29th January 2018

General Data Protection Regulation (GDPR) Policy (Draft)

The following policy is DRAFT and subject to change. Please email any comments to the Webmaster (Andrew Hall) .

The Derby Diocesan Association of Church Bell Ringers (DDA) holds the following personal data in order to maintain membership, tower contact, subscription and biographical records.

  • Name, Address, Telephone Numbers, Email Address, Subscription Payments, Membership Category, Date membership commenced, Date membership ceased.
  • Any offices you hold or may have held in the past.

The following have access to your membership data

Web Master,
Membership Secretary
Full update access to membership, contact and subscription records
District Secretary,
Tower Contact
Full update access to membership and contact records for their district/tower. Ability to record subscription payments, and view any payments they have recorded.
General Treasurer Full read access to membership, contact and subscription records. Ability to update subscription payment status
General Secretary,
President
Full read access to membership, contact
DDA Members Registered on the Website Full update access to their own (and members of their household) membership records. Ability to view name and tower of all other members. Ability to view contact information for other members.

As members of a non-incorporated mutual society, there is a right to know who the other members are and to be able to contact them. If explicit consent has not been given, the following will be shown in order of preference:

  • Email address
  • Phone number (unless you have asked for it to be suppressed in the Annual Report)
  • Postal address

Only DDA members are able to view this data, and it will first require a Captcha test to be completed.

Anyone else Ability to view contact information for Officers of the Association and Tower Contacts. Usually restricted to their DDA email address, unless explicit consent has been given to show a phone number or address.

For registered users of the site, who are not registered as members, only the Webmaster and Membership Secretary have access to your registration data. It should be noted that in this case providing your full name is optional, and that only your nickname (which can be anonymous) will be visible, should you wish to comment on a post.

Please note that if you are a DDA member, your name, tower and phone number (unless you have asked for it to be suppressed) will also be published annually in our annual report.

The DDA does not share your data with any third party.

Accessing Your Data

You have a right to access your data. The easiest way to do this is to register as a DDA member, however there is a good chance we do not have your current email address! Your tower contact or district secretary will have access to your record and can amend it. In case of difficulty, please contact the Membership Secretary (Anthony Cotton), or Webmaster (Andrew Hall).

Data Processing

The DDA holds the following personal data in order to maintain membership, tower contact, subscription and biographical records. We may contact you from time to time using information held regarding your membership status, or to make Association announcements. We also use information held in our database to produce our Annual Report, which every member is entitled to receive, and which members of the public may purchase for a small fee.

From time to time you may be asked to take part in a survey. The data for the survey will be held online for the duration of the survey, and until the results have been assimilated. The survey information will advise when the results will be removed from the system.

From time to time we may extract your location data (your postcode), tower and membership category in order to produce maps to help us determine district boundaries. This information will not contain any personal information which would identify you, and will be removed from on-line systems once the data has been processed.

We hold your data under the following basis:

  • By consent. This particularly applies to tower contacts who are not DDA members.
  • As part of a contract. You pay a subscription to the DDA, and as a result we need to record who has paid and when. We retain subscription records for 6 years as required by the Charities Act (although not a Registered Charity, the DDA follows its requirements).
  • As part of a legal obligation. Every member of a non-incorporated mutual society has a right in law to know who the other members are.
  • As legitimate interests. We retain past member information and hold this in our database, and publish it in our (redacted) Annual Report archive. Once you cease to be a member of the DDA only your name, towers you were affiliated to and any offices held (with dates) are retained. We maintain that any impact on your privacy is minimal, and the information can be obtained in any case by inspecting our annual reports.

Data Retention Policy

If you are a member of the DDA, or have been in the past, we record your name, tower and any offices held as a Past Member indefinitely. We retain records of your subscription payments for 6 years. 2 years (in April, on publication of the Annual Report) after ceasing to be a member, your address, email address and telephone numbers will be removed.

If you have never been a member of the DDA, and your name is only recorded as being the contact person for a tower, all of your details will be removed in the April of the year after you were replaced (i.e. on publication of our Annual Report for the previous year).

Archiving Policy

We retain an audit trail of database changes online, and retain back up copies of our web site on our Google cloud drive. Only the webmaster (Andrew Hall) has access to these. It is our intention to purge this data well before the 7 years allowed by GDPR (and certainly not after).

Data Security

We have in place a number of security measures, including a firewall to block known malicious sites, and a block against brute force password attacks. Please contact the Webmaster (Andrew Hall) if you wish to know more.

Complaints

In the first instance please contact the Webmaster (Andrew Hall), General Secretary (Jane Boden) or President (Don Jones). However, if you believe the DDA is not handling your data correctly, you have a right to complain to the Information Commissioner’s Office.