AI Website GeneratorGeneral Data Protection Regulation (GDPR)
Background
GDPR
The EU General Data Protection Regulation (2016/679) known as GDPR came into force in the UK and other EU states on 25 May 2018. It affects anyone who holds personal data on someone who is alive and can be identified. It only applies to personal data if it is processed wholly or partly by automated means or is part of a sophisticated hard copy filing system.
DPB
The Data Protection Bill (DPB) will also be brought into force in the UK some time in 2018. This is effectively designed to treat the GDPR as a Directive rather than a Regulation, so the UK has something in place when we leave the EU. Overall the DPB is essentially a complete data protection system which will complement the GDPR.
E-privacy Regulation
A third piece of legislation will update the Privacy and Electronic Communications Regulations 2003 (PECR) and will probably be introduced at the end of 2018. The above new legislation is designed to update the Data Protection Act 1998 (DPA) and is needed because of the rate of change brought about by technology. The Club officials and committee members adhere to the following data protection policy:
Definitions
1. West Malvern Garden and Nature Club is hereafter referred to as WMGNC or “the Club”
2. Personal data is information about a person which is identifiable as being about them. It can be stored electronically or on paper, and may include images and audio recordings as well as written information.
3. Data protection is about how we, as a club, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.
Overall policy statement
1. WMGNC needs to keep personal data about its committee, members, speakers and supporters in order to carry out club activities.
2. We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the General Data Protection Regulation (GDPR) and other relevant legislation.
3. We will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need.
4. We will only collect, store and use data for:
a. purposes for which the individual has given explicit consent,
b. purposes that are in our club’s legitimate interests,
c. to comply with legal obligations,
5. We will provide members with details of the data we have about them when requested by them.
6. We will delete member’s data if requested to do so by them, or after a period of lapsed membership as defined in our procedures.
7. We will endeavour to keep personal data up-to-date and accurate.
8. We will store personal data securely.
9. We will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for the purposes stated above in para 4.
10. We will not share personal data with third parties, including other club members, without the explicit consent of the relevant individual, unless legally required to do so.
11. We will endeavour not to have data breaches. In the event of a data breach, we will endeavour to rectify the breach by getting any lost or shared data back. We will evaluate our processes and understand how to avoid it happening again.
12. To uphold this policy, we will maintain a set of data protection procedures for our committee and members to follow.
Data Protection Principles and Procedures
Introduction:
1. West Malvern Garden and Nature Club is hereafter referred to as WMGNC or “the Club”
2. WMGNC has a data protection policy which is reviewed regularly. In order to help us uphold the policy, we have created the following procedures which outline ways in which we collect, store, use, amend, share, destroy and delete personal data.
3. These procedures cover the main, regular ways we collect and use personal data. We may from time to time collect and use data in ways not covered here. In these cases we will ensure our Data Protection Policy is upheld.
4. There are eight Data Protection Principles laid down in the Act which set out the rules for dealing with personal data. These are listed below and apply to all organisations which handle and process personal data either on a computer or in a paper-based filing system. The Act requires the data controller to ensure that all personal data is dealt with in accordance with the ‘Eight Principles’ set out in the Data Protection Act.
Data Protection Principles
The eight principles of good information handling outlined in the act state that data must be:
Fairly and lawfully processed.
Processed for limited purposes.
Adequate, relevant and not excessive.
Accurate and up to date.
Not kept for longer than is necessary.
Processed in line with the data subjects rights.
Secure.
Not transferred to other countries without adequate protection
WMGNC Data Protection Procedures
1. Consent
1.1. Legal consent for the club to use personal data is freely given via the membership application form and show entry form. It may also be taken verbally by direct contact with the member concerned. We also hold the same details for non-members who enter our garden club shows or are otherwise involved with the club, as supplied by themselves. Contact details for all past and possible future speakers hired by the club are also retained. All members should have their attention drawn to the club’s privacy notice published on the website.
1.2. Children under 16 cannot give consent. Consent must be sought from the parent or guardian. It must be verified that the person giving consent is allowed to do so.
2. Data Collection and Usage
2.1. General.
We will not use data for a purpose other than those agreed by the member. If the data held by us are requested by external organisations for any reason, this will only be passed on with the member’s prior agreement.
2.2. Data Collected
We only hold sufficient information to enable the Club to function normally and to keep members informed of Club activities. We will monitor the data held by WMGNC at regular intervals to ensure that we hold sufficient data to enable us to function within the stated aims of the club and to ensure that no unnecessary data pertaining to the individuals is held. If excessive or unnecessary data is given or obtained it will not be incorporated into the Club records or, if it has previously been included in error, will be immediately deleted or destroyed. The membership data held by WMGNC comprises:
Name,
postal address,
telephone number (landline and/or mobile),
email address,
mailing/contact preference.
2.3. Use of Data
We hold the above details in order to establish and maintain membership, collect subscriptions, distribute our newsletter and other notices to members. It is also used to facilitate the running of club activities, including shows, outings, meetings and events. We will occasionally be requested by a member, or other third parties, to pass on information relating to an event relevant to the aims of the Club or that may be of interest to Club members. These will be passed on to members at the discretion of the appropriate Committee member.
2.4. Mailing List
We will maintain a mailing list. This will include the names and contact details of members who have opted to receive information on Club events as defined in paras 2.1 and 2.3.
2.4.1. When people sign up to the list we will explain how their details will be used, how they will be stored, and that they may ask to be removed from the list at any time.
2.4.2. We will not use the mailing list in any way that members have not explicitly consented to.
2.4.3. We will provide information about how members can be removed from the list with every mailing.
2.5. Data Sharing
Members personal data is not shared with any other group or organisation. A member’s personal data will not be shared with other members without their explicit consent.
2.6. Accuracy of Data
We will show our members a copy of their data once a year so that their information can be confirmed or updated where relevant. This will normally occur at membership renewal time. All amendments will be made immediately and data no longer required will be deleted or destroyed. It is the responsibility of the members and the club to ensure that the data held by us is accurate and up to-date. Completion of a Membership Application form (provided by the Club) will be taken as an indication that the data contained is accurate. Individuals should notify us of any changes, to enable personnel records to be updated accordingly. It is the responsibility of the Club to act upon notification of changes to data, amending them where relevant.
2.7. Data Storage
The information is mainly stored in digital form on a Committee Member’s Personal Computer and also in the form of written documents normally held by the Membership Secretary.
2.8. Data Protection
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of data. All data is held securely by committee members who have access to it. Firewalls and virus checkers are used on computers, equipment is password protected, operating systems are updated and equipment is disposed of securely. A separate and unique password, known only to Committee members with a need to access member’s personal data, is used to protect the Contact Database file itself. This password will be changed if any Committee member, who has had access to this password, resigns or is not re-elected. All paper based personal and financial data is kept at a secure location and can only be accessed by the Committee member responsible.
2.9. Data Retention
2.9.1. We discourage the retention of data for longer than it is required. Data will be held for the duration of the member’s annual membership and for a period of 2 years after their last subscription unless we are formally asked to remove their details (by email or letter) in which case it will be removed within one month of the receipt of the request. The 2 year extension is to allow us to keep the member informed of club activities in the event of an oversight on their part or a short term absence that precludes them from attending club events. If membership has not been renewed within this extended period then all personal data will be removed from all our membership files both hard copy and computer data-base. The WMGNC membership year commences every September.
2.9.2. If data needs to be deleted the Chairman, web page manager, newsletter editor, membership secretary and show secretary must be informed.
2.10. Photography and Local Media.
WMGNC reserves the right to publish group photographs taken at Club organised events on our website, in our Newsletter or in the local press to further promote the Club. Photographs of named members, or where they are the main subject of the photograph, will not be used without their prior consent. The Club also reserves the right to publish the names of winners of any Club organised event in the media referenced above (e.g. the Annual Show).
2.11. Data Transfer
In the unlikely event that there is a need to transfer data to countries outside the European Economic Area, it will not be done without the explicit consent of the individual concerned. The WMGNC takes particular care to be aware of this when publishing information on the Internet, which can be accessed from anywhere on the globe.
3. Responsibility
3.1. Under the GDPR, the Club does not have to satisfy the statuary requirement to have a named Data Protection Officer. The Club Chairman is the point of contact for queries relating to Data Protection.
3.2. Overall and final responsibility for data protection lies with the WMGNC committee, who are responsible for overseeing activities and ensuring this policy is upheld.
3.3. All Club members, or any other person temporarily involved with Club activities, are responsible for observing this policy, and related procedures, in all areas of their work for the Club.
4. Members Rights
Members have the right to be given a copy of their data, and information about how it is being used. This must be provided within one month of a request. They also have a right to have their information amended or deleted within one month of a request (unless it needs to be kept for legal reasons).
5. Committee Members Use of Data
5.1. The committee need to be in contact with one another in order to run the organisation effectively and ensure its legal obligations are met.
5.2. Committee contact details will be shared among the committee.
5.3. Committee members will have access to all members’ personal data held by WMGNC as and when necessary to perform their roles within the Club.
5.4. Committee members will not share each other’s or any members, contact details with anyone outside of the committee, or use them for anything other than to facilitate the efficient functioning of the WMGNC, without explicit consent.
6. Review
These procedures will be reviewed every two years
First published January 2019
West Malvern Garden & Nature Club - Privacy Notice
Introduction
The EU General Data Protection Regulation (2016/679) known as GDPR.
We have updated our privacy statement in line with new regulations which come into force in the UK and other EU states on 25 May 2018. This is published on our website www.WMGNC.uk or hard copies can be obtained by emailing the club at info@WMGNC.uk. The privacy notice explains how we collect, store and handle your personal data. We are fully committed to treating your data with care, holding it securely, using it appropriately, only retaining it for as long as necessary and taking steps to protect it. You have many rights regarding your personal data, including seeing what data we access and updating your information.
Vic Frampton, Chairman. 9 November 2018
Privacy Notice
The data we hold consists of names, postal addresses, telephone contact details and email addresses. We hold these details in respect of our members as supplied by themselves. We also hold the same details for non-members who enter our garden club shows or are otherwise involved with the club, as supplied by themselves.
The lawful basis for processing personal data is the consent of the individual. By submitting the Membership Application form, the Member is consenting to receiving information about the club by post, email/MMS, online or phone as indicated on their completed Membership Application form. Your data will not be shared with any third party and the principles of the Data Protection Act 1988 will be adhered to.
We hold the above details in order to establish and maintain membership, collect subscriptions, distribute our newsletter and other notices to members and generally run our club activities including shows, outings, meetings and events.
The data is physically and electronically securely stored, and only available to serving officers (Committee Members) of the club. Any member or show entrant has the right to inspect his or her entry, restrict it, or have it erased.
Data held by the club will not be passed on to any third parties without their prior permission. However names (but no other details) of members, or non-members, may be referred to in our newsletter or on our website. We reserve the right to publish group photographs taken at Club organised events on our website, in our Newsletter or in the local press to further promote the Club. Photographs of named members, or where they are the main subject of the photograph, will not be used without their prior consent.
Individuals who leave the club will have their data deleted within 2 years from the date they cease to be a member of the club (it will be assumed that a member has left the club if membership fees have not been payed). Non-members will have their data deleted within 2 years following the supply of data.
Under the GDPR, the Club does not have to satisfy the statuary requirement to have a named Data Protection Officer. The Club Chairman is the point of contact for queries relating to Data Protection.
Our contact details are at: info@WMGNC.uk
AI Website Generator