Lorn Natural History Group


DATA PROTECTION POLICY

This policy is compliant with the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018.
 


GDPR PRINCIPLES TO BE FOLLOWED BY ORGANISATIONS

1. Lawfulness, fairness and transparency:
Transparency: Tell the individual what data processing will be done.
Fairness: What is processed must match up with how it has been described.
Lawfulness: Data processing must meet one of the tests described in the Regulation. GDPR will also strengthen individual’s rights including the right of access, to be informed, to rectification and to be forgotten. It emphasises making privacy notices understandable and accessible.

2. Purpose limitation: Personal data collected for one purpose should not be used for a new, incompatible purpose.

3. Data minimisation: You should only collect personal data that is relevant, and it should be limited to what is necessary in relation to the purposes for which you are processing the data.

4. Accuracy: You are responsible for taking all reasonable steps to ensure that personal data are accurate.

5. Storage limitation: Personal data should not be retained for longer than necessary in relation to the purposes for which they were collected.

6. Integrity and confidentiality: Organisations are responsible for ensuring that personal data are kept secure, both against external threats (e.g. malicious hackers – always password protect computers and documents) and internal threats (e.g. internal data sharing to unsecure locations). Procedures must be in place to detect and report a personal data breach. GDPR brings a duty to notify the ICO (Information Commissioners Office) within 72 hours if a personal data breach is suffered.
 


For further information see
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/


WHAT LNHG WILL DO IN PRACTICE TO REMAIN COMPLIANT WITH GDPR

1)    Data here applies to that held in both electronic and printed formats.

2)    LNHG will not use the data for any other use than to inform members about the activities of the group, to inform them that their subscription is due for renewal, and for LNHG to keep track of current membership and membership income.

3)    Additionally, contact data may be used in the event of an emergency occurring during an LNHG event or activity.

4)    LNHG will at no time pass on the data to third parties.

5)    LNHG will only hold personal data on individuals who have agreed to be members of LNHG.

6)    The data to be held will be that necessary to communicate with members and maintain their membership, which at a maximum will be:
       – Title, first name, surname
       – Postal address
       – Email address/es
       – Telephone number/s (mobile & landline)
       – Date of membership subscription payment
       – Method of payment (i.e. cash, cheque, bank transfer)

7)    The data will only be held by committee members of the LNHG. Such office bearers must ensure their anti-hacking software is up-to-date. The data must be held on a password-protected computer with the data held in a password-protected file.

8)    When sending an email circular to some or all members, the recipients’ email addresses will be hidden through the use of the ‘bcc’ function.

9)    Any individual whose membership of LNHG has lapsed will have their data removed after two years.

10)   Any member at any time can ask LNHG to see the personal data held on them.

11)   LNHG will endeavour to ensure the data is accurate and correct any errors if requested by the relevant individual.

12)   All personal data will be deleted if the LNHG ceases to exist as an entity.

13)   In the event of a known or suspected data breach, LNHG will notify the Information Commissioners Office within 72 hours

14)   When joining the group for the first time, all members will be asked to agree the following statement:
“The LNHG may keep a record of your contact details in accordance with the LNHG Data Protection Policy (available on the website) for the purposes of informing you about the activities of the LNHG and notifying you of membership renewals. The data will not be divulged to any other organisation.”

15)   Agreement on this will be also sought from existing members (i.e. those predating this policy)

Author: James Fenton
20 February 2018

 

Consent form

The LNHG may keep a record of your contact details in accordance with the LNHG Data Protection Policy (available on the website) for the purposes of informing you about the activities of the LNHG and notifying you of membership renewals. The data will not be divulged to any other organisation.

I consent to the above statement
Name
Email

 

 

 


This project is supported by Scottish Natural Heritage