The Fareham Society Data Protection Policy
1. Privacy Statement
The new data protection act came into effect on 25th May 2018. The General Data Protection Regulation (GDPR) is a new, European-wide law that replaces the Data Protection Act 1998 in the UK. It places greater obligations on how organisations handle personal data.
What information does the GDPR apply to?
The GDPR applies to ‘personal data’. This is data which an organisation holds which would allow an individual to be identified
How does this affect organisations like the Fareham Society?
We have a duty to ask our members for their consent for their personal data to be processed.
What data the Fareham Society collects and processes.
As a member of the society we ask you for some information when you join (Personal Data). We use this data to communicate with you when we have an issue in connection with subscriptions and to produce address labels for our magazines The information we collect includes your name, address, email address and phone numbers. The data is only accessed by the membership secretary, secretary and treasurer. It is stored in a secure location. We do not share your data with any third party. Your rights for your data include the right to withdraw consent to the society storing and using your data (processing) and correction or deletion of the data. When you leave the society most of your data will be stored for two years and then deleted. However data required by HMRC will be stored for longer as this is a legal requirement. We have modified our application/ renewal forms so that they allow us to note your consent to process your personal data in this limited way.
If you have completed a gift aid form, which we encourage you to do as gift aid is a valuable source of income for us, then some information (title, surname, house number/name, postcode and amount of donation) will be shared with HMRC.
The Information Controllers office (ICO) has excellent information on the GDPR and your rights as an individual if you wish to do more research!
The Society can be contacted c/o 17 Veryan Fareham PO14 1NN
Membership form and Gift aid forms have been up dated so that they include consent to use date given to us in the above ways.
3. The Right to be forgotten
- The GDPR introduces a right for individuals to have personal data erased.
- The right to erasure is also known as ‘the right to be forgotten’.
- Individuals can make a request for erasure verbally or in writing.
- We have one month to respond to a request.
- The right is not absolute and only applies in certain circumstances.
- Members who request that their personal data be erased will not then receive a newsletter.
- Any details of membership fees paid will need to be kept for 2 years from 1st April after the request was made
- Any data required for Gift Aid must be kept for 6 years from the last Gift Aid claim
4. Storage Limitation
- We must not keep personal data for longer than we need it. Lists used for such things as Summer walks, Christmas Function should be destroyed as soon as not required.
- Membership data should be reviewed periodically and anonymised 2 years after the curtailment of membership (i.e. store surname and membership type/fee for statistical purposes).
5. Data integrity
- We must ensure that data is accurate and updated when appropriate. All data stored electronically must be secure, password protected etc
- Data which is stored in paper form, membership forms and gift aid forms in the main, but will also include news letter distribution lists must be stored as securely as possible, reviewed regularly and destroyed when appropriate
Last updated 3 May 2023