DEMU Data Protection Policy
The society data protection policy sets out our commitment to protecting members personal data and how we implement that commitment with regards to the collection and use of personal data. This policy is in accordance with current Data Protection Legislation.
We are committed to:
- Ensuring that we comply with the eight data protection principles, as listed below.
- Meeting our legal obligations as laid down by the Data Protection Act.
- Ensuring that data is collected and used fairly and lawfully.
- Processing personal data only in order to meet our society needs or fulfil legal requirements.
- Taking steps to ensure that personal data is up to date and accurate.
- Establishing appropriate retention periods for personal data.
- Ensuring that data subjects’ rights can be appropriately exercised.
- Providing adequate security measures to protect personal data.
- Ensuring that the Management Committee are responsible for data protection compliance and provides a point of contact for all data protection issues.
- Ensuring that the Management Committee and other Officers are made aware of good practice in data protection.
- Ensuring that queries about data protection, internal and external to the society, are dealt with effectively and promptly.
- Regularly reviewing data protection and guidelines within the society.
Data protection principles:
- Personal data shall be processed fairly and lawfully.
- Personal data shall be obtained for one or more specified and lawful purposes and shall not be further processed in any other manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any other purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act.
- Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of data.
Type of data collected:
The society will collect the following data for each member: name, postal & email address, and phone numbers. These details being those used to contact members to carry out their subscriptions.
Storage of data:
Data is held on memory sticks held by the Membership Secretary. One is used as a back-up with both being protected by encryption.
Use of data:
Members data is used to forward a member’s information pack on joining the society. To forward the society UPDate magazine, occasional newsletters, periodically, together with notice of the Annual General Meeting, or other meetings or events when appropriate. To facilitate partaking in the society online forum if chosen to join. To handle the administration of subscriptions, including notification of the expiry of same, donations, respond to members enquires, and to communicate between members of the Management Committee, Other Officers and Area Group Coordinators. To deal with any enquiries and complaints made by or about any member(s) relating to the society in general. From time to time the society might conduct a survey of individual members views. While it will be necessary to have a list of contributors until the process is completed, results will be analysed in summary form such that no published information is traceable to a member.
Sharing Data outside of the Society:
Except for the printing company to send UPDate to members, data is never disclosed to any third party except in the unlikely event that we are legally bound to do so by any regulatory and/or government body and/or law enforcement agency.
The legal basis for processing data:
The most suitable method for the society is contract fulfilment, by being a member of the society, they are buying a contract, for membership benefits including UPDate and the forum. We use the members data to carry out the contract.
Members choice of use of Data:
Members will be informed when taking out a membership or renewing a membership that their data is only used for the fulfilment of their membership.
Retention and deletion of data:
When a membership is ended or lapses to the society, their data will be held for a period of 6 years before being deleted. This is due to financial record keeping.
Summary of Policy:
The society will hold limited personal data, which can only be used for specific tasks (stated above), data will be stored safely, and when a member leaves the society the data will be retained for the shortest period necessary before being deleted.
DEMU Data Protection Policy June 2020
Note added to membership renewals:
Your personal data will be held for DEMU to use as part of the administration procedures to provide your membership. The Data Policy can be obtained at URL link.