Personal data relates to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
The Winchester and Portsmouth Diocesan Guild of Church Bell Ringers (the Guild) understands the importance of the GDPR for protecting the rights of its members, officers and other individuals with whom the Guild has contact. The Guild takes these obligations seriously and has developed this policy governing how and why we may collect, store and publish personal data.
1. This policy has been developed to ensure:
a. Guild members and other individuals interacting with the Guild have a clear understanding of how the Guild may collect and use their personal information.
b. All Guild officers are aware of their responsibilities with respect to collection, storage and usage of personal data.
c. The Guild has good governance processes in place to monitor our compliance with the GDPR.
d. This policy has been developed using guidance published by several sources. Notably, the Central Council of Church Bell Ringers (CCCBR), the Church of England (CofE) and the Information Commissioners Office (ICO).
2. What is the legal basis for processing personal data?
a. The Guild processes personal data on the understanding that once a person has become a member of the Guild, the Guild has a “legitimate interest” in processing that members’ personal data.
b. Explicit consent of each person (data subject) is also obtained so that the Guild can keep members informed about news, events, activities and services.
c. Processing is also necessary for carrying out the Guild’s legal obligations, such as in relation to Gift Aid.
d. Sometimes non-members e.g. Tower Correspondents will come into contact with the Guild. The Guild will also process any information provided by non-members in the same way.
3. Your rights and your personal data
a. Under GDPR, you have the following rights with respect to your personal data held by the Guild:
b. The right to be informed: Data subjects must be told what personal data is being held, what it is being used for and why.
c. The right of access: Data subjects are allowed to see what data of theirs is being processed, upon request.
d. The right of rectification: If personal data held by the Guild is incorrect, the Guild has an obligation to change it.
e. The right to request erasure: Data subjects can ask for the deletion or removal of their personal data.
f. The right to restrict processing: Data subjects may block the processing of their personal data. The Guild can store the information, but is not allowed to process it
g. The right to object: if a data subject does not like the way their data is being used, they can request that the use is stopped.
h. The right to lodge a complaint with the Information Commissioners Office.
4. How Do We Process Personal Information.
a. As a membership based organisation the Guild collects and maintains a database(s) of basic information on all our members. This data may include the member’s name, address, email, phone number, subscription payment, nomination and bell ringing history information.
b. This information is used to communicate with members, prepare the annual report, and otherwise meet any other operational requirements of the Guild (such as maintaining insurance policies, reclaiming gift aid tax refunds and maintaining peal records). It also allows the Guild to maintain a historical record of membership.
c. Upon becoming a member of the Guild, members should be made aware of the reasons why we collect this information and their rights as detailed above.
5. Publishing Personal Information
a. The Guild will never publish contact information (such as in the annual report and on the website) of members without the explicit written consent of those members.
b. However, it should be noted that it is convention for the Guild to publish all members’ names and individual Guild peal records in the annual report (both printed and electronic forms) and that the Guild will continue to do this unless explicitly asked not to do so by any individual member.
c. Members should also be aware that where any individuals are identified in other public forums (such as any published meeting minutes, branch newsletters, Guild website and social media sites), the individuals should be aware that they are going to be potentially identified and given the option to not be identified.
d. Officers of the Guild and tower correspondents will need to have contact details published in order to carry out their duties effectually. Upon appointment they must be asked for, and provide, written consent as to which contact details they wish to have published in the annual report, Guild website and other relevant media.
6. Sharing personal data
a. Personal data will be treated as strictly confidential and will only be shared with Guild and District Officers and Committee members in order to communicate and provide services in line with the Guild’s objects. The Guild will never disclose or sell membership personal data to third parties, unless as required to meet its statutory obligations.
7. How long do we keep personal data?
a. Membership records will be retained in order to support the custom of recognising long service to the Guild. Performance data is traditionally retained indefinitely in order to preserve complete performance records for historical purposes.
8. Data Protection Officer
a. Consistent with ICO guidance, upon implementation of this Policy, the Guild Secretary will act as the Data Protection Officer. The Data Protection Officer will:
b. Have a “watching brief” to ensure that the Guild and its officers are made aware of and encouraged to observe good data collection, management and usage practices (as laid out in this Policy).
c. Be informed in the event of any suspected data breaches within the Guild.
d. Be the first point of contact in the case of any statutory or subject access requests.
9. Contact Details
a. To exercise all relevant rights, queries or complaints please in the first instance contact the Guild Secretary
b. Members can also contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.
Approved by the Executive Committee – 16th November 2019