celebrating 100 years 1910 - 2010
GDPR COMPLIANCE STATEMENT
The National Modena Club GB takes your privacy very seriously. We will do our utmost to ensure that your data is safe.
We are committed to compliance and all information we collect and store will be in accordance to GDPR.
National Modena Club of Great Britain
The National Modena Club takes privacy very seriously. This notice explains how we use the personal information you provide us with. Your data will be used for facilitating your enquiry and membership. We will outline how we share it with third parties.
How we collect information
To comply with the law personal information must be collected and used fairly. This is to be stored safely and not unlawfully disclosed.
We collect information from any application for membership; from emails you send us and telephone calls.
How we use your personal information.
We will not use your personal information for marketing purposes.
We will only use your personal information for the following purposes:
To administer and manage our relationship with you, including-
To provide you with any relevant information appertaining to your membership and any other business required for the running of the club.
To provide you with details of our products, services and promotions.
To notify you of changes to what we do.
For the purpose of recovery of a debt in case of non-payment.
To comply with applicable laws and regulations.
In connection with these purposes, we may share your personal information with third parties that perform services on the NMC GB’s behalf, including printing and fraud sharing organizations.
We may also disclose your personal information to third parties in other circumstances, in particular:
To provide our club secretaries and editors within the association for the purpose of circulating show schedules and newsletters/bulletins.
If we are under a duty to disclose or share your personal information to comply with any legal obligation.
To protect the rights and property of The National Modena Club GB and its members.
In response to a request from a governmental authority [including a regulator].
We will never sell your personal data
Audio recording under the GDPR
The bar for valid consent has been raised much higher under the GDPR. Consent must be freely given, specific, informed, and unambiguous; tacit consent is not sufficient.
You will not be recorded without your consent.
You will not be photographed without your consent.
Keeping in touch with you
From time to time we would also like to keep in touch with you, to provide details about the association’s activities. If you do not want to be contacted in this way, please contact us at [email protected] and we will facilitate your request.
How we hold your data
Your data is stored electronically and in paper form by the club secretary. Computers are password protected and data encrypted.
All data supplied in paper form is securely stored at the secretary’s premises.
When required Data will be deleted and/or destroyed securely.
Your rights in relation to your personal information
You have various rights under data protection law regarding the processing of your personal information, including rights to:
Request access to personal information we hold about you and details of our processing of your personal information.
Request us to correct inaccurate personal information.
Request us to delete personal information in certain circumstances.
Receive your personal information in a format suitable for transmission to a third party.
Object to the processing of your personal information for direct marketing.
Object to any decision about you based solely on automated processing (including any profiling) that produces legal effects or otherwise significantly affects you.
Lodge a complaint with the UK Information Commissioners Office.
You can make a request to us in relation to these rights at any time by contacting us at [email protected] and any information to which you are entitled will be provided within a reasonable timeframe, subject to exemptions stipulated in applicable data protection laws.
How long do we retain your personal information?
In the event of your membership lapsing we will keep your information for as long as six years.
How to contact us
If you have any queries about how we use your personal information, you can contact us at any time via email
Please join up email address
matin coyle 1 9 5 9 @icloud.com
National Modena Club of Great Britain
DATA PROTECTION POLICY
The National Modena Club GB needs to gather and use certain information about individuals.
These include members, customers, suppliers, clubs, business contacts, employees and other people the Association has a relationship with or may need to contact.
This policy, in conjunction with the Clubs Privacy Notice, outlines how this personal data must be collected, handled and stored, in order to meet data protection standards and to comply with the law.
This data protection policy ensures that The National Modena Club:
Complies with data protection law and follows good practice
Protects the rights of its members, secretaries, committee, officials, customers and other people the NMC GB has a relationship with.
Is open about how it stores and processes individuals’ data
Protects itself from the risks of a data breach
The General Data Protection Regulations [GDPR] supersede previous Data Protection law in governing how organizations, including the NMC GB, must collect, handle and store personal information. These rules apply regardless of whether data is stored electronically, on paper or on other materials.
How we collect information
To comply with the law personal information must be collected and used fairly, stored safely and not disclosed unlawfully.
We collect information from any application of membership or emails you send and anyone who request that we advertise their details in our publications.
Information gathered must:
Be processed fairly and lawfully
Be obtained only for specific, lawful purposes
Be adequate, relevant and not excessive
Be accurate and kept up to date
Not be held for any longer than deemed necessary by current legislation
Processed in accordance with the rights of data subjects
Be protected in appropriate ways
Not be transferred outside the European Economic Area [EEA], unless that country or territory also ensures an adequate level of protection
This policy applies to:
All secretaries, elected officials and members of the NMC GB
All contractors, suppliers and other people working on behalf of the NMC GB
This policy applies to all data that the Association holds relating to identifiable individuals, including, but not exhaustively:
DoB [Juniors only]
The policy helps to protect the NMC GB from data security risks, including but not exhaustively:
Breaches of confidentiality if information is given out inappropriately
Failing to offer choice, all individuals should be free to choose how the company uses data relating to them
Reputational damage if NMC GB suffers a serious security breach that requires reporting to the ICO
Everyone that works for or with the NMC GB has some responsibility for ensuring data is collected, stored and handled appropriately. All individuals with access to personal data must ensure that it is handled and processed in line with this policy and data protection principles.
The following people have key areas of responsibility:
The NMC GB Committee is ultimately responsible for ensuring that the NMC GB meets its legal obligations
The Secretary is responsible for:
1) Keeping the Committee updated about data protection responsibilities
2) Reviewing all data protection procedures and related policies
3) Arranging data protection advice for the people covered by this policy
4) Handling data protection questions from members and anyone else covered by this policy
5) Dealing with requests from individuals to see the data the NPA holds about them
6) Checking and approving any contracts or agreements with third parties that may handle the Association’s sensitive data
7) Ensuring that the Association systems, services and equipment used for storing data meet acceptable security standards including performing regular checks and scans to ensure security hardware and software is functioning properly
The only people able to access data covered by this policy are those who need it for their work
Data should not be shared informally. When access to confidential information is required, members/committee can request it from the Secretary who will then follow the correct and legal process of disseminating that information.
The NMC GB will provide training to all committee/secretaries and volunteers to help them understand their responsibilities when handling data
Committee, secretaries and volunteers should keep all data secure by taking sensible precautions and following the guidelines within this policy
Strong passwords must be used and they should never be shared
Personal data should not be disclosed to unauthorized people, either within the Club or externally
Secretaries/Committee should ensure the screens of their computers are locked when left unattended
Data must be encrypted before being transferred electronically, including by email
Personal data must never be transferred outside the EEA
Committee, secretaries and volunteers should not save copies of personal data to their own computers under any circumstances
Data should be regularly reviewed and updated if it is found to be out of date. If no longer required it should be deleted or securely disposed of in line with the Disposal of Data Policy.
Members, subcontractors, volunteers should request help from the Secretary or Committee if they are unsure of any aspect of data protection
DATA STORAGE – PAPER DOCUMENTS
When not required paper documents and files should be kept in a locked drawer or filing cabinet
Employees/committee members should make sure paper documents and printouts are not left where unauthorized people can see them. Data printouts should be shredded and disposed of securely when no longer required
DATA STORAGE – ELECTRONIC DOCUMENTS
Data should be protected by strong passwords that are changed regularly and never shared
Data stored on removable media [CD/DVD/USB Stick] should be kept locked away securely when not in use
Data should only be stored on designated drives and servers and should only be uploaded to an approved cloud computing service
Data should be backed up frequently and back-ups should be tested regularly in line with the Associations standard back-up procedure
All servers and computers containing data should be protected by approved security software and firewall
DISPOSAL OF DATA
Data will be securely disposed of in line with the following guidance:
Data will be checked annually for age and relevance
Data relating to HMRC regulations will be kept for the mandatory 7-years
Data relating to product warranties and guarantees will be kept for the relevant period to facilitate said warranties and guarantees
Data will be disposed of immediately and without prejudice if a data deletion request is received except in relation to current HMRC regulations
Members, Secretaries and volunteers personal data will be held for the duration of employment and for a period of 6-years following the end of employment in line with HMRC current regulations
The NMC aims to ensure that individuals are aware that their data is being processed and that they understand:
How the data is used
How to exercise their rights
To facilitate this the NMC GB has published a Privacy Notice that is available on the NMC GB website. The notice applies to members of the public in their dealings with the NMC GB as well as employees of the Association.
This policy may be updated as required and will be published on our website
A personal data breach can be defined as an incident that has affected the confidentiality, integrity or availability of personal data.
Breaches under the GDPR can include
Storing of Personal Data without permission - Photographic images of individuals and small groups can be defined as personal data and therefore fall within the scope of the Data Protection Act (DPA) 2018. One of the key changes to the current data protection framework involves audio recordings; organisations will need to actively justify the capture of conversations and the processing of personal data.
Inaccuracies in data
Using data for a purpose without permission
Unnecessary information viewed
Unjustified viewing of data
Unauthorised access by 3rd Party
Personal data lost, destroyed or corrupted (alteration)
Personal data disclosed
Passed on without proper authorisation
Depending on the severity of the breach the GDPR ICO can impose fines or
•Issuing warnings and reprimands;
•Impose a temporary or permanent ban on data processing which in effect will lead to the closure of an organisation.
•Ordering the rectification, restriction or erasure of data; and
•Suspending data transfers to third countries.