General Data Protection Regulation
On 25 May 2018 the General Data Protection Regulation (GDPR) comes into force. This new law replaces the current Data Protection Act and inevitably changes the way we must organise our affairs. To comply with this legislation, we need your explicit permission if we are to continue to contact you by email or other means.
To avoid missing important news and exciting updates from the Hungerford Historical Association, including notices of meetings, we need to have your express permission.
If you change your mind at any time just let us know.
What personal data does the HHA collect?
The data we routinely collect includes members’ names, addresses, phone numbers and email addresses. We collect this data only directly from our members.
What is this personal data used for?
We use members’ data for the administration of your membership; the communication of information, including sending Membership Renewal correspondence, notices of HHA meetings, and other local history events.
With whom is your data shared?
Membership data is not shared outside the HHA.
Where does this data come from?
Data comes only from Membership Application and Renewal forms.
How is your data stored?
Most of our data, including our main membership database, is stored in digital form on computers.
The remainder of our data is kept in the form of written documents stored by Committee members.
Who is responsible for ensuring compliance with the relevant laws and regulations?
Under the GDPR (General Data Protection Regulation) we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring the HHA discharges its obligations under the GDPR is the Membership Secretary, Mrs Margaret Smallwood, margaretsmallwood48
She is the person who is responsible for maintaining a log of data breaches and notifying the ICO and any members affected as necessary, in accordance with our legal obligations.
Who has access to your data?
The Membership Secretary and the Treasurer of the HHA have access to members’ data in order for them to carry out their legitimate tasks for the organisations, such as responding to enquiries from those members.
Members of the HHA committee will be given access to this data for any legitimate purpose to do with their roles as officers of the organisations or members of their committees but will not be free to pass it on to any other organisation.
What is the legal basis for collecting this data?
The HHA collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation, which is kep in compliance with our legal obligations.
How you can check what data we have about you?
If you want to see the basic membership data we hold about you, you should contact the Membership Secretary, margaretsmallwood48
There is not usually a fee for this, though we can charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information.
Does the HHA collect any “special” data?
The GDPR refers to sensitive personal data as “special categories of personal data”.
The HHA does not collect "special" data.
How can you ask for data to be removed, limited or corrected?
There are various ways in which you can limit how your data is used.
You may choose not to receive information emails from the HHA. To request this, you should contact the Membership Secretary, margaretsmallwood48
How long we keep your data for, and why?
We normally keep members’ data for one year after they resign or their membership lapses. This is because we find members sometimes later wish to re-join. However, we will delete any former member’s contact details entirely on request.
What happens if a member dies?
We normally remove members’ information as soon as we are aware that they have died.
Can you download your data to use it elsewhere?
No. The data is not kept on the HHA website, and it is not possible to download your data.