To maintain the continuation of HSHW it is necessary for the society to process personal data of its members, supporters, donors and members of the public. This data is collected by the committee of the society and shall be handled in accordance with the General Data Protection Regulation (GDPR). HSHW’s Data Protection Policy describes what personal data is collected, where it is stored, who can use it and how the rights of the individuals are protected.
The society collects the following personal information; name, email address and whether a individual is over 18. The society does not collect sensitive information as defined by GDPR.
For some members we may have additional information such as committee memberships.
Your personal data collected is used by members of the committee to allow the administration or you membership; the communication of information, and the organisation of events.
Your membership data is passed onto communication services used by HSHW (e.g. our external mailing list) only if consent has been given. These services are not free to pass this to 3rd parties.
Your personal data is not passed on by us to organisations other than in the ways indicated above.
Personal data is used by members of the committee. HSHW owns a password protected USB memory stick for the storage and transfer of information between committee members. Information is also stored on committee members personal computers, servers and paper files and wherever possible is encrypted or password protected.
Information shall only be held by a committee member while they hold office.
See Data guidelines section below for information on how the committee ensure you information it kept safe.
Under the GDPR we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring HSHW discharges its obligations under the GDPR is the secretary.
HSHW collects personal data (e.g. Name, email address) that is necessary for purposes of its legitimate interests as a membership organisation.
For some data, such as that relating to financial matters, the basis for its collection and retention is to comply with our legal obligations.
Some members may subscribe to additional services for which their consent is collected and recorded in the members database.
You have the right to see what data we hold about you, you can make a request in writing to the society secretary.
You have the right for the personal data to be removed from use and history by the society as long as we do not have legal reason to hold such data. you can make a request in writing to the society secretary.
You have the right to amend your data, you can make a request in writing to the society secretary.
The following policies apply to the storage and sharing of data.
Personal data stored on personal computers shall be password protected and preferably encrypted. The society owns a encrypted USB stick to hold files if necessary.
Personal data shall not be copied to, or transferred by, portable storage unless the files are password protected or encrypted.
When using email lists, for example to communicate to all the members, the blind copy (BCC) function should be used for individual emails.
Personal data which is held on paper records shall be stored in a safe location, for example at the committee member’s home. Where personal data is carried outside of this location, to a meeting, or event, the personal data must be considered as confidential and kept on the committee member’s possession at all times.
When committee members cease to serve on the committee, any personal data they hold shall be transferred a member of the committee then deleted.
Personal data may be shared with other committee members for the purposes of management of the society.
Issue 1: First release 2018-03-19