The Hundred of Yetminster History Society
Data Protection Policy
Introduction
The Hundred of Yetminster History Society is a voluntary society as described in the terms set out in its Constitution and is a Data Controller within the UK. The Society uses the personal data given by members to help with the legitimate interests of running the Society.
Data Protection
Under the Data Protection Act 2018, which is the UK’s implementation of the General Data Protection Regulation (GDPR), The Hundred of Yetminster History Society has a legal obligation to follow the strict rules called Data Protection Principles and is required to make sure that information is:
- used fairly, lawfully and transparently;
- used for specified, explicit purposes;
- used in a way that is adequate, relevant and limited to only what is necessary;
- accurate and, where necessary, kept up to date;
- kept for no longer than is necessary;
- handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage.
- The Data
Personal data may include names, address details, email addresses, telephone numbers, records of entries to events, and such other information as may be necessary for the effective management of the Society’s business. Any member wishing to verify their personal data held by the Society may apply to the Secretary. Members resigning their membership of the Society may request any personal information held about them to be deleted immediately.
- Data Collection and Consent
New members of the Hundred of Yetminster History Society will ordinarily be asked to supply basic contact details to the Secretary or another officer, via the Membership Application Form to enable their membership to be managed efficiently. They will also be asked to read and agree to the Society’s Data Protection Policy.
- Data Processing, Recording, Storing and Security
Digital data will only be held on personal computers controlled by named Society officers and which are adequately protected by password/PIN access. Printed or handwritten records will be stored in dedicated files and kept separately from other personal material in a locked home.
- Sharing of Data
- Personal Data will only be used by elected club officers to allow them to carry out their legitimate designated role within the Society.
- Society officers will not provide members’ personal information to a third party unless explicit permission has been sought from, and granted by, the data subject.
- Routine Society announcements will normally take the form of an email to all members as a group. This will be managed by way of “Blind Copies” (Bcc) so that members’ email addresses are not visible to other members. Members may elect not to receive such circulations by informing the Secretary in advance.
- Electronic marketing material received by the Hundred of Yetminster History Society will not normally be forwarded to individual members unless an officer believes that it is consistent with membership of the Society and therefore in the members’ interests to see it. Members wishing to draw other members’ attention to issues of interest should ask the Secretary or another officer to circulate the details to other members on their behalf. The Society reserves the right to decide whether a request for circulation of information is appropriate.
- Altering Data
Data will be altered only on the request of the individual
- Data Breaches
Data breaches will be reported to the Secretary immediately and investigated without delay by an appropriate officer of the Society.
- Data Destruction
The Hundred of Yetminster History Society will destroy personal data held on paper and computer records one year after membership has ended or earlier if it is no longer relevant or required.
Each member can request at any time that their personal data is destroyed.
- Compliance
This policy will be reviewed by the Society Committee on an annual basis or where legislative change or a related incident requires further, immediate attention.