WARMINSTER MODEL BOAT CLUB
During 2018, the government introduced the General Data Protection Regulation (GDPR) in order to provide better data protection for individuals. The Club is obliged to apply the principles of this regulation in its general operation and in its handling of member’s personal data. The Data Protection Act 2018 came into force on 25th May 2018. The extracts below are from the www.gov.uk/data-protection website which explains the principles involved:
Everyone responsible for using personal data has to follow strict rules called the “data protection principles”. They must make sure the information is:
- Used fairly, lawfully and transparently;
- Used for specified, explicit purposes;
- Used in a way that is adequate, relevant and limited to only what is necessary;
- Accurate and, where necessary, kept up to date;
- Kept for no longer than is necessary;
- Handled in a way that ensures appropriate security, including protection against unlawful or unauthorized processing, access, loss, destruction or damage.
Under the Data Protection Act 2018, you have the right to find out what information the government and other organizations store about you. These include the right to:
- Be informed about how your data is being used;
- Access personal data;
- Have incorrect data updated;
- Have data erased;
- Stop or restrict the processing of your data;
- Data portability (allowing you to get and reuse your data for different services);
- Object to how your data is processed in certain circumstances.
The Club’s Implementation:
The following sections explain the steps the Club will take to comply with the above principles. As a model club, the primary function is to share knowledge, experience and activities in order to promote the hobby and to further the participation and enjoyment of the members. As such, the Club has no need to “process” your data in the way provided for in the legislation. Small Clubs (like ours) whilst not exempt from the principles involved are not required to register with the ICO (Information Commissioners Office).
What information we collect:
- Your name, home address, telephone number(s), e-mail address(es);
- This will be collected annually on the membership application form;
- You only have to provide your name and a minimum of one method of contacting you from the above set;
- You can at any time change, update or erase any of this information by a request to any member of the Club Committee. (Please allow at least one week for action to be taken);
- The status, amount and date paid of the individual’s annual subscription and joining fee where applicable. (This is to support the tracking and financial management of Club funds);
- You can view what data is held by request to any member of the Club Committee with advanced notice of at least one week.
What we do with this information:
- We use this information as general contact information within the Club so that we can keep you informed of Club events, rules and meetings and for the general smooth operation of the Club;
- We will not share any personal data with any outside organization, club or person without the express permission, in writing, (an e-mail is sufficient) of the individual concerned;
- We will not share any members contact information with other members unless specifically permitted to do so by means of an option selection on the membership application form;
- Personal data for any member who leaves the Club will be erased from our records within one week of the member leaving.
How we preserve the security of the data held:
- Data will be held on a password protected encrypted memory stick which is not permanently connected to a machine. Data will not reside in any other place or left on a host computer;
- There will be one “master” memory stick and only one nominated Club Officer will be allowed to update this master copy. Any other legitimate memory stick copy will not be regarded as definitive;
- There is a list of Club officers who are permitted to view the members data in digital format;
- Member’s data is never transmitted by e-mail between permitted Club Officers, only via memory stick;
- Only essential and a minimal number of Club Officers are entitled to hold a copy of the data;
- The list of members and contact details must only be circulated to other members in paper copy and only including the data permitted to be shared by the option selection information;
- Members receiving a paper copy of the list must be aware of the limitations imposed on its use. (Contact one member at a time – no mailing to multiple members is allowed);
- Any mailing to all Club members may be conducted by post but must be done by only one nominated Club Officer;
- Any mass e-mailing to Club members must be sent from the main Club e-mail address, blind copied to all members and by only one nominated Club Officer;
- The original paper membership application forms from which the digital data is compiled will be held for one year after which time they will be destroyed. Holding and access to these forms will be by one nominated Club Officer and the forms will not be accessible to other members of the Club.
- A first version of the Policy, prepared by the Club Committee, will be presented for discussion, revision and acceptance at the Club AGM;
- Subsequent necessary updates will follow the same process of acceptance;
- ico.org.uk – the official website of the Information Commissioners Office.
- gov.uk/data-protection – the government website for information about the Data Protection Act 2018.