Data Protection Policy

Data Protection Statement for the National Chrysanthemum Society

Registered Charity no. 248484

This policy is prepared by the nominated Data Controller of the Society and was approved by the Trustees of the Society at Management and Executive Meetings held on August 7th 2018
The Society is committed to a policy of protecting the rights and privacy of individuals, officers, members and others in accordance with the Data Protection Act 1998 and the Data Protection Regulations introduced 25 May 2018.
The data and information we collect is directly related and relevant to the needs and responsibilities of the Society and its members and is detailed in the letter sent to all existing and prospective members to be read in conjunction with this Data Protection Statement.
We undertake to ensure that data and information is fairly and lawfully collected and is directly relevant to those needs and responsibilities, that it is accurate, reliable and consistent and is kept securely and confidentially.
As a matter of good practice members and officers of the Society who have access to personal information will be expected to comply with this policy. The only officers of the Society who hold data and have access to this are President, Chairman, Membership Manager, Sales and Societies Manager and Shows Manager.
Legal Requirements – Data is protected by the Data Protection Act 1998 which came into effect on 1 March 2000 and by the Data Protection Regulations of 25 May 2018. Its purpose is to protect the rights and privacy of individuals and to ensure that personal data is not processed without their knowledge and wherever possible is not processed without their consent.
Managing Data Protection – data may be held by us for the following purposes:-
1. Society Administration
2. Fundraising
3. Realising the Objectives of the Society
4. Accounts and Records
5. Promotion and Public Relations
6. Membership records

Data Protection Principals – complying with the principals of the Data Protection ensuring that information is:
1 Processed fairly and accurately for limited purpose – information is collected and processed in a prudent and lawful manner and kept up to date and accurate at all times. We will not use data for a purpose other than those listed above. If data held by us is requested by external organisations for any reason this will only be passed on with the agreement of data subjects.
2 Secure Appropriate technical and organisational measures are taken against unlawful or unauthorised processing of personal data and against accidental loss or destruction of data. All information kept on our computers and contact data base will be password protected allowing only authorised officers of the Society to access personal data. All hard copies of personal data will be kept in a locked cabinet which can only be accessed by authorised officers.
3 Adequate, relevant and not excessive – the Society will monitor the data held for our purposes ensuring we hold only the amount necessary in respect of the Society and its members.
4 Limited retention – we discourage the retention of data for longer than is required and all personal data will be deleted or destroyed by us after one year of non-membership has elapsed.
5 Processed in accordance with the individuals rights – if the Society holds data on members and individuals they have the right:-
To know what information is held
To prevent the process of data for direct marketing
To prevent disclosure to third parties
To request the removal/amendment of any inaccurate data held

Roger Brownbridge
Chairman/Data Controller