lawful bases for processing data to ensure all personal data is processed lawfully, fairly and transparently
- we have introduced legitimate interest assessments where we rely on legitimate interest as the lawful basis for processing any personal data.
- we are raising the awareness and importance of data protection to our business and their individual responsibilities arising from this
- we are and will continue to look at ways of improving our systems and procedures