Lincolnshire Bird Club Data Protection Policy
Revised regulations governing the use of individuals' private data came into force from 25th May 2018. From that date the General Data Protection Regulation (GDPR) replaced The Data Protection Act 1998 (DPA). Electronic direct marketing, (sending people marketing information by phone, text or email) is also governed by the Privacy and Electronic Communications Regulations
2003 (PECR). Both GDPR and PECR are administered and regulated in the UK by the Office of the Information Commissioner (ICO). This document explains how LBC officers, committee members and members assisting in the business of LBC should approach the processing of personal information and comply with GDPR and PECR.
LBC is a not for profit organisation that qualifies for exemption from registering under GDPR and paying a registration fee. It does however retain the obligation that all those handling personal data should ensure it is handled in accordance with the following key principles of GDPR and PECR.
A Processed lawfully, fairly and in a transparent manner in relation to individuals
LBC aims are to encourage and further the interest in the birdlife of the historic County of Lincolnshire; to participate in organised fieldwork activities; to collect and publish information on bird movements, behaviour, distribution and populations; to encourage conservation of the wildlife of the County and to provide sound information on which conservation policies can be based. LBC is a members club whose members share the aims of the club and pay a subscription fee. As part of the process of signing up to join, members give their consent for their data to be held for the purpose of contacting them about LBC activities. In order to achieve transparency over handling of personal data the following data protection statement will appear on all club forms “The Lincolnshire Bird Club will use your personal data for the purposes of your involvement in club activities. I understand that by submitting this form I am consenting to receiving information about the club by post, email, online or phone. Your personal data will not be shared with any third party and the principles of General Data Protection Regulation will be adhered to. Data will be shared with committee members and the Lincolnshire Wildlife Trust to meet Membership requirements.
The LBC will use personal data only for the purpose of your involvement in its activities. I understand that by submitting this form, I am consenting to receiving information from the LBC about its activities such as the County Bird Report and its Newsletter including my LBC membership details, by post, email, or phone unless stated otherwise.”
B Collected for specified, explicit and legitimate purposes
The personal data LBC legitimately collects is for the purpose of supporting LBC membership by providing membership services to LBC members by way of a contract entered into by LBC and the member. Any member holding data for any other purpose should report the details to the IT Officer.
C Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
Only data required for the specific purposes of LBC should be requested and recorded. Information that is not relevant to the purpose should not be collected if the only reason is that it might become useful in the future. Sensitive personal data will not be collected.
D Accurate and where necessary, kept up to date
The LBC website maintains a central database of information about members. Lincolnshire Wildlife Trust (LWT) also maintain members information for the purposes of collecting subscriptions by direct debit. This information is updated weekly. All members who wish to change their contact details can do so either via the “Edit your Profile” tab on the LBC website or by contacting LWT. Any officer or committee member who needs personal information, for instance to contact a members, can obtain it from our Membership Secretary. The only persons holding spreadsheets of member details are the Membership Secretary and IT Officer. Any other officer or member who exceptionally has access to a membership spreadsheet should delete it as soon as their reason for holding it has expired. The Membership Secretary and IT Officer should routinely delete old information when it is replaced with newer information. Any holder of records in paper format should regularly delete/destroy inaccurate and out of date information, and correct inaccurate records.
Where e-newsletters or any other form of communication are sent out to members these should always include prominent options for unsubscribing and any unsubscribe requests should be respected and acted upon promptly.
E Not kept for longer than is necessary
Personal data should not be kept for any longer than is necessary to fulfil the reason it was collected. Where members do not renew their subscription LBC will delete their details within one year. If a leaving member requests that their details should be deleted that request will be respected and acted upon promptly.
F Processed in a manner that ensures appropriate security of the data.
All LBC data should be held securely. Anyone holding LBC data must ensure that:
1 Access to laptops/computers where personal data is stored is restricted to authorised users.
2 All passwords are kept secure and not shared with other people
3 Computers/laptops containing personal data must always be stored securely – i.e. not
left in a vehicle overnight.
LBC must ensure that all personal data is neither acquired from parties other than the data subject themselves or transferred from LBC to other parties, without the expressed agreement of that data subject. All mailshot type emails sent to more than one member should use the bcc address function to avoid disclosing members contact details indiscriminately.
LBC must also ensure that personal data is not transferred out of the EU.
Reporting Incidents and requests for data disclosure