GENERAL DATA PROTECTION REGULATIONS
Ogbourne St Andrew History Group collects, stores and processes limited, non-sensitive personal data about our members. We strive to discharge our legal obligations under the GDPR appropriately. As data users the Group’s Officers, Committee and Members are obliged to comply with this policy when processing personal data on the Group’s behalf.
DATA PROTECTION PRINCIPLES
Anyone processing personal data must comply with the eight enforceable principles set out in the Act. These provide that personal data must be:
Processed fairly and lawfully.
Processed for limited purposes and in an appropriate way.
Adequate, relevant and not excessive for the purpose.
Not kept longer than necessary for the purpose.
Processed in line with data subjects' rights.
Not transferred to people or organisations situated in countries without adequate protection.
The Group processes data relating to Club Officers, Committee Members and all Active and Inactive Members.
Data is held under written authority signed at the time of applying for membership or renewal.
The data held for our data subjects may include:
Date of joining / renewal
Full postal address
The collection of "Sensitive Data", i.e. items such as: date of birth, any financial information (including bank details), sexual orientation, ethnic origin, criminal record, political opinions, religious beliefs, etc. will not be undertaken.
The data will be reviewed regularly at every AGM and kept updated on membership renewal.
The data will be used by the OSAHG for purposes only in connection with the running of the Group, which includes communicating by post, telephone and email (which will always utilise the "bcc" option for general membership mailings). It will never for any reason be disclosed to third parties.
The data will be stored on a secure computer and/or a removable data storage device and/or in a ledger, and/or on Application Forms and Membership Data Update forms. Computer files will be password protected.
The data may be provided to Committee Members and other members by email or telephone when it is needed to facilitate the running of the club and provide the benefits of membership.
Members can apply to have their details removed from our stored records within 28 days by making a written request to the Secretary.
Non-Members on the mailing list can unsubscribe by using our contact us facility.
DESTRUCTION OF DATA
Electronic and paper data will be securely deleted/destroyed as soon as:
the member resigns, or
when it is no longer current or relevant or has otherwise served its purpose.
Further information concerning the GDPR may be found at: https://ico.org.uk/