Bromley Civic Society (BCS) is a privacy conscious organisation and takes your privacy seriously. This policy follows the guidelines set out in the General Data Protection Regulation (GDPR), which enhances the Data Protection Act 1998. It sets out details of the personal information, which we may collect from you and how we use and store that information, as well as your rights regarding our holding that information.
Collection of personal information
BCS collects personally identifiable data in the following ways:
- Through completion of a BCS membership application form
- Acceptance for inclusion on a mailing list or database
- By signing up for a BCS event
- Through research, surveys or monitoring activities
- By entering into email, telephone or postal correspondence with a BCS committee member.
The data collected will normally be limited to your name and address, email address and your telephone number.
BCS’ reasons for holding your personal data
We hold the personal information you provide to us for the following purposes:
- To maintain our records
- To respond to any enquiries you may make
- To contact you about events, campaigns, offers and opportunities available to BCS members
- To facilitate the administration of your membership, including inviting renewals
- To administer any BCS events in which you participate or may wish to participate and to deal with any incidents involving you
- To create anonymous aggregated information about our members to enable us to secure funding for any projects.
Access to your personal information
Access to your personal information is strictly limited to BCS committee members who perform the functions outlined above, including the Chair, Vice Chair, Membership Secretary, Treasurer and Data Protection Officer.
If you book to participate in a BCS event, some or all of your personal information may be shared with the BCS member/s running the event.
Storage of your personal information
BCS stores your information in electronic form. Data may be held on a local database or a secure server in London. Data is not transferred outside the UK. Server backups are held in encrypted form. Access to all personal data is always password protected.
If you pay your subscription online, we do not have access to any credit card information at all.
Disclosure of personal information to third parties
Personal Data may be stored on online databases to facilitate membership administration and mailing of newsletters.
BCS will not otherwise share your personal information with any third party unless we are under a duty to do so to comply with any legal obligation/UK law.
We do not collect or compile personal information for dissemination or sale to external parties for marketing purposes, nor do we host mailings on behalf of third parties.
Retention of personal information
For BCS members, we retain personal information from the date you first subscribe until one year after your membership lapses. This is so that we can, for example, invite you to renew your membership during that year.
For newsletter subscriptions, your name will be held on our newsletter database until such time as you unsubscribe from this service. You may do this at any time by clicking the “unsubscribe” link at the foot of every newsletter email.
Data protection officer
BCS’ data protection officer who is responsible for ensuring BCS’ compliance with the GDPR can be contacted at email@example.com or 3 Hayes Road, Bromley BR2 9AF.
Changes to your personal information
You can contact us using the above details at any time if there are any changes to your personal information. We may also contact you from time to time to ensure that the personal information we hold about you is correct.
BCS aims to be as open as possible in terms of giving people access to the personal information held about them.
The GDPR gives you the following rights:
- The right to be informed about what personal information we hold about you
- The right of access to that information
- The right to have your personal information rectified
- The right to have your personal information erased
- The right to restrict the use of your personal information
- The right to data portability, that is to say, the right to receive personal information provided to us in a structured, commonly used and machine-readable format, such as email and to transmit that information to another organisation
- The right to object to our holding personal information about you, including withdrawing your consent to our doing so
- Rights in relation to automated decision making and profiling.
You can find out if we hold any personal information about you, and if so, what information, by making a “Subject Access Request” under the GDPR. Such a request should be addressed to BCS’ data protection officer using the contact details given above.
Your request should include details and provide evidence of who you are, such as a copy of your driving licence, passport or birth certificate, together with as much detail as possible of the information you wish to access, for example where and by whom you believe it to be held and specific details of the information required.
Once we receive your request, we will answer it within 28 days.
Please also write to the data protection officer using the contact details given above if you wish to raise any matter relating to your other rights.
If you are not satisfied with our response, you may complain to the Information Commissioner’s Office.
Use of the BCS website
This policy is reviewed annually and may be updated either to comply with the law or to reflect our evolving needs. Any changes will be posted on BCS’ website.
29th April 2018