Your details are held by the Society in paper and electronic form in order to deliver our services. Under the terms of the GDPR regulations, the Society acts as the “data controller” in respect to the information held and does not perform “data processing” of behalf of other organisations. We have set out below who holds what information and for what purposes:
Includes your name, postal address, email address, class of membership, Gift Aid status, date joined and when you last renewed your subscription.
|Membership Secretary||Personal PC||Administration||7 years from last renewal|
|Editor||Personal PC||Distribution of magazine||Current membership year|
|Treasurer||Personal PC||Administration and completion of Gift submission||7 years from last renewal|
|Webmaster||Website||1. Managing access to members-only area of website.
2. Enabling self-management of membership records by members
|7 years from last renewal|
Meeting Attendance Records
We retain attendance records of members and visitors attending each meeting. These are held in the form of signatures in a “signing in book”. The books are retained on a permanent basis and it is not possible for an individual to request their name is removed.
List of family names and locations being researched by Society members.
|Members *||Website||Enable public access to records||Removed within 12 months of membership expiring|
- For members without access to the internet, members provide lists to the Membership Secretary who passes them to the Webmaster for entry onto the website
- Information publicly available on the website only includes a membership number, this is used by functionality within the website to verify email addresses provided by the public and forward responses to the member’s email address. Where members do not have an email address, responses are sent to the Membership Secretary for posting.
Includes your name, postal address and items ordered. All processing of your financial details is carried out by third parties, we do not retain any details.
For physical items ordered from the Society by post, the information is retained by the Membership Secretary for 12 months from ordering for auditing purposes.
For items ordered using the Society’s online shop, the information is retained by the Society for up to 24 months from the date ordered, and is used by the following Society officers:
|Membership Secretary||Personal PC||Fulfilment of the order for physical items||One month after fulfilment|
|Paypal Admin||Personal PC||Ensuring Paypal income aligns with website sales||Up to 24 months|
|Webmaster||Website||Administration||7 years from last renewal|
All access to our website is controlled by passwords which are self-administered. i.e. We do not issue passwords and all passwords are encrypted using industry standard techniques.
We make regular backups of our website which are both retained on our server as well as off-line. Backups are securely encrypted prior to being emailed to the webmaster.
Information Provided to Third Parties
In general the Society does not provide any details to third parties, with the following exceptions:
- Printer: The printer receives a list of names and addresses for members receiving hard copies of the Society’s magazines from the magazine Editor. They destroy the list after dispatching the magazine.
- HMRC: It is a requirement of claiming Gift Aid tax relief from HMRC that we provide them with Name and Address information. See https://www.gov.uk/claim-gift-aid-online.
- Web site host provider: Our web hosting provider will have access to the contents of our website in order to provide technical support and deliver the service. They have undertaken to take all measures pursuant to Article 32 of the GDPR (Security of Processing) and implement appropriate technical and organisational measures to ensure a level of security appropriate to the perceived risk.
- Paypal: Our shop uses Paypal to take online payments. We provide Paypal with details of your order and address, and retain the Paypal transaction reference on our website. The Paypal transaction reference does not contain any bank, Paypal account or credit card details See https://www.paypal.com/uk/webapps/mpp/ua/privacy-prev for more details of Paypal’s privacy policies.
Security and Unauthorised Access Attempts
As a security measure the website records your IP address either:
- where we detect unauthorised access attempts,
- or when membership records are changed.
We may block certain IP address ranges which we believe are associated with persistent attempts to breach security.
Corrections, Errors and Omissions
We only want to work with accurate information and the easiest way for us to do this is to put you in charge.
Therefore, you can view details the Society holds about you by accessing the members-only area of the website and viewing “My Details”. Any changes you make will be recorded and automatically passed to the Membership Secretary.
However, if you do not have access to the internet, please post any changes you require to our Membership Secretary.
If you would like the Society to remove records it holds about you, please can you write to our Membership Secretary.
You can request copies of your information held by sending the request to our Membership Secretary:
Harrogate and District Family History Society
c/o 16 Swinburne Close
Or send an email to firstname.lastname@example.org
We have based our policies on the following guidance from the Information Commissioners Office. https://ico.org.uk/for-organisations/charity/ and https://ico.org.uk/media/for-organisations/think-privacy/2586/ico-think-privacy-toolkit-charities.pdf
If you would like to understand more about General Data Protection Regulation, please consult https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/