READING COIN CLUB
DATA PROTECTION POLICY
This is a statement of data protection policy adopted by Reading Coin Club in May 2018.
1. The Club keeps personal data on Members as set out below. This policy describes how that data whether held electronically or on paper is handled and stored having regard to the requirements of The General Data Protection Regulation (GDPR) to become effective on 25 May 2018.
2. This policy helps to ensure the confidentiality of personal data supplied to the Club. The President of the Club is the Data Protection Officer. In his absence the Hon. Secretary will substitute.
3. The Club endorses fully the Data Protection Principles. Specifically, the Principles require that personal information will:
a. be processed fairly and lawfully;
b. only be used for specified and lawful purposes and shall not be used in any manner incompatible with those purposes;
c. be accurate and, where necessary, kept up to date;
d. be protected against unauthorised use, theft, accidental loss, destruction or damage by the use of appropriate technical and organisational measures.
4. The Club also fully endorses the Individuals’ Rights as detailed in the General Data Protection Legislation. Specifically, this grants individuals the following rights:
a. the right to be informed (fair processing of information, privacy notices, transparency);
b. the right of access (confirmation/access to personal data);
c. the right to rectification (must respond within 30 days).
RECORD RETENTION and PROCESSING POLICY
5. Principal Data Processor
The Principal Data Controller is the Hon. Secretary who is responsible for all data storage and processing,
6. Secure Record Storage
Paper documents are held in a secure location in the Hon. Secretary’s home for as long as they are needed. Computerised records are retained on a password controlled computer and backed-up on memory sticks all held in the Hon. Secretary’s home until no longer required. In the remainder of this document this is simply referred to as “Secure Storage”.
7. Document Destruction
Paper documents that are beyond their retention date will be destroyed by means of shredding.
8. Access to Personal data
Members can request full details of their personal data held by the Club by application to the Principle Data Controller.
9. Member information is held both physically and electronically in Secure Storage. Information is held in respect of each individual: name, address and if supplied telephone number and e-mail address.
10. If a Member leaves the Club their electronic record is amended with the classification “Inactive Record”. Similarly, when a member dies their record is amended with the classification “Deceased”. In either case, the record is retained for historical statistical/finance purposes.
11. We do not pass members personal information to any external organisation, charitable or otherwise.
12. Postal correspondence with members retained on file in a lockable, metal cabinet in the Hon. Secretary’s home.
13. Photographs of members will be taken from time-to-time for use only for Club purposes. Permission will always be obtained before the photograph is taken and agreement obtained before it is used in a publication. Similarly, if the photographs involve minors the consent of an appropriate adult will always be obtained prior to the photograph being taken and used in a publication.
14. Photographs will not be kept any longer than is necessary for the purpose for which they were taken.
AGENDAS, SUPPORTING PAPERS AND MINUTES OF MEETINGS
15. There may be circumstances where part of the record of a meeting will be personal data as the data is ‘obviously about’ or clearly ‘linked to’ an individual. The Trustees will ensure that electronic copies of Minutes and any hard copy supporting documents containing personal data are held in Secure Storage.
16. The Committee of Reading Coin Club gives its approval to the principles contained in this document to be implemented with immediate effect.