NORTHERN IRELAND BONSAI SOCIETY
General Data Protection Regulations
About this policy
This policy explains when and why we Northern Ireland Bonsai Society collect personal information about our members and how we use it; keep it secure and club member’s rights in relation to it. We will collect, use and store personal data, as described in this Data Protection Policy when people engage in activities at the club. Normally this will be through some level of membership.
We reserve the right to amend this Data Protection Policy from time to time without prior notice. You are advised to check our Club notice board regularly for any amendments viewable at www.nibonsai.co.uk/membership. We will only share your personal data with any third parties as outlined below.
We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.ico.gov.uk).
For the purposes of the GDPR, The Club Chairperson will be the “controller” of all personal data we hold about club members and others. The Secretary is responsible for making sure the club complies with the General Data Protection Regulation (GDPR) which applies from 25 May 2018. We will review personal data every year to establish whether we are still entitled to process it or not.
You have rights under the GDPR:
- To access your personal data
- To be provided with information about how your personal data is processed
- To have your personal data corrected
- To have your personal data erased in certain circumstances
- To object to or restrict how your personal data is processed in certain circumstances
For more details, please address any questions, comments and requests regarding our data processing practices to the Chairman.
Specific use and sharing of personal information
. In general your personal data will only be used for the purposes of membership management (renewals etc.) and your email and telephone numbers may be used for communication about news/work at the club, competitions and other important notices etc. Your personal data will not be passed to anyone else outside the club and your email will only be given to someone outside the club with your permission.
The Lawful reasons for processing your data.
(a) Processing of your data is necessary for the administration of your membership contract.
(b) You have given consent to the processing of your data by signing our privacy statement for the specific purposes set out in this policy.
The tables below give further explanation of which lawful reason applies to which data, why we collect it and who we may be required to share it with. The club will make every effort to ensure data is only shared with organisations that are GDPR compliant.
What Information we collect, why we collect it, and who we share it with
In addition to the reasons stated below we may have to disclose your data where we have an inescapable legal obligation.
Data processed as a requirement of managing your membership
|Type of information||Purpose||Shared|
|Member’s address, telephone numbers, e-mail address|| Managing the Member’s membership of the Club |
and club insurance
|Gender.||Provision of adequate |
facilities for members.
|Disabilities||Provision of adequate |
facilities for members.
|Emergency contact details.||Contacting next of kin in the event of emergency.||Emergency services|
|First Aiders names||To provide a contact point in case of emergency||Members|
Please note data processed for compliance with insurance purposes must be kept for 30 years from the end of your membership and is therefore exempt for your right to erasure under GDPR.
Data processed with your consent
The club will seek consent in the application form before processing any information as outlined below.
|Type of information||Purpose||Shared with|
|Member’s address, telephone numbers, e-mail address||Managing the Member’s membership of the Club.||Committee.|
|Gender.||Provision of adequate facilities for members.|
|Disabilities||Provision of adequate facilities for members.|
|Photos and videos of members||Putting on the Club’s website and social media pages and using in press releases.||With permission of the members given at acceptance of policy unless otherwise stated.|
|Member’s name, address, telephone numbers, e-mail address||Website access and newsletter distribution||Web and newsletter publishers – members consent will be requested separate to membership/renewal|
Enquiries and other communications with the club
When enquiring about the club we may hold your details for a period of time to deal with the enquiry. Any emails and other communications with the club will only be retained for a period of time appropriate to the content or request. Club emails will be purged on a regular basis..
Parents or guardians signing the probationary or full membership form are giving their permission for the data to be used as described elsewhere in this policy.
How we protect your personal data
The Data Controller will process membership information electronically and hold all information on a database on a secure computer. A backup of this information will be held on the cloud. Paper copes of data will be held at the Chairman’s home and secured by locked drawer. If it is necessary to transport data it will be kept secure.
For any on-line payments which we take from members we will use a recognised online secure payment system.
In the unlikely event of a breach of the security of data we will notify members promptly and we will never sell or pass on your personal data.
Request to see your personal information
If you wish to know what personal data the club holds please email the Chairman at firstname.lastname@example.org and he/she will respond within 14 days of the request (depending on availability).
Accuracy and retention of data
Each individual member is responsible for keeping the Chairman informed of changes to their data (e.g. address/telephone number etc. and this is updated at least once a year at renewal and you are at that time authorising the club to hold such data on file.
The data are kept on file at the Chairman’s home address and in a secure area on the club’s website to enable electronic renewals). The data will be normally be kept for up 7 years. It may be kept for a longer period for reasons of legal and civil action or other ongoing case management. Name, address and length of membership will be kept for up to 30 years for management of historical insurance claims. Names and scores may be kept indefinitely for reason of historical significance – e.g. on trophies, plaques and other awards.