To be able to keep in touch with people, organise events and maintain proper accounts BARC needs to gather and use personal information about Club Members and other individuals we have a relationship with. This policy describes how this personal data is to be collected, handled and stored to protect Club Members’ rights, to meet the club’s data protection standards and to comply with General Data Protection Regulations. In general, these require personal information collected and stored by the club to be relevant to our activities, not excessive, up to date, and to be properly protected.
This policy applies to all Club Members and covers the data that the BARC holds relating to identifiable individuals, including personal data for other parties such as external event organisers and potential members. It does not apply to personal information that individual members chose to make available to others.
Personal data to be collected and stored by BARC
The mandatory items of membership data needed by the BARC are: Name; Membership Status; Call Sign (if appropriate); date of joining, and email address or alternative contact details. Additionally, for Club Members under the age of 18, the BARC shall hold their Date of Birth and the Contact Details for the consenting Parent/Guardian.
Members may optionally provide personal telephone numbers and addresses. This information will be subject to the same protection measures as the mandatory information listed above.
To support its activities the BARC may also collect and store contact details for external parties. These will be limited to Name, Call sign (where appropriate), and associated email and/or telephone number. This information also falls within the scope of this policy.
The BARC Committee is ultimately responsible for ensuring that BARC meets its legal obligations and that the Data Protection Policy is maintained.
Club Members should:
- Read this policy to understand why personal information is collected and how it is used and stored by the BARC;
- Provide the required personal data to the BARC Secretary via the BARC Membership Form and notify the BARC Secretary
of subsequent changes to this information;
- Not share personal information held by the BARC without the agreement of the BARC Secretary or Data Protection Officer;
- Where Club Members forward personal information from non-members they must first obtain consent from that individual. Such information should only be provided to the BARC Secretary who will be responsible for any further distribution within the BARC.
The BARC Secretary is the Data Controller/Processor and is responsible for:
- Maintaining a Membership and Contact Register containing the personal information identified above. Once the information has been entered onto the Membership and Contacts Register the BARC Secretary shall ensure the secure disposal of Membership Forms and other copies (e.g. e-mails) of personal data;
- Providing a list of Member Names and associated Membership Status to the BARC Treasurer to assist in the preparation of the Treasurer’s Report and the collection of subscriptions;
- Maintain the address lists for e-mail and other means of distributing information on the Club’s activities to members;
- Prior to the BARC AGM, confirm the accuracy of the information contained in the Membership Register with individual members;
- Provide contact details to nominated individuals in support of club activities such as external events and training courses;
- Delete non-essential information. Past-member’s data shall be retained on the Membership and Contact Register for one year after their membership expires. Contact information for non-members shall be reviewed annually and deleted
unless their relationship with the club is still active;
- Include the number of individual records currently in the Membership and Contact Register as part of the Secretary’s Report to the AGM.
No other extract of personal information is to be generated without the authorisation of the Data Controller (see below).
The production of any additional report shall be notified to the BARC Committee to allow monitoring of the operation and adequacy of the Data Protection Policy.
The Data Controller is responsible for:
- Keeping the committee updated about data protection responsibilities, risks and issues.
- Reviewing all data protection procedures and related policies, at least annually;
- Handling data protection questions and Subject Access Requests from Club members and external parties;
- Where necessary, working with other Club Members to ensure marketing and other club initiatives abide by data protection
- If necessary, dealing with legitimate requests from law enforcement agencies for the disclosure of personal information.
Club Members should request help from the Data Controller if they are unsure about any aspect of data protection or if they wish to see the data that BARC holds about them.
The storage of personal information shall only be in an encrypted form (using a strong password) on a dedicated memory stick held by the BARC Secretary at home. A similarly protected back up copy shall be held on a second memory stick held by another BARC Committee member. Personal information is not to be stored on any computer hard drive or in hard copy form, other than the specific reports and extracts defined in this policy.
Version 1.0 prepared by the BARC Committee
Approved by the BARC Committee on 17-May-2018
Policy to come into effect on 25-May-2018
Next Review date 25-May-2019