Data protection policy.
The Chair of Bude Marine Group under the new EU ruling (GDPR), is considered to be the ‘Controller’ of the processes we use to ensure data protection compliance. The Secretary is the ‘Processor’ who stores or uses such information and keeps records of permission. Both of these roles carry a legal duty of care to ensure we act within the law.
This document explains what data is, how we use it, what we require from you and what you can ask of us.
What is personal data?
Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Including name, identification number, location data or online identifier.
The data we might hold falls into four categories;
Category A; Details of elected members holding a title in the group management.
Category B; An optional electronic contact address and name for our mailing list.
Catagory C; Compulsory name and emergency contact details for each person (unless part of a family group where only one is required) attending a member’s event or official meeting.
Category D; Compulsory name, age (if under 18) home address and emergency contact details for any volunteer acting officially on the group’s behalf at an event or meeting.
How we store, obtain and use data;
Category A. It is a requirement that elected members give a full name, address and one additional contact method to all other elected management members. This is held only by those named elected members or transmitted (with consent) to any party where the member is asked to sign a document on behalf of the group as part of their elected role. This information is held for the duration of office plus 1 year unless an incident, accident or insurance claim is made in that period that requires such data to be held for a longer period.
Category B. Written consent is optionally given by the member to the Secretary to allow the storage and sharing of their data with the Chair for group information communication by email. This data is checked as being valid (request made to the member in May) on an annual basis. Group mail is sent BCC to ensure privacy.
Category C, Emergency contact number to be used in the event of an accident or illness during an event or meeting. This information is held on paper for 48 hours and then destroyed by shredding or burning. Unless an incident or accident was recorded at the event (Details will then be subject to any insurance or statutory requirements).
Category D. All volunteers officially acting on the group’s behalf must provide all personal details requested. This information is held by the Chair and Secretary for 5 years and then either renewed with written permission or destroyed.
Storage of data, your rights and other information.
All information is stored electronically on home-based computer hard drives, or transportable memory devices kept within the home. Not in any cloud or offsite storage facility. It is a requirement that any such computer is protected by a recognised manufacturer installed or third-party antivirus programme. Data is never distributed to third parties including CWT or shared or used in any other way without consent.
Once data has been held for the relevant time period indicated it is destroyed by being erased from any computer/device holding it unless written consent is given to retain for a further period.
Data held on social media (posts made by members) is removable by the poster at any time. Personal identification details other than first names (if over 18) are not used on the website without first requesting permission. Photographs used are subject to permission of all pictured (unless incidental).
Any person except elected members remaining in the post can request all data to be removed from all records (except in legal documents signed in office on behalf of the group or any insurance claim or other investigation pending). Requests must be made in writing to the Chair or Secretary by the person requiring data to be removed. Any person can ask to see their own data at any time, we will ensure such requests are dealt with within one calendar month or sooner.
Privacy notices; Any correspondence which requests data will include a privacy statement and legal reason for requesting such data. It will also indicate your rights to withdraw consent or see your data.
Mark Fellows, Chair Bude Marine Group. 11/5/2018