PURPOSE
The purpose of the Policy is to ensure that The Cheltenham German Club (‘the Club’) complies with the law and best practice in respect of the data it holds relating to members including previous year members (‘Members’), guest speakers and other persons connected to the Club (‘Friends’).

SCOPE
The Policy applies to

Members of The Cheltenham German Club whose usual meeting address is Parmoor House, Lypiatt Terrace, Cheltenham GL50 2SX
all guests and guest speakers visiting Club functions.
any other persons connected to the Club


PRINCIPLES
The principles of data protection contained within the Policy ensure that personal information held by the Club

is held for specified legitimate purposes
is processed fairly, lawfully and in a transparent manner
is adequate, relevant and not excessive
is accurate and up to date
is not retained longer than is appropriate
is processed in accordance with the Rules of the Club
recognises the rights of the individual to whom the data relate
is secure
is not transferred to third parties without the express permission of the individual to whom the personal data relate


APPLICATION
The Policy applies to information relating to identifiable individuals. This information includes, but may not be limited to:

Information about Members, provided upon application for annual Membership: 
name, postal address, phone number, email address, subscription records
Information about guest speakers:
name, phone number, email address obtained upon expression of interest
Information about Friends:
name, email address obtained by them volunteering to join the Club’s mailing list

We use this information to:

send out trailers, newsletters, information about the Club’s activities to Friends, these and AGM papers to Members
manage Members’ subscriptions and contact Members, guest speakers and sometimes Friends on administrative matters
contact Members and Friends about programme changes, special events and other matters of interest in accordance with the Club’s objectives



LEGAL BASIS FOR USING THESE DATA

Information about Members and guest speakers is used as identified above on the basis of legitimate interests as part of the natural process of running the Club in pursuance of the Club’s objectives and serving our Members.
Information about Friends is used by consent. 



INDIVIDUAL RIGHTS
The Club respects individuals’ rights with regard to personal data that the Club holds. An individual may

request a copy of their personal information held by the Club
request to have inaccurate personal data rectified
request their data be restricted (that is, retained but not further processed) in certain specific circumstances identified in the General Data Protection Regulations
object to their personal data being used for direct marketing
where data are held on the basis of consent request personal data be erased
where data are held on the basis of legitimate interests and the Club has no overriding legitimate interests nor legal obligation to continue this processing, object to the processing or request their personal data be erased


DATA SECURITY
Personal information of Members, guest speakers and Friends, including records of consent, will be held by Committee members on paper or electronically under password protection and backed up.

DATA RETENTION

Information about Members is retained as long as a person remains a member and up to one year thereafter except that subscription records within financial records are retained indefinitely. When ceasing to be a member we ask each person whether they wish to join the mailing list and become a Friend
Information about guest speakers and Friends is retained until such person objects, requests erasure, withdraws consent or fails to renew consent when from time to time invited to do so



RESPONSIBILITIES
The Club Committee is responsible for ensuring that The Club complies with its legal obligations and, insofar as this specific policy is concerned, the specific provisions of current Data Protection legislation.
The Chairman has the ultimate accountability for maintaining this Policy and for ensuring that it is observed. The Club Committee will nominate one Committee member as Privacy Officer with responsibility to:

advise all other Members of their responsibilities in relation to data protection
maintain the Policy and related data protection procedures
ensure the Policy reflects current legislative requirements and best practice
ensure the Committee members are fully aware of their legal responsibilities for data protection as outlined in the Policy
react promptly to legitimate requests to access, modify or delete personal data held in respect of that individual


BREACHES OF POLICY
Significant breaches of the Policy and related data protection procedures will be considered by the Club Committee and may be referred to the Information Commissioner’s Office.

REVIEW OF POLICY
The Policy is to be reviewed annually by the Committee prior to AGM.

APPROVAL
The Policy was approved by the Committee of the Club on 2 May 2018.