Data Protection and Retention Policy
Data Protection
1. Overview
This policy explains the framework for how this data will be collected and used in order to meet LVC’s data protection standards and comply with GDPR.
1.1 Why Is This Policy Important?
- Protects the rights of its Members
- Complies with data protection law and follows good practice
- Protects the Club from the risks of a data breach
2. Roles and Responsibilities
2.1 Who And What Does This Policy Apply To
This applies to to ALL those handling data on behalf of the LVC e.g. Membership Secretary/Public Relations Officer/Marketing Officer/Website Manager, Third party organisations
It applies to all data that LVC holds relating to individuals including:
- Members data
- Names; Postal addresses; Contact numbers e.g. landline, mobile; Email addresses;
- Any other personal information held (e.g. financial)
- Photographic
- Mailing data
- Volunteers data
- Other data
The Data Controller and Data Protection Officer for the club are as follows:
Data Controller (DC) = LVC
Data Protection Officer (DPO) = Kayleigh Oliver
Everyone who has access to data as part of LVC has a responsibility to ensure that they adhere to this policy.
Data Retention
1. Overview
This policy sets outs how LVC will approach data retention and establish processes to ensure we do not hold data for longer than is necessary. It forms part of the LVC Data Protection Policy.
1.1 LVC Data Controller will determine what data is collected, retained and how it is used. A DPO is nominated for LVC and is identified in the Data Protection Policy and is responsible for the secure and fair retention and use of data by LVC.
2. Regular Data Review
As a general rule there will be a review in May each year after the Annual General Meeting to update the membership, contacts, and organisation’s lists.
2.1 Data To Be Reviewed
The data we store could be in digital or physical form.
The digital documents e.g. word processor, spreadsheets, or presentations will be saved on a personal device held by the DPO, or data stored on a third party system e.g. web hosted or cloud-based tools.
The physical data will be stored at:
Residence of DPO
2.2 How Data Will Be Deleted
Physical data will be shredded
Digital data will be moved to a bin then removed. If a bin doesn’t exist i.e. within databases, then the data will be permanently removed immediately.
3. Data Protection Principles
a) We fairly and lawfully process personal data in a transparent way e.g. Membership Application form
b) When collecting data, LVC will always provide a clear and specific privacy statement explaining why the data is required and what it will be used for. We ensure data is accurate and up to date.
c) LVC archives
d) Other data protection procedures
Members and volunteers data
Mailing list data
4. Individuals Rights
You can withdraw your consent for us to process your details at any time upon which we will delete or securely destroy them as appropriate.
If you wish to withdraw consent please do so by contacting LVC
Our email address is: info@lignumvitaeclub.org.uk
5. How Do We Get Consent
By using tick boxes on documents e.g. Membership Application/Renewal Form
6. Cookies On LVC Website
This is set up on our website which is hosted by our service provider, currently One.com.
The privacy policy for One.com can be found here:
https://www.one.com/en/info/privacy-policy
7. Contact Us