(i)
is carried out with the appropriate safeguards specified
under sections 22, 23, 26 and 27;
(ii)
is related only to individuals who are members of the
charitable entity or association, and
(iii)
does not involve disclosure of the personal data to a third
party without the consent of the date subject;
(c)
is in respect of the information contained in the personal
data made public as a result of steps deliberately taken by the
data subject;
(d)
26.
is required by law.
Use of personal data
The data controller shall ensure that personal data is (a)
kept only for one or more specified and lawful purposes for which
such data has been collected and processed;
(b)
not used or disclosed in any manner incompatible with the
purposes for which such data has been collected and processed;
(c)
adequate, relevant and not excessive in relation to the
purposes for which such data has been collected and processed;
and
(d)
not kept for longer than is necessary for the purposes for
which such data has been collected and processed.
27.
Security of personal data
(1)
A data controller shall –