FRIENDS OF HEREFORDSHIRE ARCHIVES
Registered Charity No. 519223
Approval
The FHA Data Protection Policy was approved at the AGM on 25 May 2018.
Introduction
This statement of policy has been prepared in compliance with the General Data Protection Regulation (GDPR) promulgated by the Office of the Information Commissioner (ICO) to take effect from 25th May 2018. The GDPR replaces the Data Protection Act 1998.
The GDPR strengthens the rules governing the retention and use of personal data and requires organisations to be more accountable and open. It is important that all members of the FHA Committee are aware of our Data Protection Policy and that all Members of the FHA understand and consent to our retention and use of their personal information.
Information Held
The FHA maintains a membership list comprising names and addresses as a minimum, and where these are also supplied telephone numbers and email addresses. There will only be one authoritative membership list at any one time, held on the personal computer of the Hon. Membership Secretary.
Individual membership of the FHA is not open to children.
A copy of this membership list will be supplied, either by email or in hard copy, to the Chairman and Hon. Treasurer for their respective use. Under no circumstances may any membership list or personal data, whether current or superseded, be supplied to or held by anyone else in any format. Superseded membership lists in hard copy are to be shredded or burned.
Individuals’ personal information is to be deleted from the list when they cease to become a Member of the FHA. Additionally, where telephone numbers and/or email addresses have been supplied, these will be deleted
from the list on request.
Privacy Notices and Rights
Privacy Notices, including provision for consent or refusal, will be supplied to new Members of the FHA and to existing Members when necessary, eg following a change in the GDPR or the FHA Data Protection Policy. The Privacy Notice will record the personal information to be held and the limitations on how it might be used. It will also confirm data retention periods and individuals’ rights, including how to complain to the ICO if there is any problem with how the FHA handles their data. The FHA Privacy Notice is attached at Appendix 1.
With regard to the personal data of Members of the FHA and its use, individuals have the following rights:
- to be informed;
- to access, amendment, rectification or deletion;
- to data portability, electronically or by letter;
- to restrict or prevent data processing;
- to object including exemption from automated decision making including profiling.
Requests will be answered in full within one month of receipt. No reasonable request will ever be refused or charged for.
Consent
Individuals’ consent to the retention and us of their data will invariably be specific, informed and unambiguous. The FHA Consent Form is attached at Appendix 2.
Use of Data
The FHA Data Controller will be the Hon. Membership Secretary. He or she will use individuals’ data to record their membership, to issue any necessary reminders and to forward the periodical Newsletters. Where an email address has been supplied, subject to consent it will be used to publicise events and activities and may be used for correspondence.
The Hon. Treasurer will use Members’ data to record their membership subscriptions and to issue any necessary reminders.
The Hon. Chairman will use individuals’ data to monitor membership levels and, subject to consent, for correspondence and/or emails on matters of interest or concern to the FHA as a whole.
Individuals’ personal data will be used for no other purposes. Membership information will not ever be used for data processing.
Data Breaches
Data will be protected by design and default, under the terms of this Policy.
It is unlikely that a breach of personal data will occur but if it does it is to be reported initially to the Hon. Chairman, who will then investigate thoroughly and promptly in consultation with the Hon. Membership Secretary. The results of the investigation are to be reported to the FHA Committee for decision on how best to prevent any recurrence.
In each case, the individual(s) concerned are to be informed.
In the event of a breach which could result in a risk to the rights and freedom of any individual, the breach is to be reported to the ICO.
Data Protection Officer
The Data Protection Officer for the FHA will be the Hon. Membership Secretary.
Appendices:
- Privacy Notice
- Consent Form