THE ROYAL
BRITISH LEGION CLUB (WIMBORNE) LIMITED
General Data Protection Regulations (GDPR) PRIVACY POLICY
The Royal British Legion Club (Wimborne) Limited respects your privacy, and we will only use your information in the way we describe in this policy. When using your information we aim to be fair, transparent, and to follow our obligations under UK data protection laws. Your information is used for administering club membership and club activities.
The Clubs committee is the Data Controller for the purpose of both GPDR and the Data Protection Act 2018. “The Controller determines the purposes and means of processing personal data and is responsible for, and must be able to demonstrate, compliance with the principles.”
The club secretary is data processors for the club. The processors are responsible for processing personal data on behalf of the Controller and are required to maintain records of personal data and processing activities.
Our contact for privacy and data is Joanne Aggas at the registered address of the club: The Royal British Legion Club (Wimborne) Limited, West Borough, Wimborne, Dorset BH21 1LT Email: wimbornerbl@yahoo.com.
Awareness.
The club secretary is aware of the requirements and impacts of the “General Data Protection
Regulations” and is familiar with the club’s policies. The committee must review the club’s data protection policy annually or as required and pass this on to all officers, committee and members of
staff.
Information the club
holds.
The club collects your information when you fill in paper forms, on line forms, membership
applications, renewals, event entries etc. The club then holds your personal data in paper form and password protected IT systems. All IT systems are secure and can only be accessed by
authorised people who hold the necessary passwords. The club holds the following personal data of its current members, past members and non-member volunteers.
Using your
information.
The club uses your information to administer your club membership and provide you with member
benefits.
We also use your information when you enter club events. We may publish some of your information in Newsletters, Club notice board, the Club Website and Facebook page which will be in the public
domain.
When you give us information about another person,
such as a child, parent, guardian, or emergency contact you should let that person know that you have given us the information.
To support your relationship with the Royal British Legion Club (Wimborne) Limited we may keep some of your personal data for up to five years.
Sharing your
information
Personal data will not be shared or sold to any organisations or individuals.
Limited personal information (for example your name and town of residence) may be shared through publicity (for example a press information release prior to and/or following an
event.
Your
rights
Unless subject to an exemption [under the GDPR], you have the following rights with respect to your
personal data: -
Subject access
requests
All data and processing requests will be dealt with by the club secretary with a target to respond to
any request within 30 days.
Lawful basis for processing personal
data
The Royal British Legion Club (Wimborne) Limited considers “legitimate interests” [Article 6(1)(f)]
as a lawful basis to process personal data. The Royal British Legion Club (Wimborne) Limited believes this basis is the most appropriate to enable the club to function and maintain its longstanding
business model, keeping membership lists, sending newsletters, informing
members of club benefits, services, events, competitions, activities, by post, telephone and
email. We have checked that the processing is necessary and that there is no less intrusive way to achieve the same result. We are confident that the interests of individuals do not
override those legitimate interests. We only use individuals’ data in ways they would reasonably expect.
Data
breaches
A personal data breach means a breach of security leading to the accidental or unlawful destruction,
loss, alteration, unauthorised disclosure of, or access to, personal data. Any data breaches will be investigated thoroughly, and once the breach details have been found the committee will decide
what action to take.
This document was last updated on 5th September 2018