Data Protection Policy

3. Definitions of data protection terms

3.1 The following terms will be used in this policy and are defined below:

3.2 Data Subjects include all living individuals about whom we hold personal data, for instance an an IAP Officer, a Division Officer, IAP or Divisional support staff, a person or group applying for funding. All data subjects have legal rights in relation to their personal data.

3.3 Personal Data means any information relating to a living person who can be identified directly or indirectly from that information (or from that information and other information in our possession). Personal data can be factual (such as a name, address or date of birth) or it can be an opinion (such as a performance appraisal). It can also include an identifier such as an identification number, location data, an online identifier specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.

3.4 Data Controllers are the people who, or organisations which, decide the purposes and the means for which, any personal data is processed. They have a responsibility to process personal data in compliance with the Legislation. The IAP is the data controller of all personal data that we manage in connection with our work and activities.

3.5 Data Processors include any person who processes personal data on behalf of a data controller. Employees of data controllers are excluded from this definition but it could include other organisations such as website hosts, fulfilment houses or other service providers which handle personal data on our behalf.

3.6 European Economic Area includes all countries in the European Union as well as Norway, Iceland and Liechtenstein.

3.7 ICO means the Information Commissioner’s Office (the authority which oversees data protection regulation in the UK).

3.8 Processing is any activity that involves use of personal data, whether or not by automated means. It includes but is not limited to:

  • (a) collecting;
  • (b) recording;
  • (c) organising;
  • (d) structuring;
  • (e) storing;
  • (f) adapting or altering;
  • (g) retrieving;
  • (h) disclosing by transmission;
  • (i) disseminating or otherwise making available;
  • (j) alignment or combination;
  • (k) restricting;
  • (l) erasing; or
  • (m) destruction of personal data.

3.9 Sensitive Personal Data (which is defined as “special categories of personal data” under the GDPR) includes information about a person's:

  • (a) racial or ethnic origin;
  • (b) political opinions;
  • (c) religious, philosophical or similar beliefs;
  • (d) trade union membership;
  • (e) physical or mental health or condition;
  • (f) sexual life or orientation;
  • (g) genetic data;
  • (h) biometric data; and
  • (i) such other categories of personal data as may be designated as “special categories of personal data” under the Legislation.