General Data Protection Regulations (GDPR)

Your details are held by the Society in paper and electronic form in order to deliver our services.  Under the terms of the GDPR regulations, the Society acts as the “data controller” in respect to the information held and does not perform “data processing” of behalf of other organisations.  We have set out below who holds what information and for what purposes:

Membership Records

Includes your name, postal address, email address, class of membership, Gift Aid status, date joined and when you last renewed your subscription.
Officer Location Purpose Retention
Membership Secretary Personal PC Administration 7 years from last renewal
Editor Personal PC Distribution of magazine Current membership year
Treasurer Personal PC Administration and completion of Gift submission 7 years from last renewal
Webmaster Website 1. Managing access to members-only area of website. 2. Enabling self-management of membership records by members 7 years from last renewal

Meeting Attendance Records

We retain attendance records of members and visitors attending each meeting.  These are held in the form of signatures in a “signing in book”.   The books are retained on a permanent basis and it is not possible for an individual to request their name is removed.

Named Interests

List of family names and locations being researched by Society members.
Used By Location Purpose Retention
Members * Website Enable public access to records Removed within 12 months of membership expiring
Notes
  1. For members without access to the internet, members provide lists to the Membership Secretary who passes them to the Webmaster for entry onto the website
  2. Information publicly available on the website only includes a membership number, this is used by functionality within the website to verify email addresses provided by the public and forward responses to the member’s email address. Where members do not have an email address, responses are sent to the Membership Secretary for posting.

Purchases

Includes your name, postal address and items ordered.  All processing of your financial details is carried out by third parties, we do not retain any details. For physical items ordered from the Society by post, the information is retained by the Membership Secretary for 12 months from ordering for auditing purposes. For items ordered using the Society’s online shop, the information is retained by the Society for up to 24 months from the date ordered, and is used by the following Society officers:
Officer Location Purpose Retention
Membership Secretary Personal PC Fulfilment of the order for physical items One month after fulfilment
Paypal Admin Personal PC Ensuring Paypal income aligns with website sales Up to 24 months
Webmaster Website Administration 7 years from last renewal

Website

All access to our website is controlled by passwords which are self-administered.  i.e. We do not issue passwords and all passwords are encrypted using industry standard techniques. We make regular backups of our website which are both retained on our server as well as off-line.  Backups are securely encrypted prior to being emailed to the webmaster.

Information Provided to Third Parties

In general the Society does not provide any details to third parties, with the following exceptions:
  • Printer: The printer receives a list of names and addresses for members receiving hard copies of the Society’s magazines from the magazine Editor. They destroy the list after dispatching the magazine.
  • HMRC: It is a requirement of claiming Gift Aid tax relief from HMRC that we provide them with Name and Address information. See https://www.gov.uk/claim-gift-aid-online.
  • Web site host provider: Our web hosting provider will have access to the contents of our website in order to provide technical support and deliver the service.  They have undertaken to take all measures pursuant to Article 32 of the GDPR (Security of Processing) and implement appropriate technical and organisational measures to ensure a level of security appropriate to the perceived risk.
  • Search Engines (Google, Bing, etc).  Please refer to our use of cookies within the web site for more details.  These cookies are used by the site to deliver the web site's integrity.
  • Paypal: Our shop uses Paypal to take online payments. We provide Paypal with details of your order and address, and retain the Paypal transaction reference on our website.  The Paypal transaction reference does not contain any bank, Paypal account or credit card details  See https://www.paypal.com/uk/webapps/mpp/ua/privacy-full for more details of Paypal’s privacy policies.

Security and Unauthorised Access Attempts

As a security measure the website records your IP address either:
  • where we detect unauthorised access attempts,
  • or when membership records are changed.
We may block certain IP address ranges which we believe are associated with persistent attempts to breach security.

Corrections, Errors and Omissions

We only want to work with accurate information and the easiest way for us to do this is to put you in charge. Therefore, you can view details the Society holds about you by accessing the members-only area of the website and viewing “My Details”.  Any changes you make will be recorded and automatically passed to the Membership Secretary. However, if you do not have access to the internet, please post any changes you require to our Membership Secretary. If you would like the Society to remove records it holds about you, please can you write to our Membership Secretary.

Information Requests

You can request copies of your information held by sending the request to our Membership Secretary: Membership Secretary Harrogate and District Family History Society c/o 16 Swinburne Close Harrogate HG1 3LX Or send an email to gdpr@hadfhs.co.uk

Further Guidance

We have based our policies on the following guidance from the Information Commissioners Office. https://ico.org.uk/for-organisations/sme-web-hub/ If you would like to understand more about General Data Protection Regulation, please consult https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/