Data Protection Policy — Harrogate & Nidderdale Art Club

This policy is designed to bring HANAC into line with the General Data Protection Regulation which came into force on 25th May 2018. This policy deals with data relating to club members and supplements the Club’s overall Information Security Policy which covers other IT security issues (e.g. website, credit card machine)

Data held by the Association
The full name, address, telephone number(s) and email address of each Club member are held by the Club on the membership database spreadsheet. This information is provided by the member themselves when they apply to join HANAC. The Chairman, Membership Secretary, Exhibitions Coordinator and Web-Master have access to this data. The Membership Secretary is responsible for making sure that records are kept up-to-date.

Reasons for holding this data
The data is held so that the relevant Committee members can communicate with Club members and keep them informed of club activities. The data is not shared with any other party or organisation. The data is only available to Committee members as outlined above. Measures will be taken (e.g. use of :BCC on emails) to ensure that the data is not shared across the Club.

Retention of data
Data will be retained for the period of membership of the Club. Annually, when membership is renewed in September, the membership list will be updated. At the end of October any member not renewing will have their details deleted. The membership list for the previous year will also be deleted.

Information for HANAC members
All members will be informed about what data is held on them, why it is needed and who holds their data.

Under the GDPR they can request access to the data held on them. (Under the current regulations, HANAC will have a month to comply.) They also have the right to rectification, to erasure, to restrict processing, to data portability*, to object and the right not to be subject to automated decision-making including profiling.

All members will be asked to consent to their data being held and confirm that they have been informed of their rights under the GDPR. This will happen in 2018 and when new persons apply to be members.

*Data portability is the ability to move data among different application programs, computing environments or cloud services.