Next

Ref:
Date:
Location:
Photographer:

Data Protection Policy

REPRESENTATION
The committee must be asked for approval if you wish to take photos in the name of the Club. Such images should always show the Club in a good light and not be inappropriate.


1.  Requirements of the Data Protection Act 2018

The Data Protection Act 2018, which incorporates the European Union General Data Protection Regulations (GDPR), replaces the current legislation (the Data Protection Act 1998).

The current data protection principles, as first introduced by the Data Protection Act 1984, are continued effectively unchanged. These set out a legal obligation concerning the processing of personal data; the Club Processes Personal Data relating to members in the course of running the club so has obligations under this Act.

2. Definitions
Personal data means data by which you can be identified.
Processing means: collecting; recording; storing; presenting; altering; and destroying.

3. The data controller
The Club Secretary is the Data Controller for the Club. He/she is responsible for ensuring compliance with the Data Protection Act 1998. He /she will answer queries about data protection and respond to requests from individuals to access their personal data. He will inform volunteers (committee members) about the requirements for holding and using personal data.

The data controller for inter-club competitions and similar events (External Competition Secretary) will ensure they have consent from individual photographers whose work is entered via a third party.

4. The data
The Club collects the following data: name, address, telephone number(s), e-mail, scores obtained in competitions, records of work shown at external competitions, permission to use images on the Club web site. Members may opt-out of receiving e-mail notifications by contacting the Club Secretary.

5. Collecting
Data is collected primarily via the membership form upon which there is a fair processing notice. From time to time other information is collected to help plan and manage the Club (e.g. a questionnaire, studio night).
The Club only asks for the data it needs to administer and promote the Club in line with the Constitution.

6. Recording and storing
Personal data kept by the club is recorded and stored in:
a)    The paper membership application or membership renewal form kept securely by the Treasurer; and
b)    Data extracted from the membership application or membership renewal form which will be stored electronically in a password secured file.
The committee have access to this data.
Each member has right of access to their own data.

7. Processing
The Club will ensure that Personal Data is processed in accordance with the principles of data protection, as described in the Data Protection Act 2018

8. Presenting
Names will be attributed to photographs when they are presented.

9. Altering
Data will be altered only on the request of the individual

10. Destroying
The club will destroy personal data held on paper and computer records two years after membership has ended or earlier if it is no longer relevant or required. All e-mails sent to the membership will be BCC'd and immediately deleted.
The treasurer shall keep data in line with government practices.

11.  Security
Paper-based Personal Data will be kept by the Treasurer of the Club in a file securely.
Electronic Data is kept on committee members' personal computer(s). That includes an Excel file containing Personal Data for the current membership year and the previous membership year. The Excel file is password protected. This password will be known only by the committee and changed regularly.
Committee members will maintain a separation between personal data from different data controllers, and between controlled and domestic
use of personal data.

12. Sharing
Personal Data will only be used by committee members who need it to perform their designated function within the club.

Personal data will not be disclosed to third parties except where required or authorised by law or with the prior agreement of the member.

Entry conditions of inter-club events will ensure that any third-party entrant confirms explicit consent for the organiser to hold personal data about the photographers entered to the event.

The Club will ensure that only consented personal data is placed on the club web site.

The Club will not make membership contact information available for electronic
marketing.

The Club will refuse any request to cascade marketing material to members
by electronic messages.

13. Compliance
The committee will annually review compliance with this policy