Stewkley Walkers Data Protection Policy
This document provides the Data Protection Policy for Stewkley Walkers required by the General Data Protection Regulations, 25 May 2018. The policy will be incorporated within an updated Stewkley Walkers Constitution to be tabled at the next AGM and will be subject going forward to amendment as appropriate by changes in the law. Stewkley Walkers will be referred to hereafter as the Walkers, the Walkers committee as the Committee and Walkers members as members.
This policy explains how data on individuals should be collected, stored and used to meet the Walkers’ data protection standards and comply with the law. These individuals can include members, suppliers, volunteers, business contacts and other people the Walkers have a relationship with or regularly needs to contact.
2. The requirement for a policy
This policy ensures that the Walkers:
- Protects the rights of members and others connected with the Walkers
- Complies with data protection law and follows good practice
- Protects the Walkers from the risks of a data breach
3. Roles and responsibilities
This policy applies to all those handling data on behalf of the Walkers,
It applies to all data that the Walkers hold relating to individuals, including:
- The Committee members
- Third party suppliers
- Email addresses
- Postal addresses
- Phone numbers
- Any other personal information held
Everyone in the Walkers who has access to data has a responsibility to ensure that they adhere to this policy.
A Data Controller will be appointed by the Committee, normally the Secretary, with the Treasurer and Walks Cordinator as back-up, who, together with the Committee, are responsible for why data is collected and how it will be used. Any questions relating to the collection or use of data should be directed to the Data Controller.
4. Data protection principles
The Walkers will only collect data where lawful and where it is necessary for the legitimate purposes of the group.
- A member’s names and contact details will be collected when they first join the Walkers and will be used to contact the member regarding membership administration and activities. Other data may also subsequently be collected in relation to their membership, including on their payment status for ‘subs’.
- An individual’s name, contact details and other details may be collected at any time, with their consent, so that the Walkers can communicate with them about future events. See section 5.
- The GDPR is much more stringent around data relating to anyone under the age of 16. Under 16s can only participate with the Walkers if they are with a responsible adult and no photos will be taken of them without explicit permission from their parents/guardians. The Walkers do not collect or store any data relating to children under 16.
When collecting data, the Walkers will always explain to the member why the data is required and what it will be used for,e.g.
"Please enter your email address in the form below. We need this so that we can send you email updates for administration purposes including walk schedules, subs payments and other business."
Data will never be used for any purpose other than that stated or that can be considered reasonably to be related to it. For example, personal data will never be passed on to third parties without the consent of that member.
The Walkers will not collect or store more data that the minimum information required for its intended purpose. For example, the need to collect telephone numbers from members to be able to contact them.
The Walkers will ask members to check and update their data on a bi-annual basis. Any individual will be able to update or remove their data at any point by contacting the Data Controller.
The Walkers will keep data on individuals for no longer than 24 months after our involvement with the individual has stopped, unless there is a legal requirement to keep records.
The following requests can be made in writing to the Data Controller:
- Members, and all others can request to see any data stored about them. Any such request will be actioned within 21 days of the request being received.
- Members and all others can request that any inaccurate data held on them is updated. Any such request will be actioned within 21 days of the request being received.
- Members and all others can request to stop receiving any marketing communications. Any such request will be actioned within 21 days of the request being received.
The Walkers will ensure that data held by us is kept secure.
- Electronically-held data will be held within a password-protected and secure environment.
- Passwords for electronic data files will be re-set each time an individual with data access leaves their role/position.
- Physically-held data (e.g. membership forms or email sign-up sheets) will be stored securely under lock and key.
- Access to data will only be given to relevant committee members where it is clearly necessary for the running of the group. The Data Controller will decide in what situations this is applicable and will keep a master list of who has access to data.
5. Direct Marketing
The Walkers market their activities via a website, Facebook, local press, the village magazine, advertisements and leaflets. No member details are given out except on walks programmes where walk leaders’ mobile numbers are given with their consent as a contact for walk information on the day.
6. Date of Policy Adoption
25th May 2018
(Amendment to add Walks Coordinator as back-up agreed by Committee on 12th June 2019.)