Data Protection Policy for Southerly Owners Association
The Policy is based on the legal requirements of the Global Data Protection Regulations and as such protects Individuals’ Rights Under the GDPR:
- The right to be informed.
- The right of access.
- The right to rectification.
- The right to erasure.
- The right to restrict processing.
- The right to data portability.
- The right to object.
- The right not to be subject to automated decision-making including profiling.
- The information collected on each individual who applies for membership and is accepted by the SOA will be subject to two specific permissions that need to be granted by the individual via informed consent:
- Authority to hold their data
- Authority to publish their data.
- Application forms will be processed for input to the membership database and then destroyed securely.
- All members will be able to see contact and boat data supplied by the individuals. Access to this data is controlled and will be used for the express intent of maintaining a relationship between the SOA and the member in line with the SOA Objectives.
- Financial information for members is held for processing of annual fees and relevant rally events. Hard copy financial information except in the processing for accounting purpose is not kept in hard copy.
- Membership information is kept up to date with an annual request to members to check their data and confirm its relevance.
- Electronic storage of personal data for former members is retained but hidden from view.
- All electronically stored financial information for former members is destroyed when they resign from their membership.
Types of data held for Members:
- Name, address, date of birth, e-mail address, phone numbers and other contact details of members.
- Names and date of birth of children who live at the same address as a member.
- Name and details of the boats owned by members.
- Date of joining (and leaving) the Club.
- Financial data if a direct debit is used.
- Specific activities in which they have expressed an interest.
- Relevant qualifications
- Types of data held and processed for Suppliers
- Name, address, e-mail address, phone numbers and other contact details
- Bank details
- Qualification details (CVs)
Collecting and Keeping Data
Personal data is only held with the informed consent of the member to:
- Meet the legitimate needs of the SOA
- Fulfil the contract with the member. See the Data Privacy Statement
- Data will only be collected, held and processed for these specific purposes.
- Informed Consent will be requested for all activities, and will be specific, informed and unambiguous.
- A member may change their mind about any informed consent given at any time and the SOA will respect this.
- The Members’ Directory is available through the SOA Forum.
Data to Third Parties
- Membership data will not be passed to any third party for marketing purposes.
- Legitimate third parties for SOA are:
- The SOAs bank
- The SOAs database designers and IT consultants)
- The RYA for training purpose only
- The printers for the SOA magazine
- SOA members who organise specific activities.
- Law enforcement agencies
- Process for identifying reporting and investigating data breaches.
Identification begins :
- with the Chairman for the database
- The Chairman for email and website breaches
- All breaches of data are reported to the individual immediately the information is known.
- It will also be reported to 1&1.co.uk (web hosts and any DB designers).
- The SOA committee members will be informed.
- They will be advised on any further course of action.
- The Chairman will investigate in the first instance.
- If the breach has serious ramifications for members, individuals, staff or suppliers the ICO will be informed and they may conduct their own investigation.
Policy Approved and Signed:
Nigel Campling (Chairman)
David Thomas (Treasurer)