Hythe Environmental Community Group
Policy for GDPR (General Data Protection Regulation) Changes May 2018
Introduction: For the purpose of GDPR, Hythe Environmental Community Group (HECG) is the data controller in relation to carrying out the objectives of the organisation. Its members are the data subjects.
Definition of “The Data”: The Data consists of name and contact details for members. In the vast majority of cases this is just “name” and “email address”.
In some cases where members become part of a sub-group and require more immediate and personal communication, the member may provide a phone number to the leaders of the sub-group. This information is not held in a database or collated anywhere by HECG and is not considered within the scope of GDPR.
Origin and stated purpose of The Data: All of the data has been provided voluntarily by the owners in order that HECG may contact them to keep them up to date with HECG activities and opportunities to become involved in HECG activities as well as identify areas of interest for future HECG activities. They have therefore opted in to The Data being used for this purpose.
Storage and security of Data: The email contact data are stored in the Yahoo database for email@example.com and is therefore considered secure. It is under the sole control of HECG.
Responsibilities: The “Controller” and “Processor” of the data (as defined by GDPR) are the Secretary of HECG and the Chairman of HECG. They are the only people who have access to the Yahoo email account, and they therefore are responsible for the execution of this policy.
Usage of The Data:
- The Data will only be used for contacting members of HECG in order to keep them up to date with HECG activities and opportunities to become involved in HECG activities or identify areas of interest for future HECG activities.
- The Data will not be passed on to anyone outside HECG and will not be used for any commercial advertising to members.
- Where members are surveyed to establish their interests, the output of such surveys will be displayed in such a form that the data cannot be followed back to the individuals. Again, this data will not be passed to anyone outside HECG and will only be used to target the Group’s activities to best meet the requirements of the members.
- When group emails are sent out, the sender will use Bcc to ensure that email addresses are not shared by the recipients.
- The data will not be shared with third parties unless express permission has been sought and granted.
- The data will be retained until such time as a request is received for it to be deleted or membership ceases.
Data Owner’s Rights:
- All HECG Members will be made aware of this policy, which will be held on the website community.com and a link to it placed on the bottom of emails out from HECG.
- All HECG Members have the right to request details of all data held by HECG relating to them. They can do this by contacting firstname.lastname@example.org
- All HECG Members have the right to request rectification or deletion of some or all of their data. Execution of such requests will be carried out within 1 month from the date of the request. All emails out to members shall carry the wording “To unsubscribe from this mailing list please reply to this email, putting “unsubscribe” in the title.”