Personal data relates to a living individual who can be identified from it (the ‘data subject’.) The processing of personal data (including use) is governed by the General Data Protection Regulation (the “GDPR”) which is part of the Data Protection Act, 1998.
The Association has a legitimate interest in keeping members informed of its activities and even has a contractual obligation to do so. The GDPR is unclear on the scope of legitimate interest, but it is generally agreed that consent should be sought from non-members whose personal data is held by the Association, or if members’ data is shared outside the Association.
Personal data is used -
The Association complies with its obligations under the GDPR by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data.
All personal data will be treated as strictly confidential and will only be shared with other members of the Association in order to carry out a service to other members or for purposes connected with its activities. It will not be shared with third parties except with the data subject’s consent; it will not be sold.
Membership and mailing list data will be retained while it is still current; gift aid declarations and associated paperwork will be retained for 7 years after the tax year to which they relate.
This policy will be reviewed every 2 years.
Data subjects have the right -
Adopted May 2018
Mark Gibson, President | Helen Murphy, Secretary