17 May 2018
1. Legal Basis
In accordance with the General Data Protection Rules, effective from 25 May 2018, the D&DFHS will operate in accordance with these rules based on the prior consent of its members to hold and store Personal Data for the purposes of operating and administering the Society and for providing members with services relating to family history and genealogy.
The D&DFHS is a membership-based family history society. The Society’s object is:
- to advance public education in family history and genealogy within the area of interest.
The D&DFHS operates within the rules of its constitution, which was last updated and approved by its Annual General Meeting held on 29 February 2012.
All collection and processing of personal data by the D&DFHS relates to maintaining its membership database and for providing society members with access to the Society’s services and website.
No personal data is stored and held by the Society without the prior consent of a member.
2. Membership Consents
Prior to the introduction of the General Data Protection Rules, effective from 25 May 2018, all existing members will be asked to re-confirm their consents and all new members, who join the Society, will also be asked to provide written consent for the Society to use and store their personal data for the purposes of administration of the Society and for the sharing of genealogical data
3. Roles and Responsibilities
1) Data Controller
The D&DFHS, as a membership organisation, relies on volunteers for its operation and running and to fill the positions of Officers and Executive Committee of the Society.
The Society has no employees to carry out its work; consequently all recognised roles under Data Protection Legislation are carried out by Society Officers or Executive Committee Members
The Data Controller is elected annually at the Society’s Annual General Meeting.
It is the responsibility of the Data Controller to ensure that the Society conforms with all relevant legislation relating to Data Protection and that all the Society’s policies regarding Data Protection are current and are reviewed on a regular basis or if there is a change in legislation.
2) Data Processors
Data processing of Members Personal data by the Society is primarily carried out by the Membership Secretary, who is responsible for maintaining and updating the Society’s Membership Database, which contains some or all of the following information:
- Members Name
- Members Address
- Members Email Address
- Members Telephone No.
- Membership Category
- Membership Fee
- Method of Payment
- Date of Renewal
The Society’s Membership Database is updated following the annual membership renewal process which commences in April and ends in June and on the receipt of new members to the Society.
Any member not renewing their membership by 30 June is removed from the Society’s Membership Database and any member notifying cancellation of their membership is also removed the Society’s Membership Database.
Other Officers and volunteers of the Society, subject to the approval of the Data Controller, may use the information for provision of member services.
4. Transferring of Data to and From Third Parties
No Personal Membership data is transferred by the D&DFHS to third party companies or organisations.
5. Data Retention Period Criteria
The D&DFHS will hold the personal data of members as described in Section 3(2) of this document for the period of the member(s), membership of the Society. This data will be destroyed either upon:
- The cancellation of membership by a member or
- The death of a member, when notified or
- Failing to renew a membership by the 30 June as part of the annual membership renewal process.
6. Members Rights under the General Data Protection Regulations
The D&DFHS recognises the member’s rights under the General Data Protection Regulations to the following:
- The right of access to their data
- The right to rectification to their data
- The right to erasure of their data
- The right to restrict processing of their data
- The right to data portability of their data
- The right to object in relation to the use of their Data
Any member who wishes access to their data or to make a complaint regarding the treatment of their data must, in the first instance, contact the Secretary of the Society and submit in writing a Subject Access Request.
The Society in accordance with the General Data Protection rules will reply to a member’s enquiry in relation to items 1 to 6 within one month of receipt of the members written Subject Access Request.
7. Automated Decision Making and Profiling
The D&DFHS does not carry out and will not carry out in the future any Automated Decision Making or Profiling linked to Members Personal Data.
8. Breach Awareness
The D&DFHS carries out annual reviews both of its data processes and data storage procedures in order to prevent future potential breaches or loss of the personal data it holds.
9. Risk Management
In order to mitigate and manage both technical and procedural risks surrounding how and why the Society uses the personally held data of its members, the Committee of the Society will, on an annual basis review all its current processes and procedures and also assess both existing and known future legislation relating to protection of its members personally held data and implement any required changes identified by the Committee in this review
10. Document Review
This document will be reviewed annually by the Executive Committee of the D&DFHS.