General Data Protection Regulation 2018 Policy Statement

This statement sets out the Club’s policy on Data Protection in order to comply with our
requirements under the General Data Protection Regulation (GDPR) which applies in the UK from 25 May 2018.

What personal information do we hold?
The Club holds personal information about its members, which was provided in the
application forms to become members or renew membership.
This includes:
 Name:
 Home address and telephone number;
 Email address (if applicable);
 Payment and attendance records;
 Details of periods served as an officer, committee member or working group member.
Who holds and how is the personal data used?
Data is securely held by the Treasurer and shared between Committee members as
necessary to facilitate the operations of the Club. All members of the Committee are
requested to ensure that any data which comes into their possession is treated confidentially within the Club.
Members’ personal information will never be passed to third parties [unless required by law].
When a member ceases to be a member of the Club his/her personal data will be removed
as soon as practicable.

Members’ Rights
Members have the right to know what personal data the Club holds on them and can
ascertain same upon request to the Treasurer who will inform them of the data held as soon as possible, but at the latest within one month. [The information will be sent to the email address or the home address that is held on our database.]
Members will be notified in the event of any data breach being suffered by the Club.
Members can withdraw their consent at any time upon notification to the Secretary..
Authority to hold the data.
Under the General Data Protection Regulations, the Society is not permitted to hold data on members’ implied consent basis and consequently, each member must give the Club their specific consent.
May 2018