Chelmsford YHA Group
Data Protection and Privacy
CHELMSFORD & DISTRICT YHA LOCAL GROUP
Privacy Notice and Data Protection Policy
Chelmsford YHA Group is committed to ensuring that data is collected and used appropriately, fairly and lawfully.
What data is collected?
Personal data is collected from members of the Group. This may include, for example, name, address, telephone numbers, email addresses, passport and driving licence details, relevant medical and dietary information, bank account details, and emergency contacts. Only data necessary for the Group's activities is collected. Contact details are also collected from prospective new members who enquire about the Group, to enable information about the Group to be supplied to them.
How is personal data used?
Data is used for the management of the Group and organisation of events and activities. This includes communicating with members by post, telephone and email, about their membership status, organisational issues, news and information about the Group, financial transactions with the Group, and promoting the Group's activities. Personal data collected by the Group is not to be used for any other purpose.
Who has access to personal data?
Data is shared among members of the Group for the purposes described above. Personal data is not shared outside the Group except where necessary for the organisation of the Group's activities. For example, information may be used for booking accommodation or transport, or completing bank transactions. Data may also be disclosed when required by law, or if disclosure is necessary in an emergency situation.
How is data stored?
Storage of data is distributed among members of the Group. Members holding personal data do so in a safe and secure way that takes reasonable steps to avoid accidental loss or misuse. The Group ensures that members are aware of their obligations to safeguard personal data. For example, passwords should be used to control access to computer records, devices should have up-to-date security software installed and paper records should be stored in a safe place.
Have members given consent?
Processing of members' personal data is justified on the basis of consent from individuals. Members of the Group are made aware of this policy and asked to give consent for their personal data to be collected and used as described. Consent should be given in writing, either on paper, by email or online, and records of the consent retained. Consent may be withdrawn by contacting email@example.com.
There are situations in which data may be used, without specific consent, to pursue legitimate interests of the Group in ways which might reasonably be expected. For example, using contact details when money is owed, or to provide information to prospective new members.
Is the data accurate and up-to-date?
Members are given the opportunity to check the accuracy of the information held about them and to provide updates.
For how long is data retained?
Personal data is kept for current members of the Group and may be retained for up to 3 years beyond membership expiring. Data is deleted if it is out-of-date, or if an individual has withdrawn consent and there is no legitimate need to keep their data. Contact details for prospective new members are deleted if they fail to join the Group or do not give consent to their data being retained.
Deletion means removal of records from the current data in use for the Group's activities. Records may still exist as part of archived data that is not available for use. Note that the holding of contact details by individuals for their own social and domestic purposes is outside the scope of this policy.
Who is the Data Controller?
The Group's treasurer acts as data controller and is responsible for ensuring that queries and concerns about data protection are dealt with effectively and promptly. Members have the right to see data held about them and to object to how it is being used. Contact firstname.lastname@example.org.
What information does the Group distribute?
Status of this policy
This policy was agreed by the Group's committee on 18th April 2018.
The committee will review this policy regularly and update it if necessary.
Please send any comments on these pages to Dave Plummer