The Friends of Churston Library are committed to protecting and respecting your privacy. For any personal data you provide for the purposes of your membership, The Friends of Churston Library is the Data Controller and is responsible for storing and otherwise processing that data in a fair, lawful, secure and transparent way. Our lawful basis for processing your data is consent, as required by the General Data Protection Regulation (GDPR) (EU) 2016, implemented on 25th May 2018.
Members: What personal data we hold on you
You may give us information about yourself by filling in a form, or by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you apply to join the Friends, or to attend an event or a trip. The information you give us may include your name, address, e-mail address, phone number and gender.
Why we need your personal data
The reason we need your personal data is to be able to administer your membership, and provide the membership services you are signing up to when you register with the Friends. Our lawful basis for processing your personal data is that we have an obligation to you as a member to provide the services you are registering for.
Reasons we need to process your data include:
For membership and club management
· Recording of membership applications and payments
· sharing data between committee members to provide information about membership
· to send out agm invitations, cancellations or postponements and agendas and membership renewal forms
Marketing and communications (where you have provided separate consent)
· Sending you information about coffee mornings, events and trips
· Sending you information about urgent or highly significant matters affecting the library
For funding and reporting purposes
· Sharing anonymised data with other organisations eg for a grant application or with Libraries Unlimited who manage the Torbay Libraries
· Analysing anonymised data to monitor membership trends
To inform you of a security breach (see below)
On occasion we may collect personal data from non-members (e.g. such as any non-member who fills in an application form for one of our events or trips). This information will be stored for one month after an event and then deleted securely if in electronic form or destroyed by shredding if on paper. Our lawful basis for processing data from Non-Members is consent, as required by the General Data Protection Regulation (GDPR) 2016. Therefore, we will also need explicit consent from non-members to process this data, which we will ask for at the point of collecting it.
The Friends of Churston library has a website (www.friendsofchurstonlibrary.org) and a social media page on Facebook but does not publish any members’ information or members’ photographs anywhere.
Who we share your personal data with
We will not share your personal data with any other organisation or third party without your specific prior consent.
How long we hold your personal data
We will hold your personal data on a computer spreadsheet for as long as your current membership lasts and it will be securely destroyed after one complete year of lapsed membership. At the end of your year of membership we will send you a renewal form with your agm notice by post or email, whichever you have opted into. We will specifically request you to opt-in when joining the Friends if you want a 2nd reminder about renewing your membership once it has lapsed. Your data is not processed for any further purposes other than those detailed in this policy.
How we ensure the security of your personal data
Your membership data is held on an Excel spreadsheet on the personal computer of the current FOCL Membership Secretary, who is an unpaid, voluntary committee member. It is encrypted and password-protected and regularly backed up. This spreadsheet may sometimes be copied electronically to other Committee members for the purpose of temporarily covering the Membership Secretary’s duties or for other task-sharing purposes. In these cases it will be treated securely as above and handled according to this Policy.
Should there be any occasion where the security of your data has been or may have been breached eg theft of a computer, we will comply with our Statutory duty by informing individual members using the backup data and (within 72 hours) informing the Information Commissioners Office who will act accordingly.
Your rights regarding your personal data
As a data subject you may have the right at any time to request access to, rectification or erasure of your personal data; to restrict or object to certain kinds of processing of your personal data, including direct marketing; to the portability of your personal data and to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office at Wycliffe House, Water Lane,Wilmslow
Cheshire SK9 5AFabout the processing of your personal data. For other ways of contacting the ICO see https://ico.org.uk/global/contact-us/
As a data subject you are not obliged to share your personal data with Friends of Churston Library. However, if you choose not to share your personal data with us we may not be able to register or administer your membership.