Data Protection Policy |
| The data that members provide on their membership forms are kept in documents that are held and processed electronically.
This means that the Society is subject to the Data Protection Act.
Under the Act, members' data are not classed as "sensitive data", and because the Society is a not-for-profit
organisation there is no requirement to register with the ICO (Information Commissioner's Office). Nevertheless,
under the Act, there are responsibilities of care to uphold. This document outlines the Society' policies. |
What data is held? |
The Society is only allowed to keep data that are necessary for association activities. The following items are kept: | • Name | • Postal address | • Telephone number(s) | • Email address |
|
What is the data used for? |
| The data are only used for legitimate Society uses; these include:
communication between committee members and other members as part of the general running of the
Society; notification of Society meetings, garden visits, etc.
The Society will not disclose your data to other members or to third parties, or use it on behalf of third parties. |
Who has access to the data? |
| Only those who need access to the data have access to it. The following committee members have access to all the member data:
Chairman, Secretary, Treasurer, Membership Secretary, Show Secretary, Webmaster. |
What happens when a member leaves the Society? |
| Data for members who leave the Society are held for at most 3 months, after which time they
will be deleted from our records. This is in case there is a requirement to communicate with a member who has recently left. |
Accuracy |
| The Society endeavours to maintain accurate records, but it relies on members advising the Membership Officer of changes.
Members can at any time ask the Secretary for a copy of their recorded data. To request this, send an email to data-protection@abingdon-hort-soc.org.uk |
Email usage |
| The Committee member responsible for sending mass emails to the membership has an email account (events@abingdon-hort-soc.org.uk) used for the purpose.
This account contains members' email data. Mass emails to the membership are sent blind (Bcc) so that addresses are not exposed. |
Encryption and passwords |
| The data are held in documents on committee members' personal computers. Committee members are expected to take the usual precautions regarding security.
The documents themselves, mostly spreadsheets, are not encrypted. There is sometimes a need to transmit a copy of all the data between committee members.
Under these circumstances any document will be encrypted and the password communicated by telephone. This is to mitigate the risk that the document is
sent to the wrong recipient. Mobile phones are sometimes used for email purposes. Phones are vulnerable to loss and theft so if they are used for
Society business they must have suitable security in place. Spreadsheets containing multiple records will not be kept on phones. |
| Starting in 2021 membership data will be securely held in an online database. Some data will be encrypted to protect it in the event that the database
is compromised. The encrypted fields are postal address, phone number(s) and email address(es). Access to the member database will be restricted to the
Membership Officer, Treasurer, Show Secretary and Webmaster. |
Who is responsible for the implementation of this policy? |
| The Chairman of the Society is responsible for ensuring that this policy is adhered to. |
