DATA PROTECTION POLICY

  1. Introduction

  2. Legislation

  3. ACMS Data Protection Principles

  4. Data held by ACMS

  5. Third Party Websites

  6. ACMS Members’ rights regarding data

1.0 Introduction

1.1 The Arts and Crafts Movement in Surrey is an independent amenity society established in 1996 concerned with the conservation, restoration and education about works inspired by the Arts and Crafts Movement especially within the historic County of Surrey. It is a voluntary organisation and details of the Constitution of the Society can be provided upon request.

1.2 In order to ensure efficient administration, the ACMS holds a limited amount of personal data relating to its members. We need this to know your basic personal data in order to process your membership and to provide you with the latest information about the Society and its events and activities in accordance with your membership. We will not collect or hold any personal data from you that we do not need for this. This information is securely protected as required by the General Data Protection Regulation (GDPR) of 2018.

2.0  Legislation

2.1  The General Data Protection Regulation (GDPR) is based on the principle of individuals giving express consent for their information to be held and used in a specific manner. Members are required to give their consent when joining the Society as follows: ‘Your privacy is important to us so we will keep your personal data secure. We need your personal details to manage your membership and deliver your membership benefits. We will not share your information, unless required by law. Please confirm you agree to your details being held’

2.2  The GDPR can be found at: https://www.gov.uk/data-protection

2.3  To use the language of the legislation, the elected Main Committee is “the Controller” in the terms of the Regulation and the Membership Secretary (or substitute appointed in accordance with the Constitution of the Society) is “the Processor”.

2.4  In accordance with this legislation, the personal data of members is required by the Society to enable it to send out notifications of meetings and other events; circulate information on conservation matters relating to Arts and Crafts buildings; send out newsletters; issue committee papers and other documentation for the election of officers etc as required by the Constitution of the Society; for new membership applications and to enable members to pay their annual subscription. The ACMS also occasionally sends out notices of relevant interest for events or exhibitions arranged by other organisations, such as museums and galleries.

3.0  ACMS Data Protection Principles

3.1  The principles for the protection of members’ details to which the ACMS is committed are:

  •   Processed fairly, lawfully and transparently in relation to the members

  •   Collected for the specified purposes set out above and not further processed for

    incompatible purposes

  •   Relevant and limited to what is necessary for the effective work of the group

  •   Accurate and kept up to date by adjustments to the Master Membership Database

  •   Kept in hard copy and electronic format that permit identification of members while

    they are active in the Society but for no longer

  •   Processed in a secure way that ensures protection against unauthorised processing,

    accidental loss, destruction or damage, using appropriate technical and organisational measures

3.2  The following measures and procedures are to be used to ensure security of the personal data held by ACMS

  •   All hard copy data on an individual, including Membership application forms and consent responses, will be filed and stored securely by the Processor.

  •   Membership data is to be consolidated on the electronic Master Membership Database and distributed by the Processor to the Chairman and Hon. Secretary and Treasurer.

  • The Master Membership Database is to be kept up to date as changes become apparent and reissued at the discretion of the Processor. The list is to be backed up electronically.

  • Personal data on those who have ceased to be members for any reason may be retained for up to one year in case issues arise, but is then to be deleted

  • Previous Membership Lists to be erased or shredded as soon as new ones become available

  • Multiple e-mail addresses in a single e-mail are to be hidden from other recipients by use of the Blind Carbon Copy (BCC) facility

  • Immediate action is to be taken to deal with security breaches including notification to individuals if there is a high risk to their rights and freedoms. The Controller is to be informed of all breaches.

  • In arranging events and lectures, members of the Events Committee are involved, who may see the information supplied on the application form or WebCollect, which will be retained on a database and will be used for the purpose of event administration. This data will be kept no longer than is necessary for the purposes for which it was collected and used. Members of the Events Committee may compile either a paper or electronic list of names of those attending an event for distribution amongst the event attendees. Attendees may indicate if they prefer not to have their name included.

3.3 Under no circumstances is the Membership Database to be made available to another individual or organisation. Individual data elements may be passed on to a third party only with the express permission of the member concerned with the exception of third party websites necessary for the functioning of the Society as in 5.0.

4.0  Data held by the ACMS

4.1  Personal data is acquired by the ACMS in a number of ways including submission of a Membership Application Form; via the website; through personal contact with existing members or by phone calls or e-mails from both members of the society or members of the general public.

4.2  For members of the public making enquiries of the society, details of email addresses or telephone numbers will only be disclosed to other members of the Society with the express consent of the individual. The information will only be retained until the enquiry has been answered and will then be destroyed.

4.3  For those wanting to become members of ACMS, the Processor will ensure that clear and unambiguous consent is gained to the retention and necessary sharing of personal data submitted as part of a membership application.

4.4  For members of ACMS the information usually retained includes: title, full name, postal address, e-mail address, landline and mobile phone numbers. Bank account information (without pin numbers or passwords) to set up standing order payments for membership subscription by the payer will be forwarded to the relevant bank and not retained by the Society.

4.5 Personal information, including consent forms will be retained by the Processor on a Membership Master Database which is to be regularly kept up to date as changes occur. Protected copies of the database are made available to nominated members of the Society’s committees as detailed in 3.2 and 4.4 .

5.0 Third Party Websites

5.1 We are reliant on a number of third party providers in order to provide the Society’s services. Where this is the case, we will remain in control of the data and we will ensure that the third parties comply with high security standards for the protection of your personal data. These include WebCollect for membership and events bookings using PayPal and SquareSpace for online publication purchases using PayPal.

6.0 The rights of Members of the ACMS

You have the right to request:

  1. (i)  A copy of your personal data held by us and if you believe that the information is incorrect to have it amended

  2. (ii)  Erasure of your personal data

  3. (iii)  Withdrawal of your consent to communications with the Society

If you have any queries or want to exercise any of your rights please contact:
The Membership Secretary: membership@artsandcraftsmovementinsurrey.org.uk

Prepared: 08 May 2018 Revised: 05 April 2023