ICO (Information Commissioner’s Office) Statement
The Chislehurst Society CIO is registered as a data controller with the ICO (Information Commissioner’s Office) and complies with all relevant data protection legislation. We take data protection and user privacy extremely seriously, you can read our privacy and data protection policy here. If you are ever concerned about information privacy and security, please feel free to contact our IT Department in confidence: firstname.lastname@example.org
GDPR (General Data Protection Regulation) came into effect on 25th May 2018. It has implications for how we handle your data and how we communicate with you.
The Chislehurst Society already takes all reasonable steps to ensure that data collected about its members is treated confidentially. Your Executive Committee believes that we comply with current data protection legislation.
Because of changes arising from GDPR we need to tell you how the Society handles your personal data and to explain how the changes will affect you and your relationship with the Society in the future.
In the UK, it is the Information Commissioner’s Office (ICO) which is responsible for enforcing data protection legislation. The Society is already exempt from some provisions of current data protection law but we are not aware any exemptions that might apply for small organisations such as ours under GDPR so we are working on the basis that there will be no such exemptions.
Membership information is shared with authorised representatives from TELITY™ Ltd to provide our membership management database. If you do not consent with data sharing you must contact us to cancel your membership immediately.
Payment information is handled exclusively by Stripe.
What is ‘personal data’?
Personal data is any information about you which allows us to identify you.
The Society keeps the following personal data about you:
- Your name and title
- Your address
- Your phone number and/or mobile phone number where you have provided one
- Your email address where you have provided one
- Details of membership subscriptions you have paid
- Details of any Gift Aid authorities you may have signed
- Details of any events you may have attended and payments you have made for admission tickets
- Details of any dietary requirements you have told us about when booking events where food is served – we usually only keep this information in the run up to an event and we will need to pass the information on to the establishment at which the event is being held.
- In addition, we may have retained emails that you have sent us to book events or ask questions about the Society and its activities.
- Your personal data is stored on a laptop operated by members of the Society’s committee on a need to know basis: that means information is usually only held by the Membership Secretary and Administrator but may also be accessed by the Chair, Treasurer and Secretary.
Membership records are stored securely. They are encrypted and password protected and regularly backed up, both on a stand-alone hard drive and ‘in the cloud’.
Some records, (e.g. membership forms and Gift Aid authorities, are retained in paper format and are held under lock and key by the Administrator.
We keep the information for as long as we deem necessary within the remit of the legislation. Membership details and Gift Aid authorities will be retained for as long as you are a member. We may also need to keep financial information for a period of six financial years after the end of the financial year in which the transaction occurred so that we can respond to enquiries from HMRC about our income or applications for Gift Aid.
We only use the information we keep to help us to administer the functions of a membership-based organisation and to notify you of our latest news, activities and events.
We may occasionally also tell you about events organised by others that we think may be of interest to members but we will not pass on your information to third parties without your permission unless we are required to do so in law.
You have a right to ask us to tell you what information we hold about you at any time. You can do this by writing to us at our postal address as shown below or by emailing us at email@example.com
You have the right at any time to correct any information we hold about you which is incorrect or out of date.
You have a right to cancel your membership at any time and ask for your details to be removed from our mailing lists. However we may need to keep details of payments you have made to us (and what for) even after your membership ends for financial and tax purposes.
How We Will Contact You
At the moment, when you join the Society, we add your name to our mailing lists and then keep you informed of the Society’s activities. As a minimum, we will continue to contact you about your membership of the Society and to remind you of when your subscription is due.
In addition, we will continue to tell you about our events and activities unless you ask us to stop.
We will also continue to tell you about society related events organised by other organisations in the local area where we think they will be of interest.
We will use our judgement and discretion to decide which events not organised by us that we tell you about.
Please bear in mind that we will usually only contact you in the way we do now.
This will usually be by email (if you have provided us with an email address), by post or hand delivery by road stewards. People who have provided us with an email address will receive information from us more frequently than people who have only provided us with a postal address.
Please keep a copy of the new policy for your records.