Summary
A new EU General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. This new regulation changes the way that businesses,charities and other organisations process personal data. It will mean that Privacy notices will be more transparent, consumer rights will be increased and data breaches will have to be reported within 72 hours of becoming aware of them.
Consumers will have more control over how their personal data is stored and used with the ability to view their personal data held by an organisation, change that data and in certain cases, have that data deleted. This privacy policy explains what personal data the Spalding and District Amateur Radio Society (the Society)collects, why we hold that data, how we use that data and how you can view, change and delete that data.
Personal Data that we hold
Personal data is anything that allows a living person to be directly or indirectly identified. The Society holds a minimal amount of personal data about Members, Trainees, Guests, Suppliers and other organisations. This data has been given freely through membership forms, training application forms, invoices, receipts, visitors book, phone calls, emails, texts or by some other means.
The personal data that the Society has received from members, suppliers and guests is a person’s name and contact data. The contact data would be one or more of the following:
- Email address(s).
- Phone number(s).
- A postal address.
- Amateur radio callsign(s), if applicable.
For amateur radio courses the Society need to have additional information from trainees in the form of a RSGB Candidate Application Form (RSGB Ref: EX200 CAF-All levels – July 2017). Trainee personal data given using this form will be administered by the trainers and will be kept separately from other personal data. All members’ personal data is to be confirmed on renewal of membership after the AGM.
Who has access to the Data?
Only current committee members have access to the personal data of members, suppliers and guests.
Only trainers have access to trainee personal data.
Any requests for Personal information must have a legitimate reason which must be confirmed by reference to the individual member, supplier, volunteer, guest or trainee to provide the reason for the request and to seek permission to use their data.
Why do we hold this information?
The Society uses the personal data for communication purposes to keep members of the Society informed of events, administration of supply contracts and to advise members of the Society’s affairs.
The Society will endeavour to keep all information as up to date as possible and will send reminders to this effect at least once a year.
The Society receive occasional requests from the RSGB to confirm that a person is a member. Typically, this is for RSGB competition administration. The information released is the member’s name, callsign and membership status.
Trainee personal data will be used solely for the administration of training courses and for submission to the RSGB (and subsequently to Ofcom) for examination and licence administration.
Processes
The Society holds personal contact data in a spreadsheet which is maintained by the Society’s Treasurer. All members on our database will be contacted by email (or letter in those cases where we hold no email address) with a copy of this policy and a request to reply to the Treasurer giving consent to the Society holding their personal data. The Society will not make any personal information available to third parties without the consent of the person concerned.
Subject Access Request
A member may, at any time, request to see what information the Society keep about them by contacting the Society’s Treasurer or Secretary.
Right to be Forgotten
Members may, at any time, request removal of their personal information from the database by contacting the Society’s Treasurer or Secretary. It should be noted that in order to remain a member of the Society the member’s name and some form of contact information will need to be held in the database.
Data Breaches
The Society will report any data breaches of the personal data to the relevant authorities within 72 hours of becoming aware of a data breach. An investigation into the breach will be carried out by the Committee and its findings reported to the membership.
Details of the breach will be reported to the ICO (Information Commissioner’s Office) which is the UK’s independent body set up to uphold personal information rights.
Data Protection Links
- Click here to go to the EU General Data Protection 2016 (GDPR)
- Click here to go to the GDPR portal.
- The ICO webpage for reporting a concern can be found at https://ico.org.uk/concerns/
Change Log
May 2018 – Document initially drafted for committee approval.