HSHW Data Protection Policy

Introduction

To maintain the continuation of HSHW it is necessary for the society to process personal data of its members, supporters, donors and members of the public. This data is collected by the committee of the society and shall be handled in accordance with the General Data Protection Regulation (GDPR). HSHW’s Data Protection Policy describes what personal data is collected, where it is stored, who can use it and how the rights of the individuals are protected.

What person data is collected and used

The society collects the following personal information; name, email address and whether a individual is over 18. The society does not collect sensitive information as defined by GDPR.

For some members we may have additional information such as committee memberships.

Your personal data collected is used by members of the committee to allow the administration or you membership; the communication of information, and the organisation of events.

Who is your data shared with

Your membership data is passed onto communication services used by HSHW (e.g. our external mailing list) only if consent has been given. These services are not free to pass this to 3rd parties.

Your personal data is not passed on by us to organisations other than in the ways indicated above.

Where is personal data stored and who can access it

Personal data is used by members of the committee. HSHW owns a password protected USB memory stick for the storage and transfer of information between committee members. Information is also stored on committee members personal computers, servers and paper files and wherever possible is encrypted or password protected.

Information shall only be held by a committee member while they hold office.

See Data guidelines section below for information on how the committee ensure you information it kept safe.

Who is responsible for ensuring compliance with the relevant laws and regulations.

Under the GDPR we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring HSHW discharges its obligations under the GDPR is the secretary.

What is the legal basis for collecting this data.

HSHW collects personal data (e.g. Name, email address) that is necessary for purposes of its legitimate interests as a membership organisation.

For some data, such as that relating to financial matters, the basis for its collection and retention is to comply with our legal obligations.

Some members may subscribe to additional services for which their consent is collected and recorded in the members database.

Rights of individuals.

You have the right to see what data we hold about you, you can make a request in writing to the society secretary.

You have the right for the personal data to be removed from use and history by the society as long as we do not have legal reason to hold such data. you can make a request in writing to the society secretary.

You have the right to amend your data, you can make a request in writing to the society secretary.

Data guidelines.

The following policies apply to the storage and sharing of data.

Revision control

Issue 1: First release 2018-03-19