This post has already been read 968 times!
Scope of the Policy
This policy applies to the work of The Murvi Club. The policy sets out the requirement that The Murvi Club must gather personal data for membership purposes. The policy details how personal data will be gathered, stored and managed in line with data protection principles and the General Data Protection Regulation (GDPR). The policy is reviewed on an ongoing basis by The Murvi Club Executive Committee members to ensure that The Murvi Club is compliant. This policy should be read in tandem with The Murvi Club’s Privacy Notice.
Principles of the Data Protection Regulations
Article 5 of the GDPR requires that personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of the individuals; and
f) processed in a manner that ensure appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Article 5(2) requires that:
a) the controller shall be responsible for, and be able to demonstrate, compliance with the principles.
The reason for the policy
To ensure that The Murvi Club:
a) Complies with data protection law and follows good practice
b) Protects the rights of members
c) Is open about how it stores and processes members data
d) Protects itself from the risks of a data breach
Lawful, fair and transparent data processing
The Murvi Club requests personal information from potential members and members for the purpose of sending communications about their involvement with The Murvi Club. The Murvi Club have determined that the lawful basis for holding and processing data on members is Legitimate Interest and that The Murvi Club is a Data Controller. The Murvi Club has completed a Legitimate Interest Assessment to confirm that this is the lawful basis of processing that it is the best fit for our purpose. The forms used to request personal information will contain a link to a privacy notice informing potential members and members as to why the information is being requested and what the information will be used for. The Executive Committee of The Murvi Club will seek to ensure that member information is not used inappropriately. Appropriate use of information provided by members will include:
a) DistributingThe Murvi Club’s newsletter and other documents relevant to The Murvi Club.
b) Advising about The Murvi Club’s activities.
c) Renewing annual membership.
d) If a member chooses, communicating with other members by using the e-mail chat line.
e) If a member chooses, having their name, post town, landline and mobile telephone numbers, email address and Murvi vehicle registration number shared with other members.
f) If a member registers for a Murvi Club rally, informing other members registering for that rally of the member’s name, landline and mobile telephone numbers, email address and Murvi vehicle registration number.
Members of The Murvi Club will only be asked to provide information that is relevant for membership purposes. This will include:
a) Forename(s) and Surname(s)
c) Landline and mobile phone numbers
d) Model and vehicle registration number of their Murvi motor caravan
e) Email address
f) Choice whether their details will be shared with other members
g) Choice whether they wish to be included in the email chat group
Accuracy of Data and Keeping Data up to Date
The Murvi Club has a responsibility to ensure members’ information is kept up to date. Members will be asked to let The Murvi Club know if any of their personal information changes.
Accountability and Governance
The Murvi Club Executive Committee is responsible for ensuring that The Murvi Club remains compliant with data protection requirements and can evidence that it has. The The Murvi Club Executive Committee shall ensure that new members joining the Committee receive an induction into how data protection is managed within The Murvi Club and the reasons for this. The Committee will review data protection and who has access to information on a regular basis as well as reviewing what data is held.
Secure Storage and Processing
The Murvi Club has assessed that the data held on members by The Murvi Club is readily available from many other sources and that therefore the harm that could be caused to any individual by loss or theft of the data as held by The Murvi Club is insignificant.
The Murvi Club ExecutiveCommittee members have a responsibility to ensure that data is both securely held and processed. In consideration of the risk of harm to individuals caused by unauthorised or unlawful processing or by accidental loss of data as being insignificant; the following will apply:
a) Granting access of personal data of members to those on the Executive Committee who need to communicate with membersor require the information for the legitimate management of the Murvi Club.
b) Granting access of personal data of members for a limited time to members not on the Excecutive Committee to carry out tasks in furthering the aims of the Murvi Club.
c) Passing personal data of members to Murvi Motorcaravans Ltd so that they may communicate directly with members in the event of product recalls and to be able to send information about the company no more than once a year.
d) Using password protection on electronic devices that contain or access personal information.
e) Using password protection or secure cloud systems when sharing data between Executive Committee members.
Data Processing by a Third Party
The Murvi Club will enter into a written contractual relationship with terms that satisfy GDPR requirements for employing a data processor, when a printer, distributor and data processor is employed to facilitate the posting to members’ home addresses material relating to The Murvi Clubwhich cannot be distributed by email.
Adopted 22/04/2018 Reviewed 14/04/2019