Bristol Fashion Ladies’ Barbershop Club (BFLBC) needs to gather and use certain information about individuals in order to operate.
These can include members, suppliers, volunteers, audiences and potential audiences, business contacts and other people the group has a relationship with or regularly needs to contact.
This policy describes how this data must be collected, handled and stored to comply with the General Data Protection Regulations (GDPR).
This data protection policy ensures that BFLBC:
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals in the European Union and describes how organisations must collect, handle and store personal information. These rules apply whether data is stored electronically, on paper and on other material. To comply with the law, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
BFLBC recognises and understands that the consequences of failure to comply with the requirements of GDPR may result in:
BFLBC may also consider taking action where members do not comply with GDPR.
This policy applies to all members or anyone involved in the activities of BFLBC.
This policy applies to all personal and sensitive data processed on computers, stored in paper files and on other material. This can include:
BFLBC is the Data Controller and will determine what data is collected and how it is used. The Data Protection Officer for BFLBC is the Membership Manager. She, together with the Management Committee, are responsible for the secure, fair and transparent collection of and use of data by BFLBC. Any questions relating to the collection or use of data should be directed to the Data Protection Officer.
Everyone who has access to data as part of BFLBC has a responsibility to ensure that they adhere to this policy.
BFLBC will only collect data where lawful and where it is necessary for the legitimate purposes of the group.
Lawful basis for processing this date: Contract (the collection and use of data is fair and reasonable in relation to BFLBC completing tasks expected as part of the individual’s membership).
Lawful basis for processing this data: Contract (the collection of data is fair and reasonable in relation to BFLBC completing tasks expected as part of the booking).
Lawful basis for processing this date: Consent (see ‘How we get consent’)
When collecting data, BFLBC will always provide a clear and specific privacy statement explaining to the subject why the data is required and what it will be used for.
BFLBC will not collect and store more data than the minimum information required for its intended purpose.
BFLBC needs to collect telephone numbers and email addresses from members in order to be able to contact them about group administration and activities.
BFLBC will ask members to check and update their data on an annual basis. Any individual will be able to update their data at any point by contacting the Membership Manager.
BFLBC will keep records for no longer than is necessary in order to meet the intended use for which it was gathered (unless there is a legal requirement to keep records for a longer period).
The storage and intended use of data will be reviewed in line with BFLBC’s Data Protection and Retention Policy. When the intended use is no longer applicable (e.g. contact details for a member who has left the group) the data will be deleted within a reasonable period unless the member has consented to her contact details being retained for the purpose of informing her of future Club activities and events.
Where BFLBC collects, holds and uses an individual’s personal data, that individual has the following rights over that data. BFLBC will ensure its data processes comply with those rights and will make all reasonable efforts to fulfil requests from an individual in relation to those rights.
Right to be informed: whenever BFLBC collects data it will provide a clear and specific privacy statement explaining why it is being collected and how it will be used.
Right of access: individuals can request to see the data BFLBC holds on them and confirmation of how it is being used. Requests should be made in writing to the Data Protection Officer and will be complied with within one month. Where requests are complex or numerous this may be extended to two months.
Right of rectification: individuals can request that their data be updated where it is inaccurate or incomplete. BFLBC will request that members check and update their data with the Membership Secretary on an annual basis. Any requests for data to be updated will be processed within one month.
Right to object: individuals can object to their data being used for a particular purpose. BFLBC will always provide a way for an individual to withdraw consent in all marketing communications. Where BFLBC receives a request to stop using data, BFLBC will comply unless it has a lawful reason to use the data for legitimate interests or contractual obligation.
Right to erasure: individuals can request for all data held on them to be deleted. The BFLBC Data Retention Policy will ensure data is not held for longer than is reasonably necessary in relation to the purpose it was originally collected. If a request for deletion is made, BFLBC will comply with the request unless there is a lawful reason to keep and use the date for legitimate interests or there is a legal requirement to keep the data.
Right to restrict processing: individuals can request that their personal data be ‘restricted’ – that is, retained and stored but not processed further (e.g. if they have contested the accuracy of any of their data, BFLBC will restrict their data while it is verified).
BFLBC only shares members’ data with other members with the subject’s prior consent. However, BFLBC encourages communication between members.
To facilitate this, members can access the personal contact data of other members via the Members’ pages of the Club’s website. Personal data on these pages must not be shared with anyone outside the Club. Anyone doing this will be in breach of GDPR.
BFLBC may collect data from consenting supporters for marketing purposes (e.g. to promote Club activities and events).
Any time data is collected for this purpose, BFLBC will provide:
Data collected will only ever be used in the way described and consented to (e.g. BFLBC will not give out email data to third parties).
Every communication will contain a method through which the recipient can withdraw their consent (e.g. an ‘unsubscribe’ link in an email). Opt-out requests such as this will be processed in 14 days.
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
This policy sets out how BFLBC will approach data retention and establishes processes to ensure BFLBC does not hold data for longer than in necessary. It forms part of BFLBC’s Data Protection Policy.
BFLBC is the Data Controller and will determine what data is collected and how it is used. The Data Protection Officer for BFLBC is the Membership Manager. She, together with the Management Committee, are responsible for the secure, fair and transparent collection of data by BFLBC. Any questions relating to the collection or use of data should be directed to the Data Protection Officer.
A regular review of all data will take place to establish if BFLBC still has good reason to keep and use the data held at the time of the review. As a general rule a data review will be held every 2 years.
The review will be conducted by the Data Protection Officer with other committee members to be decided upon at the time of the review.
Data stored by BFLBC may be retained based on statutory requirements for storing data other than on data protection regulations. This might include but is not limited to: