From May 2018, the Society needs to comply with the terms of the GDPR (General Data Protection Regulation). This Policy was agreed by the Society Committee at its June 2018 meeting, subject to ratification by the next General Meeting; it sets out the terms under which the Society will hold and use personal information.

Sutton Poyntz Society Data Protection Policy

1. What data will we hold?

  • We will hold the minimum contact details of Society members necessary to identify them and to allow us to communicate with them: this will consist of the member’s name, postal address, and email address.
  • We will also hold subscription payment records needed so we know which members have paid their subscriptions.

2. Where will the data be held?

  • On a Dropbox folder (or similar) accessible by the Society Officers only. In addition, we will hold names and email addresses only on our village website’s server, to allow us to send electronic communications.

3. Who will have access to the data?

  • The Officers of the Society. The Newsletter editor will have access to the list on the website server. Newsletter distributors will be provided with partial lists of names and addresses to allow them to distribute Newsletters and collect subscriptions. We will not provide any data to any third party.
  • You can see the records we hold on you at any time, on request. We will update your record promptly if asked by you.

4. How long will we hold the data?

  • Your name and email address will be deleted from our records when you resign as a Society member or your membership lapses (except that ex-members who have moved away can specifically ask to continue to receive email communications).
  • We will normally seek to reconfirm your permission for us to hold your data about every 2 years, by email if possible. If 4 years elapse since the last confirmation, we will delete your data.

5. The legal bit

  • The legal basis on which we hold data is by the explicit consent of our members. The consent form and reconfirmation email will include this Data Protection Policy, and a box to be ticked by the member to record their consent.
  • If despite our best endeavours, the data we hold is accessed by others, we are required promptly to investigate and also to report the breach to the ICO (Information Commissioner’s Office).