General Data Protection Regulations (2018) Privacy Policy
The Shakespeare Line Rail User Group, (hereinafter referred to as “SLRUG”), is required to comply with the provisions of the General Data Protection Regulation which came into force on 25 May 2018.
If you need to get in touch, please contact the SLRUG (Membership Secretary) Susan Young at susanyoung2006@yahoo.co.uk by email or by post via SLRUG Membership Secretary, 202 School Road, Hall Green, Birmingham, B28 8PD.
What personal data does SLRUG collect?
The data we routinely collect includes members’ names, addresses, email addresses.
What is this personal data used for?
We use members’ data for the administration of SLRUG membership; the communication of information, calling and/or organisation of meetings/events.
We do not share membership information with or provide it to any other persons or third parties.
The Committee reserves the right to forward to SLRUG members information related to third parties that it may think is appropriate or relevant to SLRUG membership – for example major announcement by a Train Operating Company, Community Rail affecting the Shakespeare Line or events where there is a discount for being a member. Such forwarding of third-party information would, in normal circumstances, only be carried out after it had been considered and approved by the SLRUG Committee. The Secretary or Chairman can forward third party information if it considered urgent. All of the foregoing is subject to SLRUG forwarding information only, SLRUG WILL NOT divulge or provide any personal data related to SLRUG individual members to any third party.
Who is your data shared with?
Your personal data will not be passed on by us to any third party or other organisation.
Where does this data come from?
Data for our members comes from them when they join/renew membership of SLRUG or when they update their information by sending an update email or letter to SLRUG (Membership Secretary) – contact details at top of page.
The information held by SLRUG may be updated if you have given it permission to change your record.
How is your data stored?
This information is stored in digital form on the Membership Secretary’s computer as well as routine backups retained on external hard drive and cloud storage. Care is taken to keep the information secure, using recognised software for this purpose.
A copy of the SLRUG membership information is stored as a backup on the SLRUG Secretary’s computer and is password protected. The Membership Secretary will provide an updated copy of the SLRUG Membership data to the SLRUG Secretary on request.
The completed paper membership forms are stored out of sight, and are shredded when no longer relevant to SLRUG.
Who is responsible for ensuring compliance with the relevant laws and regulations?
Under the GDPR (General Data Protection Regulation) we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring SLRUG discharges its obligations under the GDPR is the Membership Secretary.
Who has access to your data?
Members of the SLRUG committee shall have access to members’ data in order for them to carry out any legitimate tasks for SLRUG.
No third parties, other persons or organisations may be given access to SLRUG membership data.
What is the legal basis for collecting this data?
SLRUG collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation and Rail User Group.
For some data, such as that relating to financial/membership matters, the basis for its collection and retention is to comply with our legal obligations.
How you can check what data we have about you?
You should contact the SLRUG Membership Secretary – contact details at top of page 1.
There is no fee for this “subject access request”, though we reserve the right to charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information.
Does SLRUG collect any “special” data?
The GDPR refers to sensitive personal data as “special categories of personal data”. SLRUG does not hold any sensitive personal data.
How can you ask for data to be removed, limited or corrected?
You may choose not to receive information emails from SLRUG – you will need to indicate this by email or post contacting the SLRUG Membership Secretary – contact details at top of page 1, or leave this information blank on your latest membership renewal.
If you cancel your membership your personal data will be deleted within one month of this notification.
Corrections to membership data should be made by email or post contacting the SLRUG Membership Secretary – contact details at top of page 1.
How long do we keep your data for, and why?
SLRUG will keep your personal data for no longer than one month after membership has been cancelled or six months have lapsed from of the expiry date of your annual membership term.
Previous and older copies of electronic Membership Data will be deleted before the 31 October each year following the Financial Year it refers to, except for Life Members as described in the next paragraph.
Attempts to contact Life Members will be made every 3 years to confirm consent to continued retention of their data and any updates required, after which any non-responders will be removed from the membership of SLRUG. Records of such consent will be kept until a newer consent is given.
The completed paper membership forms are retained for a maximum of 6 months after the end of the financial year they relate to – unless for current Life Membership. In this case they will be kept until Life Membership no longer applies or a change is requested which supersedes previously held information.
Once we have finalised our records for the new membership year all expired information will be deleted or destroyed.
What happens if a member dies?
We keep members’ information after they die, until we are notified of this or we have deleted the information from our records due to non-renewal of membership or no response to the 3 yearly cycle of contact for Life Members. If informed of the members death or requested by their next-of-kin SLRUG will delete the personal details within one month of receiving such advice.
The Basis for SLRUG’s position, statement and operation of the General Data Protection Regulation (GDPR)
As it affects SLRUG, its function, administration and operation the provisions of the GDPR have been interpreted as data used, maintained and kept under Legitimate Interests.
The interpretation of Legitimate Interests in the context of GDPR and for SLRUG being:
- Data processing is necessary for membership of SLRUG’s that as a Rail User group represents a legitimate interest for individuals that wish to belong to SLRUG by being a member.
The category of legitimate interests covers the activities of SLRUG, and is the lawful basis that we, SLRUG, give for the collection and processing of our data. This covers the use of people’s data in ways they would reasonably expect and which has a minimal impact on privacy.
The purpose of holding Members personal data is:
- To maintain membership and communicate with members on matters related to SLRUG as a Rail User Group or associated issues that SLRUG Committee consider to be relevant.
In summary:
- SLRUG does not collect more data than necessary
- SLRUG collects personal data of members name, postal address and email contact details
- We confirm that members personal data will not be provided to third parties or shared/used by any other persons/organisations
- Members personal data collected will only be used to maintain membership and communicate with members on matters related to SLRUG as a Rail User Group or associated issues that SLRUG Committee consider to be relevant
- Access to SLRUG Members personal data is confined to SLRUG Committee Members, primarily the Membership Secretary.