Data Controller

The DTRG is the Data Controller for the purposes of the Data Protection Act 1998 and the General Data Protection Regulation (GDPR) 2018.

 

Personal data held

The personal data held by the DTRG is obtained from the completion of membership application forms, that provide name, address, telephone number and email address.

 

Lawful basis of processing

The DTRG’s lawful basis of processing the personal data that it holds is two-fold:

 

1. Contract

Most of our processing is necessary to maintain the contracts that the DTRG has with its members. This processing consists of:

  • the secure storage of data in a database
  • dealing with enquiries of all types from members
  • dealing with membership payments
  • sending publications by post, including two Newsletters per year that provide details of events
  • event bookings
  • undertaking health & safety practices to ensure the safety of members.
  • communication between members of the committee and project leaders.
  • Where possible we use email for communication because of its cheapness and immediacy.
  •  

2. Legitimate Interests

We assess we can rely on Legitimate Interests to carry out these items:

  • sending messages to members that include information about events etc. that are arranged by other organisations working in the same area of interest as ourselves
  • replying to enquiries from non-members by post or (where provided) by email.

 

Sharing with third parties

The DTRG uses only one third party provider to deliver part of the services it provides. The third party currently used:

  • Lloyds Bank, to process membership and other payments.
  •  

The DTRG will never sell its members' information to third parties, nor does it transfer data outside the UK.

 

Retention of and access to personal data

Members’ records are held during membership and for a period of twelve months after it ceases. If you wish your personal data to be erased more quickly than this, you should contact the DTRG’s Membership Secretary in writing. If you would like to access the information the DTRG holds about you (called a Subject Access Request) or to change the information held, or to cancel membership, please contact the Membership Secretary in writing.

 

Protocol concerning non-members

There may be occasions when non-members personal data is required for health & safety reasons if assisting the DTRG as a volunteer. In such circumstances the personal data will be destroyed at the end of the day.

 

Technical and Security Measures

Paper membership application forms are held securely by the Membership Secretary. The database is held on computer equipment and is backed-up. Access to the computer is protected and restricted. Officers of the DTRG committee have password protected access to relevant member details via the securely hosted DTRG website.

 

Children

We have no members under the age of 18 and do not currently anticipate any joining.

 

Breaches

Data protection breaches will be reported by the DTRG to the Information Commissioner’s Office in line with the requirements of that office. Should a breach occur, an investigation would take place to identify the root cause and to put in place measures to avoid a recurrence.

 

Your rights

These include a right to object to our use of your personal data on grounds relating to your particular situation and the right to lodge a complaint with a supervisory body. If you wish to make a complaint about how the DTRG has processed your personal data, you may contact the Chairman at the address given on the website. If you do not receive a reply within 30 days you may complain to the Information Commissioner's Office.

©2020 Dartmoor Tinworking Research Group.   All rights reserved.

Enter Password: