This Privacy Notice sets out the basis upon which the Dartmoor Tinworking Research Group (DTRG) processes personal data.
The DTRG is the Data Controller for the purposes of the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) 2018.
Personal data held
The personal data held by the DTRG is obtained from the completion of membership applications that provide name, address, telephone number and email address, and other information such as how membership was paid e.g. bank, PayPal, standing order.
Lawful basis of processing
The DTRG’s lawful basis of processing the personal data that it holds is two-fold:
Contract.Most of our processing is necessary to maintain the contracts that the DTRG has with its members. This processing consists of:
- the secure storage of data in a database
- dealing with enquiries of all types from members
- dealing with membership payments
- sending publications by post, including two Newsletters per year that provide details of events
- event notices
- communication between members of the committee and project leaders.
Where possible we use email for communication because of its cheapness and immediacy.
Legitimate interests.We assess we can rely on Legitimate Interests to carry out these items:
- sending messages to members that include information about events etc. that are arranged by other organisations working in the same area of interest as ourselves
- replying to enquiries from non-members by post or (where provided) by email.
- sending marketing information by email.
Sharing with third parties
The DTRG uses two third party provider to deliver part of the services it provides. Third parties currently used:
- Lloyds Bank, to process membership and other payments
- PayPal, to process membership and other payments
The DTRG will never sell its members' information to third parties, nor does it transfer data outside the UK.
Retention of and access to personal data
Members’ records are held during membership and for a period of twelve months after it ceases. If you wish your personal data to be erased more quickly than this, you should contact the DTRG’s Membership Secretary in writing. If you would like to access the information the DTRG holds about you (called a Subject Access Request) or to change the information held, or to cancel membership, please contact the Membership Secretary in writing.
Technical and Security Measures
The database is held primarily on a secure website and secondarily on the webmaster's computer equipment and is backed-up. Access to the website database and computer is protected and restricted. Officers of the DTRG committee have password protected access to relevant member details via the securely hosted DTRG website.
We have no members under the age of 18 and do not currently anticipate any joining.
Data protection breaches will be reported by the DTRG to the Information Commissioner’s Office in line with the requirements of that office. Should a breach occur, an investigation would take place to identify the root cause and to put in place measures to avoid a recurrence.
These include a right to object to our use of your personal data on grounds relating to your particular situation and the right to lodge a complaint with a supervisory body. If you wish to make a complaint about how the DTRG has processed your personal data, you may contact the Chairman via the email address given on the website. If you do not receive a reply within 30 days you may complain to the Information Commissioner's Office.