SLPG’s Statement and Compliance with General Data Protection Regulations 2018
What personal data does SLPG collect?
The data we routinely collect includes members’ names, addresses, email addresses. We collect this data directly from our members when they join SLPG.
What is this personal data used for?
We use members’ data for the administration of SLPG membership; the communication of information, calling and/or organisation of meetings/events.
We do not share membership information with or provide it to any other persons or third parties.
The Committee reserves the right to forward to SLPG members information related to third parties that it may think is appropriate or relevant to SLPG membership – for example major announcement by a Train Operating Company, Community Rail affecting the Shakespeare Line or events where there is a discount for being a member. Such forwarding of third-party information would, in normal circumstances, only be carried out after it had been considered and approved by the SLPG Committee. The Secretary or Chairman can forward third party information if it considered urgent. All of the foregoing is subject to SLPG forwarding information only, SLPG WILL NOT divulge or provide any personal data related to SLPG individual members to any third party.
Who is your data shared with?
Your personal data will not be passed on by us to any third party or other organisation.
Where does this data come from?
Data for our members comes from them when they join/renew membership of SLPG or when they update their information by sending an update email or letter to SLPG (Membership Secretary).
The information held by SLPG may be updated if you have given it permission to change your record.
How is your data stored?
This information is stored in digital form on the Membership Secretary’s computer as well as routine backups retained on external hard drive and cloud storage. Care is taken to keep the information secure, using recognised software for this purpose.
A copy of the SLPG membership information is stored as a backup on the SLPG Secretary’s computer and is password protected. The Membership Secretary will provide an updated copy of the SLPG Membership data to the SLPG Secretary on request.
The completed paper membership forms are stored out of sight, and are shredded when no longer relevant to SLPG.
Who is responsible for ensuring compliance with the relevant laws and regulations?
Under the GDPR (General Data Protection Regulation) we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring SLPG discharges its obligations under the GDPR is the Membership Secretary.
Who has access to your data?
Members of the SLPG committee shall have access to members’ data in order for them to carry out any legitimate tasks for SLPG.
No third parties, other persons or organisations may be given access to SLPG membership data.
What is the legal basis for collecting this data?
SLPG collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation and Rail User Group.
For some data, such as that relating to financial/membership matters, the basis for its collection and retention is to comply with our legal obligations.
How you can check what data we have about you?
You should contact the Membership Secretary: Susan Young at: firstname.lastname@example.org by email or by post via SLPG Membership Secretary, 202 School Road, Hall Green, Birmingham, B28 8PD.
There is no fee for this “subject access request”, though we reserve the right to charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information.
Does SLPG collect any “special” data?
The GDPR refers to sensitive personal data as “special categories of personal data”. SLPG does not hold any sensitive personal data.
How can you ask for data to be removed, limited or corrected?
There are various ways in which you can limit how your data is used.
- You may choose not to receive information emails from SLPG – you will need to indicate this in writing by email or post contacting the SLPG Membership Secretary, or leave this information blank on your latest membership renewal.
- If you cancel your membership your personal data will be deleted within one month of this notification
- If your membership is not renewed your personal data will be deleted within six months of the expiry date of your annual membership term
How long do we keep your data for, and why?
SLPG will keep your personal data for no longer than one month after membership has been cancelled or six months since has lapsed following or from of the expiry date of your annual membership term.
Previous and older copies of electronic Membership Data will be deleted before the 31 October each year following the Financial Year it refers to except for Life Members as described in the next paragraph.
Attempts to contact Life Members will be made every 3 years to confirm consent to continued retention of their data and any updates required, after which any non-responders will be removed from the membership of SLPG. Records of such consent will be kept until a newer consent is given.
The completed paper membership forms are retained for a maximum of 6 months after the end of the financial year they relate to – unless for current Life Membership. In this case they will be kept until Life Membership no longer applies or a change is requested which supersedes previously held information.
Once we have finalised our records for the new membership year all expired information will be deleted or destroyed.
What happens if a member dies?
We keep members’ information after they die, until we are notified of this or we have deleted the information from our records due to non-renewal of membership or no response to the 3 yearly cycle of contact for Life Members. If informed of the members death or requested by their next-of-kin SLPG will delete the personal details within one month of receiving such advice.
The Basis for SLPG’s position, statement and operation of the General Data Protection Regulation (GDPR)
As it affects the Shakespeare Line Promotion Group, its function, administration and operation the provisions of the GDPR has been interpreted as data used, maintained and kept under Legitimate Interests.
The interpretation of Legitimate Interests in the context of GDPR and for SLPG being:
Data processing is necessary for membership of SLPG’s that as a Rail User group represents a legitimate interest for individuals that wish to belong to SLPG by being a member.
The category of legitimate interests covers the activities of SLPG, and is the lawful basis that we, SLPG, give for the collection and processing of our data. This covers the use of people’s data in ways they would reasonably expect and which has a minimal impact on privacy.
The purpose of holding Members personal data is:
- To maintain membership and communicate with members on matters related to SLPG as a Rail User Group or associated issues that SLPG Committee consider to be relevant
- SLPG does not collect more data than necessary
- SLPG collects personal data of members name, postal address and email contact details
- We confirm that members personal data will not be provided to third parties or shared/used by any other persons/organisations
- Members personal data collected will only be used to maintain membership and communicate with members on matters related to SLPG as a Rail User Group or associated issues that SLPG Committee consider to be relevant
- Access to SLPG Members personal data is confined to SLPG Committee Members, primarily the Membership Secretary.
Shakespeare Line Promotion Group
3 April 2022
Shakespeare Line Promotion Group
3 April 2022