General Data Protection Statement (Friends of Wildeshausen)
Membership of the Friends of Wildeshausen requires that the Friends hold and use items of personal data for the running of the Friends and for communicating with members. As such the General Data Protection regulations (GDPR) that came into force on May 25th 2018 require that the Friends have permission to hold and use personal data. Having given the Friends permission to do this, a request can be made to the Friends for details of the data that is held or used. The following is a description of the personal data held by Friends and the purposes to which this data will be put. At any time subsequent to having given permission, the Friends can be requested to destroy any personal data that it holds on a member. This may be done in either of two ways, either by resigning membership of the Friends in writing or by requesting that certain items of personal data no longer be held. In the latter case, if the Committee considers that it is then impossible to conduct membership in a reasonable way, they will ask the member to resign. The General Data Protection Regulations (GDPR) identify two main responsibilities - Data Control and Data Processing.
The following are the items of personal data (including data which may relate to your personal data) and the use to which the Friends will put this data.
- Personal data is held both as hard copy and electronic copy. Electronic copy is encrypted and password protected when not in use; when being transferred electronically it will be encrypted and password protected. The password required to decrypt the information would be sent under separate cover. Hard copy will be destroyed when no longer in use.
- The data held is as follows, forename, initials, surname, telephone number, email address.
- The information will only be used to communicate with a member for the purposes noted below. It will be held on a Friends' officer's personal computer. It may be held on two computers as a safeguard against hardware failure.
- Unsubscribing from individual emailing by officers of the Friends must be requested in writing or by email.
- Friends' officer's personal data may be displayed on the website for contact purpose
- No other member's personal data will be held on the web site.
- Email addresses may be held as a group in Friends' officer's email accounts for the purpose of communicating with members.
- Emails containing a number of member's addresses will be sent using the BCC (Blind Copy feature).
- Personal data will be retained for as long as membership of the Friends continues.
- For accounting/auditing purposes data relating to membership will be retained.
- The Friends will not pass personal data to third parties.
- Personal data is acquired by means of the membership form.
- The Data Controller for the Friends will be elected by the Friends' Committee.
The Friends is a non-profit making organisation and is therefore exempt from registration fees.
The membership register is maintained by the Membership Secretary who can add, update or delete member data from the register. Members personal data is obtained by means of a form on the web site forwarded to the Membership secretary.
A copy of the register can be passed to another officer for the purpose of delivering newsletters and reminders.
Personal data of members participating in a twinning visit will be passed to the corresponding organisation in the country being visited. Visits will take place to EU countries and EU data regulations will apply to this information. Data being passed will be encrypted with password sent under separate cover.
For twinning visits to the UK, personal data of Host families will be held and used temporarily for the purpose of arranging accommodation for visitors. This data will be destroyed after the visit, a minimum set of data name, telephone number may be retained for historic purposes only.