General Data Protection Regulation 2018
Data Protection Policy
The Nottingham Centre of the National Trust is a non-profit-making organisation run by and on behalf of its Members, in accordance with its Constitution. In May 2018 new legislation came into force, over and above the provisions of the Data Protection Act, which places specific legal obligations on Nottingham Centre Officers. The main change is that the Centre must now inform Members of the personal data that we hold, and also obtain specific consent before we use any personal information of Members – for example, by publishing contact details in our newsletter or using email addresses to send Members our E-bulletin – rather than relying on implied consent, which we have done previously. This Policy describes the information that we hold and how we use it. The Membership Secretary serves as the Data Protection Officer.
The Centre maintains basic records pertaining to its Members solely for the administration of membership and Centre activities. These records comprise Members’ names and home addresses, telephone numbers, email addresses and records of payments made in the form of subscriptions and donations to the Centre. We do not collect any information about Members from their use of our website or any personal financial details. Financial information is received, however, as a consequence of membership payments made to the Centre (i.e., as appearing on our bank statements). This remains confidential and is destroyed when no longer required.
Members’ records are held in a paper format and also on a password-protected computer database. Members’ information will not be stored on the website or on unprotected portable electronic media such as flash drives or memory sticks. Certain Centre Officers have access to Members’ information under controlled processes, and such access (where appropriate) is restricted to the Chairman, the Secretary, the Membership Secretary, the Treasurer, the Newsletter Editor, the Webmaster and Organisers of Centre activities.
How we use Members’ information
Members’ information is used to create and manage their membership and participation in the Centre’s activities, to communicate with Members by letter and email, and to send Members our regular newsletter and E-bulletin. We ask Members to provide a telephone number in case other methods of communication fail.
Members’ personal information will not be shared with any person outside of the Centre without their explicit consent. With one exception, no personal details are ever divulged to any other organisation for any purpose whatsoever. The sole exception is when the Centre has made direct bookings on behalf of Members as part of our holiday arrangements and a hotel or travel provider requires to be informed of the names and addresses of the individuals involved. In such cases, explicit consent to divulge the required information will be sought by the Centre as part of the holiday booking process.
When Members join the Centre, we would like to publish their names and the area where they live (not their home address) in our newsletter. The newsletter is distributed to Members in a paper format. Subsequently, non-members of the Centre may have access to copies of the newsletter and the information contained within.
How we obtain consent
We require Members’ personal information (as outlined above) in order to process their membership. Membership application forms will refer to this Data Protection Policy, copies of which will be readily available from the Membership Secretary or from our website, and applicants for membership or membership renewal will be required to affirm their specific consent for the Centre to use their personal information as specified in this Policy.
Members who wish the Centre to make direct holiday bookings on their behalf will be required to consent in writing to the use of their personal information as part of the holiday booking process.
Organisers of Centre activities will be required to give their specific consent in writing before their contact details can be published in our newsletter or E-bulletin.
Centre Members who wish to receive our E-bulletin will be required to specifically ‘opt-in’, either in writing or electronically, rather than relying on implied consent.
Changing consent and termination of membership
Members who wish to see a copy of the personal information that we hold on them should contact the Membership Secretary. Members should notify any changes to their personal information or their consents by notifying the Membership Secretary in writing or by email.
If Members wish to withdraw their consent to their personal information being stored and used as outlined in this Policy, then regrettably we will no longer be able to maintain their membership of the Centre. In such cases, their personal information will immediately be deleted or destroyed.
Similarly, Members whose membership of the Centre is terminated by resignation, by failure to pay their membership subscription, or by the Committee in accordance with our Constitution, will also have their personal information immediately deleted or destroyed.