This policy applies to the work of the Cornwall and Devon Land Rover Club (CDLRC). The policy sets out the requirement that CDLRC must gather personal data for membership purposes under the Companies Act 2006.
(Under this Act it is a requirement that the name and address of a former member is retained for ten years after they cease to be a member).
1. The policy details how personal data will be stored and managed in line with data protection principles and the General Data Protection Regulation (GDPR). The policy is reviewed on an ongoing basis by the CDLRC committee to ensure that CDLRC is compliant under the regulations.
2. CDLRC have determined that the lawful basis for holding and processing data on personal members is Legitimate Interest for the purpose of administrating of the Club.
3. The CDLRC committee is the Data Controller with the contact being the current club Secretary.
4. The forms used to request personal information will contain a privacy notice (detailed in this document) informing members as to why the information is being requested and what the information will be used for. The CDLRC Committee will seek to ensure that personal member information is not used inappropriately and to this end will appoint a Data Processor. This will be the current Membership Officer.
5. Appropriate use of information provided by members will include:
a. Communication with members about CDLRC events and activities.
b. Sending members the ALRC Members Handbook. This will be done via a printer who is a third party Data Processor that the ALRC has entered an agreement with.
c. Communication with members about their membership and any specific issues associated with their membership of CDLRC.
6. Members will be asked to provide information that is relevant for membership purposes which will include:
a. Name, Postal address, Email address, Telephone number
b. CDLRC has a responsibility to ensure members information is kept up to date. Members will be asked to let CDLRC know if any of their information changes.
7. The CDLRC Committee is responsible for ensuring that CDLRC remains compliant with data protection requirements and shall ensure that new members joining the CDLRC Committee receive an induction into how data protection is managed within CDLRC. The CDLRC Committee will review what data is held, data protection and who has access to information on a regular basis. 8. The CDLRC Committee has assessed that the data held on members is readily available from many sources and that therefore the harm that could be caused to any individual by loss or theft of the data held by CDLRC is insignificant.
The CDLRC Committee have a responsibility to ensure that the data is both securely held and processed. In this consideration the following will apply:
a. Only grant access of personal data of members to those on the Committee who need to communicate with members.
b. Using password protection on electronic devices that contain or access personal information.
The following statement will be included on club membership applications and renewals:
1. CDLRC can be contacted by post addressed to 13 Barons Pyke, Ivybridge, Devon, PL21 0BZ. CDLRC has a legitimate interest in using the personal data you give to CDLRC on this form for the purpose of communicating with you on matters relating to CDLRC and to pass to the distributor of the ALRC Handbook to facilitate delivery to your home address.
2. Your personal data will not be transferred to any other person or organisation and will be deleted from CDLRC records in line with the Companies Act 2006. You have the right to request from CDLRC access to and rectification of your personal data. If you feel that your personal data has been misused you have the right to complain to the Information Commissioners Office.
This policy was proposed at the CDLRC Committee meeting held on 15th May 2018.