The UK General Data Protection Regulation (GDPR) comes into force on 25th May 2018. These changes to the law affect how Winchester Art History Group (WAHG) is able to process personal information.
During the administration of its programmes of events, WAHG gathers personal data from a number of sources including members, speakers and guides, contractors, suppliers, waiting list applicants, travel companies and other business contacts.
This policy outlines WAHG’s responsibilities for data handling, the ways in which we safeguard the privacy of all personal data and the individuals’ rights under the GDPR.
WAHG Roles and Responsibilities
The handling of personal data is restricted to designated WAHG committee members who need access to the data in order to carry out their duties, and who have agreed to adhere to the principles stated in this policy.
The WAHG Membership Secretary (firstname.lastname@example.org) is the first point of contact for any questions relating to Data Protection. The Membership Secretary, together with other members of the WAHG committee, is responsible for how your personal data is handled.
WAHG Data Protection Principles
- We only collect and hold essential data which is supplied by you and which we need to operate. This includes title, name, postal address, email address and telephone number(s)
- We lawfully process your personal data in accordance with the GDPR
- Personal data is used solely in the administration of our society and programmes of events, and in communicating with you for these purposes
- All digital data files are held within password-protected and appropriately secure environments
- All paper documents are stored with appropriate security
- We aim to keep our records as accurate as possible and you may update your personal data at any time
- Data will be retained for no longer than 12 months after a member’s involvement with WAHG has ceased. Personal data from all other sources will be retained only for as long as is necessary
- WAHG does not disclose personal data to any third party, except with your explicit consent
- We do not transfer personal data to countries outside the European Economic Area (EEC), ensuring that the individual’s protection under the GDPR is not compromised.
Your rights under the General Data Protection Regulation (GDPR)
We process personal data in accordance with individuals’ rights under the GDPR.
You may contact WAHG (email@example.com) at any time to check what personal data we hold and how we use it. Under the GDPR this is known as a Subject Access Request and WAHG will respond within 30 days of a request being made.
You are entitled to:
- Obtain a copy of your personal data to check its accuracy and relevance
- Amend your personal data
- Change your consent and your preferred method of communication
- Be informed of any breach in data security i.e. data loss or unauthorised data usage
- Request that personal data is erased from our records
- Complain about how your personal data is being used
If you consider that your data is being handled incorrectly, you may also complain to the UK Information Commissioner’s Office (Ico). Visit www.ico.org.uk for details on how to do this.