PURPOSE The purpose of the Policy is to ensure that The Cheltenham German Club (‘the Club’) complies with the law and best practice in respect of the data it holds relating to members including previous year members (‘Members’), guest speakers and other persons connected to the Club (‘Friends’).
SCOPE The Policy applies to
Members of The Cheltenham German Club whose usual meeting address is Parmoor House, Lypiatt Terrace, Cheltenham GL50 2SX all guests and guest speakers visiting Club functions. any other persons connected to the Club
PRINCIPLES The principles of data protection contained within the Policy ensure that personal information held by the Club
is held for specified legitimate purposes is processed fairly, lawfully and in a transparent manner is adequate, relevant and not excessive is accurate and up to date is not retained longer than is appropriate is processed in accordance with the Rules of the Club recognises the rights of the individual to whom the data relate is secure is not transferred to third parties without the express permission of the individual to whom the personal data relate
APPLICATION The Policy applies to information relating to identifiable individuals. This information includes, but may not be limited to:
Information about Members, provided upon application for annual Membership: name, postal address, phone number, email address, subscription records Information about guest speakers: name, phone number, email address obtained upon expression of interest Information about Friends: name, email address obtained by them volunteering to join the Club’s mailing list
We use this information to:
send out trailers, newsletters, information about the Club’s activities to Friends, these and AGM papers to Members manage Members’ subscriptions and contact Members, guest speakers and sometimes Friends on administrative matters contact Members and Friends about programme changes, special events and other matters of interest in accordance with the Club’s objectives
LEGAL BASIS FOR USING THESE DATA
Information about Members and guest speakers is used as identified above on the basis of legitimate interests as part of the natural process of running the Club in pursuance of the Club’s objectives and serving our Members. Information about Friends is used by consent.
INDIVIDUAL RIGHTS The Club respects individuals’ rights with regard to personal data that the Club holds. An individual may
request a copy of their personal information held by the Club request to have inaccurate personal data rectified request their data be restricted (that is, retained but not further processed) in certain specific circumstances identified in the General Data Protection Regulations object to their personal data being used for direct marketing where data are held on the basis of consent request personal data be erased where data are held on the basis of legitimate interests and the Club has no overriding legitimate interests nor legal obligation to continue this processing, object to the processing or request their personal data be erased
DATA SECURITY Personal information of Members, guest speakers and Friends, including records of consent, will be held by Committee members on paper or electronically under password protection and backed up.
Information about Members is retained as long as a person remains a member and up to one year thereafter except that subscription records within financial records are retained indefinitely. When ceasing to be a member we ask each person whether they wish to join the mailing list and become a Friend Information about guest speakers and Friends is retained until such person objects, requests erasure, withdraws consent or fails to renew consent when from time to time invited to do so
RESPONSIBILITIES The Club Committee is responsible for ensuring that The Club complies with its legal obligations and, insofar as this specific policy is concerned, the specific provisions of current Data Protection legislation. The Chairman has the ultimate accountability for maintaining this Policy and for ensuring that it is observed. The Club Committee will nominate one Committee member as Privacy Officer with responsibility to:
advise all other Members of their responsibilities in relation to data protection maintain the Policy and related data protection procedures ensure the Policy reflects current legislative requirements and best practice ensure the Committee members are fully aware of their legal responsibilities for data protection as outlined in the Policy react promptly to legitimate requests to access, modify or delete personal data held in respect of that individual
BREACHES OF POLICY Significant breaches of the Policy and related data protection procedures will be considered by the Club Committee and may be referred to the Information Commissioner’s Office.
REVIEW OF POLICY The Policy is to be reviewed annually by the Committee prior to AGM.
APPROVAL The Policy was approved by the Committee of the Club on 2 May 2018.