Data Protection Policy...

1.  Requirements of the Data Protection Act 2018

The Data Protection Act 2018, which incorporates the European Union General Data Protection Regulations (GDPR), has replaced previous legislation (the Data Protection Act 1998).  This sets out a legal obligation concerning the processing of personal data.  Our club processes personal data relating to members in the course of running the club so has obligations under this Act.

2. Definitions
Personal data means data by which you can be identified.
Processing means: collecting; recording; storing; presenting; altering; and destroying.

3. The data controller
The Club Secretary is the Data Controller for the Club. He is responsible for ensuring compliance with the Act and will answer queries about data protection and respond to requests from individuals to access their personal data. He will inform volunteers (committee members) about the requirements for holding and using personal data.

Members names may be passed onto an external Data Controller for inter-club competitions and similar events where they have an image entered.  Should a member not want his images entered into external competitions he should make the Competition Secretary aware.

4. The data
The Club collects the following data: name, address, telephone number(s), e-mail, scores obtained in competitions, records of work shown at external competitions.  Members may opt-out of receiving e-mail notifications by contacting the Club Secretary and opt out of having their images on the Club web site by contacting the Competition Secretary.

A note on eXif data.  Digital cameras record eXif data on each image.  A photographer may add more data as part of their processing of the image.  This data may include email and home addresses and location information.  It is the photographers responsibility to remove any eXif data that they would not like to be seen by a third party.

5. Collecting
Data is collected primarily via the membership form upon which there is a fair processing notice. From time to time other information is collected to help plan and manage the Club (e.g. a questionnaire, studio night).
The Club only asks for the data it needs to administer and promote the Club in line with the Constitution.

6. Recording and storing
Personal data kept by the club is recorded and stored in:
a)    The paper membership application or membership renewal form kept securely by the Treasurer; and
b)    Data extracted from the membership application or membership renewal form which will be stored electronically in a password secured file.
The committee have access to this data.
Each member has right of access to their own data.

7. Processing
The Club will ensure that Personal Data is processed in accordance with the principles of data protection, as described in the Data Protection Act 2018

8. Presenting
Names will be attributed to photographs when they are presented.

9. Altering
Data will be altered only on the request of the individual

10. Destroying
The club will destroy personal data held on paper and computer records two years after membership has ended or earlier if it is no longer relevant or required. All e-mails sent to the membership will be BCC'd and immediately deleted.
The treasurer shall keep data in line with government practices.

11.  Security
Paper-based Personal Data will be kept by the Treasurer of the Club in a file securely.
Electronic Data is kept on committee members' personal computer(s). That includes an Excel file containing Personal Data for the current membership year and the previous membership year. The Excel file is password protected. This password will be known only by the committee and changed regularly.
Committee members will maintain a separation between personal data from different data controllers, and between controlled and domestic use of personal data.

12. Sharing
Personal Data will only be used by committee members who need it to perform their designated function within the club.

Personal data will not be disclosed to third parties except where required or authorised by law or with the prior agreement of the member.

Entry conditions of inter-club events will ensure that any third-party entrant confirms explicit consent for the organiser to hold personal data about the photographers entered to the event.

The Club will ensure that only consented personal data is placed on the club web site.

The Club will not make membership contact information available for electronic
marketing.

The Club will refuse any request to cascade marketing material to members
by electronic messages.

13. Compliance
The committee will annually review compliance with this policy