Data Protection Policy
PURPOSE
The purpose of the Policy is to ensure that The Cheltenham German Club (‘the Club’) complies with the law and best practice in respect of the data it holds relating to members including previous year members (‘Members’), guest speakers and other persons connected to the Club (‘Friends’).
SCOPE
The Policy applies to
(i) Members of The Cheltenham German Club whose usual meeting address is The New Club, 2, Montpellier Parade, Cheltenham, GL50 1UD
(ii) all guests and guest speakers visiting Club functions.
(iii) any other persons connected to the Club
PRINCIPLES
The principles of data protection contained within the Policy ensure that personal information held by the Club
(i) is held for specified legitimate purposes
(ii) is processed fairly, lawfully and in a transparent manner
(ii) is adequate, relevant and not excessive
(iv) is accurate and up to date
(v) is not retained longer than is appropriate
(vi) is processed in accordance with the Rules of the Club
(vii) recognises the rights of the individual to whom the data relate
(viii) is secure
(ix) is not transferred to third parties without the express permission of the individual to whom the personal data relate
APPLICATION
The Policy applies to information relating to identifiable individuals. This information includes, but may not be limited to:
(i) Information about Members, provided upon application for annual Membership:
name, postal address, phone number, email address, subscription records
(ii) Information about guest speakers:
name, phone number, email address obtained upon expression of interest
(iii) Information about Friends:
name, email address obtained by them volunteering to join the Club’s mailing list
We use this information to:
(i) send out trailers, newsletters, information about the Club’s activities to Friends, these and AGM papers to Members
(ii) manage Members’ subscriptions and contact Members, guest speakers and sometimes Friends on administrative matters
(iii) contact Members and Friends about programme changes, special events and other matters of interest in accordance with the Club’s objectives
LEGAL BASIS FOR USING THESE DATA
(i) Information about Members and guest speakers is used as identified above on the basis of legitimate interests as part of the natural process of running the Club in pursuance of the Club’s objectives and serving our Members
(ii) Information about Friends is used by consent
INDIVIDUAL RIGHTS
The Club respects individuals’ rights with regard to personal data that the Club holds. An individual may
(i) request a copy of their personal information held by the Club
(iii) request to have inaccurate personal data rectified
(iii) request their data be restricted (that is, retained but not further processed) in certain specific circumstances identified in the General Data Protection Regulations
(iv) object to their personal data being used for direct marketing
(v) where data are held on the basis of consent request personal data be erased
(vi) where data are held on the basis of legitimate interests and the Club has no overriding legitimate interests nor legal obligation to continue this processing, object to the processing or request their personal data be erased
DATA SECURITY
Personal information of Members, guest speakers and Friends, including records of consent, will be held by Committee members on paper or electronically under password protection and backed up.
DATA RETENTION
(i) Information about Members is retained as long as a person remains a member and up to one year thereafter except that subscription records within financial records are retained indefinitely. When ceasing to be a member we ask each person whether they wish to join the mailing list and become a Friend
(ii) Information about guest speakers and Friends is retained until such person objects, requests erasure, withdraws consent or fails to renew consent when from time to time invited to do so
RESPONSIBILITIES
The Club Committee is responsible for ensuring that The Club complies with its legal obligations and, insofar as this specific policy is concerned, the specific provisions of current Data Protection legislation.
The Chairman has the ultimate accountability for maintaining this Policy and for ensuring that it is observed. The Club Committee will nominate one Committee member as Privacy Officer with responsibility to:
(i) advise all other Members of their responsibilities in relation to data protection
(ii) maintain the Policy and related data protection procedures
(iii) ensure the Policy reflects current legislative requirements and best practice
(iv) ensure the Committee members are fully aware of their legal responsibilities for data protection as outlined in the Policy
(v) react promptly to legitimate requests to access, modify or delete personal data held in respect of that individual
BREACHES OF POLICY
Significant breaches of the Policy and related data protection procedures will be considered by the Club Committee and may be referred to the Information Commissioner’s Office.
REVIEW OF POLICY
The Policy is to be reviewed annually by the Committee prior to AGM.
APPROVAL
The Policy was approved by the Committee of the Club on 9 Jun 2024.