GDPR Policy
This policy is operational from 5 April 2021. This policy will be included on the SBL website to inform members
This policy applies to:
-
Suffolk Book League
-
All officers, trustees and committee members of Suffolk Book League
-
All members of Suffolk Book League
-
Non members who register for our events
-
Anyone using our website who resisters their details on line
The purpose of this policy is to enable Suffolk Book League to:
-
Comply with our legal, regulatory and corporate governance obligations and good practice
-
Ensure business and charity policies are adhered to (such as policies covering email and internet use).
-
Investigate complaints
-
Monitor committee members, trustees and volunteers
Suffolk Book League recognises that its main priority under the GDPR is to avoid causing harm to individuals. In the main this means:
-
Complying with your rights,
-
Keeping you informed about the data we hold, why we hold it and what we are doing with it,
-
Keeping information securely in the right hands, and
-
Holding good quality information.
Suffolk Book League has identified the following potential key risks, which this policy is designed to address:
-
Breach of confidentiality (information being given out inappropriately).
-
Breach of security by allowing unauthorised access.
-
Failure to establish efficient systems of managing changes, leading to personal data being not up to date.
-
Harm to individuals if personal data is not up to date
In order to address these concerns: to ensure compliance all committee members and Officers are informed about their individual and collective responsibilities under the policy.
Paper and electronically held data are collected and used in the following ways.
-
Through the website when someone emails or registers their details for an event. this is used to respond to an enquiry or check people in when they attend an event
-
Through the google form when someone joins Suffolk Book League as a member. this is added to the members database and used to contact them and inform them of events
-
If members are eligible for gift aid and authorise us to collect it their data will be used to do so
-
Through GoCardless when a Direct Debit is used to pay for their membership. this will be used to pay for their annual subscription
-
Through PayPal when this is used to make a donation or buy a gift subscription, this will be used to contact you by email
Updating processes:
-
Data is updated when the Membership Secretary is notified of changes in details and is held only for the period of membership, being deleted annually 6 months after the year end if a member fails to renew membership.
-
Data held on donors/beneficiaries is deleted annually for any beneficiaries/donors not dealt with in the previous 12 months.
-
Gift Aid data is deleted 6 years after expiry of an individual’s final Gift Aid year, in accordance with the HMRC legal retention period. Author data will be deleted 5 years after initial contact unless agreed otherwise.
-
Data collected when an individual subscribes via the website will be held until they unsubscribe or ask us not to retain their data.
The duties of the committee, officers and trustees are as follows
-
The Chair of the Suffolk Book League, is responsible for ensuring compliance and will annually after the AGM, brief Committee Members and Officers on Data Protection responsibilities
-
The SBL Committee will Review Data Protection and related policies ensure data is stored securely
-
The SBL Trustees will Investigate and report breaches to the Information Commissioners Office and the relevant Data Subject(s)
Data held by SBL will be produced to the individual concerned if requested. Any subject access requests will be handled in the first instance by the chair of Suffolk Book League.
-
Subject access requests must be in writing.
-
Members have the right to request the information we hold is rectified if it is inaccurate or incomplete.
-
Members should contact the chair of Suffolk Book League and provide with the details of any inaccurate or incomplete data.
-
SBL will then ensure that this is amended within one month.
Revised draft 2/4/2021
​
​