GDPR changes the way the relationship between the Club and its Members works in relation to the information (data) which the Club collects from you and then processes and stores. Some data is necessarily provided to a third party such as an event venue or the Hon. Treasurer. Most of the law is mandatory but where there are options this notice will identify and explain the option the Club is using. Many of the terms are rather technical but we need to use specific terms in order to say exactly what GDPR stipulates. The Club’s first task is to be a lawful processor of your data.
-----------------------------
LAWFUL PROCESSING
Membership of the Club is a form of contract where Members pay a subscription in return for which Members receive benefits and services provided by the Club. The Club asserts that it is a lawful processor by virtue of this relationship and does not need to obtain specific consent to process data. The Club also considers it is exempted from any obligation to appoint a Data Protection Officer but it does accept the obligation to carry out processing in ways which are lawful, fair and transparent. The Club may be required to appoint a designated DPO by the UK legislation.
TYPES OF DATA COLLECTED AND STORED
The Club is committed to recording accurate personal data which consists of the information on the Membership Application Form. No bank account details are recorded by the Club, but these details may be requested by the Hon. Treasurer to process a refund to a Member, and in that case the information may be given by telephone, email or post.
The Club does not collect sensitive personal data such as genetic, biometric or health data nor information on race, ethnicity, religion, political persuasion, or sexual orientation. Such sensitive data is known in GDPR as special category data. The Club may verify the information supplied in the Membership Application Form but does not seek additional information when considering an application. If information is published (i.e. in the public domain) about a Member, e.g. personal, professional or civic honour, the Club is likely to add such information to your Member record.
In the event of there being a data breach the Club undertakes to inform you (as well as any relevant authority) not later than 1 month of the Club becoming aware of the breach. The Club does not believe that the data it holds give rise to any need to report a breach to the Information Commissioner within 72 hours but it is conscious of the possible need to do so. Paper records are also held securely.
TRANSFER AND SHARING OF DATA
The Hon. Secretary is the principal processor of your data. The Club’s Officers may also wish to look at Member data from time to time. In order to preserve a good history of the Club, copies of past membership lists are sent to the archives at the Bishopsgate Institute; the agreement with Bishopsgate Ward Club specifies that the Institute then becomes responsible for safe storage and control of access to these paper archives and must seek Club approval for access by third parties. The files are stored in the Institute’s archive area, accessible by authorised personnel only.
When you attend functions or events organised by the Club the venue will normally, for security and practical reasons, want a list of names and dietary or other requirements. The Club keeps your data on a personal computer located in the UK which is password-protected and backed up regularly.
RETENTION OF DATA
The Club intends to hold your data throughout the period of your Membership and applying the following post-Membership policies:
In the case of resignation, for three years.
In the case of exclusion, for eight years (in order that appropriate institutional memory exists of the circumstances).
In the case of death, indefinitely, for archival purposes only, but the Club will consider requests for erasure from immediate family and/or executors.
YOUR RIGHTS
- To complain
Ideally the Club would wish to try to deal with complaints itself before recourse to any external authority and asks Members to submit complaints via email or post but it is open to Members to submit a complaint at any time to the Office of the Information Commissioner.
- To have correct data recorded by the Club
The Club will be happy to correct errors.
- To require the Club to erase data which it holds about a Member
The Club will fully respect the new legislation but reminds Members that the low-level information gathered by the Club is perceived by the Club as the minimum needed to provide Members with the benefits of Club Membership.
……………………………………
All emails sent by the system contain a tracking pixel. This is used to track whether each email has been opened by the recipient, and when. This information can be viewed by those users of the system with permission to view email delivery reports. We do not display any information regarding the location of the recipient. Note that the tracking pixel is only activated if the recipient chooses to download images into their email client.
We, Bishopsgate Ward Club, make use of the myClubhouse software supplied by Simmetrics Ltd to process personal data we include on our myClubhouse website in accordance with our privacy policy set out above. Simmetrics Ltd processes your personal data on our behalf and they can only do so in accordance with our written instructions. You can find the details of our data processor’s privacy policy here: http://www.myclubhouse.co.uk/Home/PrivacyPolicy.