GENERAL DATA PROTECTION REGULATION: REGISTER OF SYSTEMS
In accordance with the General Data Protection Regulation which comes into force on 25 May 2018, this document sets out the approach of Strings Attached to the collection, use and management of the personal data of its members under the following headings:
- The data we collect and in what way
- How the data are stored and who has access to them
- Sharing the data
- Purpose for which the data are used
- Data removal and archiving
The data we collect and in what way
On becoming a member of Strings Attached individuals are asked to complete an application form and to supply name and email address, a residential address and telephone number.
The data are entered on to an Excel spreadsheet by the Treasurer and updated either through the annual membership renewal process or as new data are made available throughout the year (e.g. change of email or residential address).
Names and email addresses are also entered by the Treasurer on a Mailchimp contact database in order to facilitate the dispatch/receipt of an online newsletter.
How the data are stored and who has access to them
Only the officers of Strings Attached – i.e. Chair, Treasurer and Secretary – have access to the personal data of members of Strings Attached.
The Excel spreadsheet maintained by the Treasurer (see above) is shared with the Secretary each time it is updated. Both the spreadsheet held by the Treasurer and that by the Secretary are password-protected and regularly backed up.
The Chair has access to the full data set on request to the Treasurer and/or Secretary. The Chair has direct access to names and email addresses only via the Mailchimp database.
Paper application forms are passed to the Secretary once data have been entered on to the Excel spreadsheet and Mailchimp contact database by the Treasurer and are stored alphabetically in year order.
Online application forms are stored electronically and password protected.
Sharing the data
The complete data set is shared solely between the officers as described above.
The complete data set will not be shared with any third party unless legally obliged to do so.
From time to time it might be necessary to share the personal data of one member of Strings Attached with another in order, for example, to arrange transport to a concert of one member by another. This will not, however, be done, without the agreement of the member concerned.
Elements of the personal data of individual members (name and bank details) are shared automatically with the Strings Attached bankers (Co-operative Bank) when membership subscriptions and donations are made by cheque.
Purpose for which the data are used
The data are processed on the basis of legitimate interest.
The data are used primarily as a vehicle for disseminating information about Strings Attached and its activities.
The membership application form specifically asks members to opt in to receiving information from Strings Attached.
Each electronic newsletter provides the option to unsubscribe.
Data removal and archiving
A member who fails to renew his/her membership is kept on the membership database for one further year and continues to be sent newsletters during that time.
If a member fails to renew his/her membership after this further year, his/her data are removed from the membership database to an archive list for a further two years and no further newsletters are sent. The archive list is used solely for the purpose of informing former members from time to time of Strings Attached activities in which they might be interested.
ADOPTED 10 MAY 2018
AMENDED 25 OCTOBER 2020
ADOPTED 12 FEBRUARY 2021