Privacy notice

Hazel Grove and District Model Railway Society Privacy Notice

Introduction

The society respects your privacy and is committed to protecting your personal data.  This Privacy Notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

What personal data we collect about you and where we collect it from

The Society collects information about you on its membership application form and parental consent forms.

Member’s name, addresses, home and mobile phone numbers, email addresses are collected. This is your information that is needed by the society to ensure we can operate the society efficiently. We do not collect or store any information that does not contribute to the activities of the society and everything we do collect is deemed to be necessary.

Controller

The Society is the Controller and responsible for your personal data.

If you have any questions about this Privacy Notice, including requests to exercise your legal rights, please contact the Society using the details set out below:

Contact Details:

http://hgdmrs.org.uk/hazel-grove-district-model-railway-society/contact-us/

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.  We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

As a small organisation we are not required and do not have a Data Protection Officer. All society members should share in our goal to protect the personal information of society members and our guests.

How Data is Stored

  • Paper Records

Any records we hold on paper will be securely stored and handled with discretion. Paper records consist of membership application forms and parental consent forms. Each member of the society committee has at their disposal a complete list of members and their details which are not stored on any electronic device.

  • Electronic Records

Membership details held electronically will be handled and stored with best available standards. Once processed a file will be held on a memory stick or portable hard drive. The original file then being deleted from the processing system. This file will only be available to members of the committee for personal contact with the membership. Any information transferred electronically between committee members will be encrypted. The information contained in this file will, under no circumstances be shared with any third party whatsoever.

  • Exhibition Details and Records

Exhibitors and Traders details will be held electronically to enhance our administration and organisation of the annual exhibition. However, whenever used for this purpose the file will be transferred and saved to an external memory device with no personal details held on a publically accessible device.

How we use your personal data

We will only use your personal data when the law allows us to.  Most commonly, we will use your personal data in the following circumstances:

  • To notify you of upcoming events and procedural information, for example, details of forthcoming meetings and minutes of meetings;
  • Where it is necessary for our legitimate interests and your interests and fundamental rights do not override those interests;
  • Where we need to comply with legal or regulatory applications.

Generally we do not rely on consent as a legal basis for processing your personal data.

How long do we keep your data  

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, insurance or reporting requirements.

There is no specific retention policy at the moment. In general, paper records will be securely shredded once they are no longer needed. (Usually following an update/change of details). Electronic records are only retained if historic analysis of exhibition layouts and traders is required for future reference and use. Again this form of record will be retained on a device not connected to any form of computing device.

The society retains a mailing list used to inform the membership of upcoming events and procedural information eg. details and minutes of meetings.  If you cancel or fail to renew your membership within a grace period, your details will be removed from the mailing list.

Sharing of data

We will not share your data with any third party save as required or permitted by law.

The society promotes its activities and events on social media. Under no circumstances are any personal data used or included in connection with this venture.

Cookies

The society uses a software application to maintain and update its website. Although we do not use cookies the software itself or the hosting site may use them.

 Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

Your legal rights

Under certain circumstances, you have rights under the data protection laws in relation to your personal data.  You have the right to:

  • Request access to your personal data (commonly known as a “Data Subject Access Request”);
  • Request correction of the personal data that we hold about you;
  • Request erasure of your personal data;
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms;
  • Request restriction of processing of your personal data;
  • Request the transfer of your personal data to you or a third party;
  • Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above or require further information regarding these rights, please contact us.

You will not have to pay a fee to access your personal data (or to exercise any of the other rights).  However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.  Alternatively, we may refuse to comply with your request in these circumstances.

Updates

Occasionally, this document will be reviewed and/or updated.  You will be notified of any changes made in the future through this webpage.

Download a copy of the GDPR privacy notice