Data Protection Policy
- Policy prepared by: Lancaster and Morecambe Walking and Social Group
- Approved by committee on:
In order to function, Lancaster and Morecambe Walking and Social Group (hereafter known as the ‘group’) needs to gather, store and use certain forms of information about members.
This policy explains how this data should be collected, stored and used in order to meet the groups data protection standards and comply with the General Data Protection Regulations (GDPR).
To whom and to what does this policy apply?
This applies to all those handling data on behalf of the group, e.g.:
- Committee members
It applies to all data that the group holds relating to individuals, including:
- Email addresses
- Postal addresses
- Home telephone numbers
- Mobile telephone numbers
- Members’ names, addresses, email addresses and telephone numbers will be collected when they first join the group, and will be used to contact the member regarding group administration and activities. Other data may also subsequently be collected in relation to their membership, including their payment history for subscriptions.
- The club will only collect and use personal data for specific, explicit and legitimate purposes, and will only use the data for those specified purposes.
- The club will ensure any data collected is relevant and not excessive.
- The club will ensure data is accurate and up-to-date to reflect the current membership.
- Any individual will be able to update their data at any point by contacting the Club Secretary.
- Details of lapsed members will be retained for a maximum of 12 months
- The club will ensure that membership data held is kept secure.
- Electronically-held data will be held within a secure environment.
- Physically-held data (e.g. membership forms or email sign-up sheets) will be stored securely.
- Access to data will only be given to the relevant committee members where it is clearly necessary for the running of the club.
- Under no circumstances will any member’s personal data be passed to a third party.
- Right to be informed: whenever the group collects data, it will provide a clear and specific privacy statement explaining why it is being collected and how it will be used.
- Right of access: individuals can request to see the data the group holds on them and confirmation of how it is being used.
- Right to rectification: individuals can request that their data be updated where it is inaccurate or incomplete.
- Right to object: individuals can object to their data being used for a particular purpose.
- Right to erasure: individuals can request for all data held on them to be deleted.
Member to Member Contact
- The group will only share members’ data with other members with the subject’s prior consent.
- As a membership organisation the group encourages communication between members. To facilitate this, the Secretary may provide contact details only as long as they are for the purposes of contacting the subject and the subject has consented to their data being passed to another member in this way.