|The data controller is H&DAA Club Secretary|
Scope of policy
|This policy applies to Horsham and District Angling Association (H&DAA)|
Policy operational date
Policy prepared by
|Policy review date||June 2023 and every three years thereafter|
|Purpose of policy||The purpose of this policy is to enable H&DAA to:
comply with the law in respect of the data it holds about individuals
follow good practice
protect H&DAA’s members, Officers, and other individuals
protect the organisation from the consequences of a breach of its responsibilities
|Personal data||Personal data relates to a living individual who can be identified from that data. Identification can be by the data alone or in conjunction with any other data in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (GDPR).|
|Brief introduction to the General Data Protection Regulation||All organisations that hold personal data must do so in accordance with the principles of data protection, which provide that personal data must be:
processed lawfully, fairly and in a transparent manner;
collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
adequate, relevant and limited to what is necessary in relation to the purposes for which it is used;
accurate and, where necessary, kept up to date;
kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
|Use of personal data||H&DAA uses personal data for the following purposes:
To provide a membership service.
To keep accounting records.
To forward accounting records to the club’s auditor annually.
To inform you of your obligations.
|Policy statement||H&DAA will:
comply with both the law and good practice;
respect individuals’ rights;
be open and honest with individuals whose data is held;
provide training and support for volunteers who handle personal data, so that they can act confidently and consistently.
H&DAA recognises that its first priority under the GDPR is to avoid causing harm to individuals. In the main this means:
keeping data securely in the right hands;
holding good quality data.
|Key risks||H&DAA has identified the following potential key risks, which this policy is designed to address:
breach of confidentiality (data being given out inappropriately);
insufficient clarity about the range of uses to which data will be put — leading to Data Subjects being insufficiently informed;
failure to offer choice about data use when appropriate;
breach of security by allowing unauthorised access;
harm to individuals if personal data is not up to date.
|Volunteers||All volunteers are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.|
|Storage||Personal data will be stored securely at 49 Hawkesbourne Road, Horsham, West Sussex, RH12 4EH.|
|Archiving||Archived paper records will be stored securely at 49 Hawkesbourne Road, Horsham, West Sussex, RH12 4EH.|
|Security Breach||If personal data is lost / damaged, H&DAA will
inform the individual concerned
If personal data is stolen, H&DAA will
inform the individual concerned
inform the police
|Sharing||Your personal data will be treated as strictly confidential and will only be shared with Officers of the club to carry out a service for purposes connected with your membership. H&DAA will only share your data with other third parties with your consent.|
|Retention||Personal data will be held for 7 years after which it will be permanently destroyed.
Electronic data will be securely deleted from The Secretary’s computer.
Paper data will be shredded.
|Computer security measures||H&DAA will:
install a firewall, virus-checking software, and an anti-spyware tool on its computer.
make sure that its operating system is set up to receive automatic updates;
protect its computer by downloading the latest patches or security updates, which should cover vulnerabilities.
only allow its volunteers access to the data they need to do their job and won’t let them share passwords.
take regular back-ups of the data on its computer system and keep them in a separate place so that if it loses its computers, it doesn’t lose the data;
securely remove all personal data before disposing of old computers (by using technology or destroying the hard disk).
|Email security measures||H&DAA will:
consider whether the content of the email should be encrypted or password protected;
use blind carbon copy (bcc), not carbon copy (cc), when it wants to send an email to a recipient without revealing their address to other recipients.
|Other security measures||H&DAA will:
shred all confidential paper waste.
|Right to access
|The GDPR allow individuals to access their personal data so that they are aware of and can check the lawfulness of the use and the accuracy of the data.
H&DAA has 1 month from the receipt of the request to comply.
|Right to rectification
|Individuals have the right to have their personal data rectified if it is inaccurate or incomplete.
If the data has already been given to third parties, H&DAA must tell those third parties of the correction.
H&DAA must also tell the individuals about the third parties to whom the data has been given.
|Right to erasure
(also known as the right to be forgotten)
|Individuals have the right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.|
|Right to restrict processing||Individuals have the right to restrict processing of their personal data in certain circumstances (for instance if a person believes his/her personal data is inaccurate or he/she objects to the processing). If processing is restricted, H&DAA can still store the data but cannot otherwise use the data.|
|Right to data portability||Individuals have the right to obtain and reuse personal data for their own purposes or to transmit that data to another Data Controller.|
|Right to object||Individuals have the right to object to the processing of personal data.|
|Right to complain||Individuals have a right to complain to the ICO if they think that there is a problem in the way that H&DAA deals with their personal data.|
|New purposes||If H&DAA wishes to use your personal data for a new purpose, not covered by this Privacy Notice, then H&DAA will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, H&DAA will seek your prior consent to the new processing.|
|To exercise all relevant rights, queries or complaints please in the first instance contact The Club Secretary.
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.