fbpx
 

Hastings and Ore Photographic Club
Data Protection Policy
24/9/2019


Principles
To comply with UK Data Protection Act 2018 and EU General Data Protection Regulations (GDPR).
This will make little change in practice to how data is handled, but the requirement to demonstrate compliance should make this clearer.
The club shall:
•Only collect the data which it needs in order to operate.
•Hold such data within the committee and with reasonable security measures.
•Delete data which is no longer required.
•Provide or delete any data held about an individual, on request of that individual.
•Not pass on data to or from 3rd parties without permission.

Membership Data
For handling membership the club needs to collect:
•Name, in order to know who is a member of the club.
•Email Address, in order to contact members.
•A record of payment, in order to manage membership.
•Optional, permission to share name and images on the website.
•Optional, permission to forward 3rd party adverts etc as described in the policy.

For handling competitions the club needs to collect:
•Name, in order to track which image is whose.
•Image titles, which may contain locations, names of people and other information.
•Image files (including for high scoring prints).
•Location, often implied in the image or title, is required (subject to rule change) for natural history competitions.
•The date of photo is expected to be within the last 2 years, but is not otherwise required to be stated.
•Members should be aware that other data is sometimes provided in image files and may therefore become part of the data. •Scores received.

For handling committee business the club also needs from committee members:
•A phone number, for urgent contact.
•Address where hosting committee meetings etc.

Policy
The Policy
1.This policy will be made available on the club website and provided to members wishing to join.
2.The policy may be changed from time to time by the committee, to maintain legal compliance, ensure smooth operation of the club, or respond to new data requirements. Such changes will be notified to the members.Members’ Data
3.Until the first membership renewal after this policy is notified implied consent to hold data will be assumed, unless we are informed otherwise.
4.The membership form will include explicit consent to hold data. The data involved in membership is more detailed than a name and email address, and includes the fact of having paid membership fees. A copy of this policy will be made available at membership renewal.
5.Providing an email address, including by the web site contact form, will be taken as consent to be emailed about club activities on that address. It is expected that members will provide an appropriate address and let us know when it should change.
6.In entering images it is assumed that members have any relevant permissions required to have taken that image and to share it with the club and judges.
7.Providing images, names, locations and other data with entries to competitions implies consent for that data (but not email addresses) to be shared within the club and with judges. A record of members’ scores will be kept, separate to the images for compiling league results.
8.Images in competitions will normally be publicly displayed on the club web site and be displayed at our September exhibition (usually at the Priory Meadow Shopping Centre, Hastings but not necessarily at this location). Please let the committee know if you do not wish this to happen for particular images or any of your images. Specific permission will be sought for other images as needed.
9.Permission will not be sought to enter images into inter-club competitions. By entering image (usuallys into club competitions this implies permission to share those images and data for that purpose.
Data Access
10.Data will not be passed to anyone outside the club and judges for particular competitions without explicit permission, other than by website display noted above. The clause for inter-club competitions describes one such request for permission.
11.The club will provide a copy of, update, or delete, data held on a member on request by that individual to the secretary. This would normally happen within 4 weeks of the request. If a previous member has not been a member for a complete season that would normally lead to their contact details being deleted from circulation lists, although records of competitions won and the fact of their membership may remain.
12.Images and other data will not be retained beyond their useful life. For “high scoring” images this may be longer than for other images, to facilitate entry into inter-club competitions, web site display etc. A request to delete will still be honoured in this cases.
13.Other organisations sometimes request that marketing material is passed on. In this respect we shall:
•Allow hardcopy materials to be offered and brief verbal announcements to be made in meetings.
•Optionally forward email adverts for organisations where we have a clear connection: recent speakers, other local clubs, local companies with a relevant product or event, regional associations of which we are members (eg Sussex Fed, SPA), regional events for national organisations (e.g. RPS, PAGB). The facility to opt-out of such contact without blocking club email shall be provided.
•Deny other requests.

The Committee
14.“The committee” here is defined as the formal committee members (as described in the rules) and members co-opted for running particular activities. Including, but not limited to: membership secretary, treasurer, secretary, web site admin, DPI and print competition leads.
15.The committee will act as “data controller”. This allows exchange of roles, e.g. due to absence, and collective decision making and oversight.
16.Committee members will have access to the data provided by members solely to carry out club business. In order to cover absences, mid-season changes of roles, having multiple signatories on accounts, and backup access to online systems it may be expected that all committee members may have cause to access all data, but shall only retain that data for which they have an ongoing need.
17.Committee members will be responsible for holding data with reasonable security for the device concerned and data being held.
18.In circulating information to members “bcc” or email lists shall be used so that addresses are not shared more widely.
19.The secretary will act as “data processor”, and pass on requests for change or removal or query of data to the rest of the committee in a timely fashion. A contact address for the secretary will be available on the club website. At present this address is: This email address is being protected from spambots. You need JavaScript enabled to view it.
20.Where a committee member knows members’ details other than through the club, e.g. other organisations, personal friendship, these must not be passed into the club’s data.
21.The contact details for committee members may need to be passed on to other organisations for the smooth running of the club. Permission will be sought in each case, but this expectation should be understood in joining the committee. This includes, PDI and print leads for inter-club competitions; secretary and treasurer for venue booking and regional affiliations.
22.In agreeing to be part of the committee, committee members are agreeing to these specific parts of the policy.
Other Data
23.Records of those contacting the club, by any means, including web site, email, phone and post, will be held as needed. This data will only be that which is provided in making the contact