On 25 May 2018 the new General Data Protection Regulation (GDPR), the replacement for the current Data Protection Act 1998 comes into force. Fareham Art Group is not exempt from the regulations and we must put in place procedures to ensure that we are compliant in the way we collect and use personal data.
“Personal data” is defined by the European Commission as:
“Personal data is any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”
In the new legislation a breach of the regulation will be defined as follows:
“A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.”2.
About this policy
We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on GDPR can be found on the website Version 1 Page 3 18 May 2018 for the Information Commissioner (www.ico.gov.uk). For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.
What information we collect and why
We will seek your consent on the membership application form and each membership renewal form. You may withdraw your consent at any time by contacting us by email or letter.
|Type of information||Purposes|
|Your name, address, telephone number(s), e-mail address||Managing your membership of the Club. A list of members (names only) will be passed to the SAA for the provision of insurance.|
|Emergency contact details||To contact a family member or friend in case of an emergency|
|Photos and videos of you and your work.||Use on club’s website, social media pages and newsletters.|
|Your bank account details||This will|
only be requested from you when payment is required. Allowing the club to pay the proceeds of any sales from an exhibition or through other club activities directly to your bank account.
How long do we keep your information?
We will hold your personal data (electronic and /or paper) records for as long as you are a member of the Club and for as long afterwards as is necessary to comply with our legal obligations. We will review your personal data each year to establish whether we are still entitled to
use it. If we decide that we are not entitled to use your personal data, we will stop using it, although we will retain it in an archived form in order to be able to comply with future legal obligations.
We will securely dispose of any data when we no longer have a need to use or retain it.
How will we protect your personal data?
We will not share your personal data with any other person, member or otherwise without your consent, unless we are required to by law or as set out in the table above We may pass your personal data to third parties who are service providers for the
purposes of completing tasks and providing services to you on our behalf (e.g. to print newsletters or other mailings). However, we will only disclose the personal data that is necessary for the third party to deliver the service. The Internet is not generally a secure medium for communication and therefore we cannot guarantee the security of any information you send to us over the Internet.
As a local club managed entirely by volunteers, the data that we collect from you is usually transferred via email. This means it will be held on various email file servers used by the club committee and key club communicators. Where practicable, we will protect your
The Fareham Art Group website may transfer cookies to your device’s storage in order to remember who you are. Fareham Art Group will not use the cookies to collect personally identifiable information about you. By continuing to use the website you consent to relevant cookies being set on your device. Other essential technical information is also collected by the website provider, such as the page or service you are requesting, type of browser and operating system used and the date and time of access.
We will notify you promptly in the event of any breach of your personal data which
might expose you to risk.
Under the GDPR you have the following right:
- To access your personal data
- To be provided with information about how your personal data is processed
- To have your personal data corrected
- To have your personal data erased
- To object to or restrict how your personal data is processed
You can ask to see any personal information that we hold about you. Such requests are called ‘Subject Access Requests’. Please email: email@example.com if you would like to make a Subject Access Request or if you need to have your personal data
corrected or erased from our records. You have the right to take any complaints about how we process your personal data to the Information Commissioner at www.ico.org.uk/concerns/ or telephone 0303 123 1113.
Information Commissioner’s Office
For more details, please address any questions, comments and requests regarding our data processing practices to firstname.lastname@example.org