top-logo

celebrating 100 years 1910 - 2010

New data Protection rules

GDPR COMPLIANCE STATEMENT

The National Modena Club GB takes your privacy very seriously. We will do our utmost to ensure that your data is safe.

We are committed to compliance and all information we collect and store will be in accordance to GDPR.

National Modena Club of Great Britain

PRIVACY NOTICE

The National Modena Club takes privacy very seriously. This notice explains how we use the personal information you provide us with. Your data will be used for facilitating your enquiry and membership. We will outline how we share it with third parties.

How we collect information

To comply with the law personal information must be collected and used fairly. This is to be stored safely and not unlawfully disclosed.

We collect information from any application for membership; from emails you send us and telephone calls.

How we use your personal information.

We will not use your personal information for marketing purposes.

 

We will only use your personal information for the following purposes:

To administer and manage our relationship with you, including-

To provide you with any relevant information appertaining to your membership and any other business required for the running of the club.

To provide you with details of our products, services and promotions.

To notify you of changes to what we do.

For the purpose of recovery of a debt in case of non-payment.

To comply with applicable laws and regulations.

In connection with these purposes, we may share your personal information with third parties that perform services on the NMC GB’s behalf, including printing and fraud sharing organizations.

We may also disclose your personal information to third parties in other circumstances, in particular:

To provide our club secretaries and editors within the association for the purpose of circulating show schedules and newsletters/bulletins.    

If we are under a duty to disclose or share your personal information to comply with any legal obligation.

To protect the rights and property of The National Modena Club GB and its members.

In response to a request from a governmental authority [including a regulator].

We will, were possible, endeavour to ensure those third parties have robust GDPR privacy policy in place.

We will never sell your personal data

 

Audio recording under the GDPR

The bar for valid consent has been raised much higher under the GDPR. Consent must be freely given, specific, informed, and unambiguous; tacit consent is not sufficient.

You will not be recorded without your consent.

 

Photographs

You will not be photographed without your consent.  

 

Keeping in touch with you

From time to time we would also like to keep in touch with you, to provide details about the association’s activities. If you do not want to be contacted in this way, please contact us at [email protected] and we will facilitate your request.

 

How we hold your data

Your data is stored electronically and in paper form by the club secretary. Computers are password protected and data encrypted.

All data supplied in paper form is securely stored at the secretary’s premises.

When required Data will be deleted and/or destroyed securely.    

 

Your rights in relation to your personal information

 

You have various rights under data protection law regarding the processing of your personal information, including rights to:

Request access to personal information we hold about you and details of our processing of your personal information.

Request us to correct inaccurate personal information.

Request us to delete personal information in certain circumstances.

Receive your personal information in a format suitable for transmission to a third party.

Object to the processing of your personal information for direct marketing.

Object to any decision about you based solely on automated processing (including any profiling) that produces legal effects or otherwise significantly affects you.

Lodge a complaint with the UK Information Commissioners Office.

You can make a request to us in relation to these rights at any time by contacting us at [email protected] and any information to which you are entitled will be provided within a reasonable timeframe, subject to exemptions stipulated in applicable data protection laws.

How long do we retain your personal information?

In the event of your membership lapsing we will keep your information for as long as six years.

How to contact us

If you have any queries about how we use your personal information, you can contact us at any time via email

Please join up email  address

matin coyle 1 9 5 9 @icloud.com

 

National Modena Club of Great Britain

 

DATA PROTECTION POLICY

 

The National Modena Club GB needs to gather and use certain information about individuals.

These include members, customers, suppliers, clubs, business contacts, employees and other people the Association has a relationship with or may need to contact.

This policy, in conjunction with the Clubs Privacy Notice, outlines how this personal data must be collected, handled and stored, in order to meet data protection standards and to comply with the law.

 

This data protection policy ensures that The National Modena Club:

Complies with data protection law and follows good practice

Protects the rights of its members, secretaries, committee, officials, customers and other people the NMC GB has a relationship with.

Is open about how it stores and processes individuals’ data

Protects itself from the risks of a data breach

The General Data Protection Regulations [GDPR] supersede previous Data Protection law in governing how organizations, including the NMC GB, must collect, handle and store personal information.  These rules apply regardless of whether data is stored electronically, on paper or on other materials.

 

How we collect information

 

To comply with the law personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

 

We collect information from any application of membership or emails you send and anyone who request that we advertise their details in our publications.

 

Information gathered must:

 

Be processed fairly and lawfully

Be obtained only for specific, lawful purposes

Be adequate, relevant and not excessive

Be accurate and kept up to date

Not be held for any longer than deemed necessary by current legislation

Processed in accordance with the rights of data subjects

Be protected in appropriate ways

Not be transferred outside the European Economic Area [EEA], unless that country or territory also ensures an adequate level of protection

This policy applies to:

All secretaries, elected officials and members of the NMC GB

All contractors, suppliers and other people working on behalf of the NMC GB

This policy applies to all data that the Association holds relating to identifiable individuals, including, but not exhaustively:

 

Name

Postal address

Telephone numbers

Email addresses

DoB [Juniors only]

Bank details

The policy helps to protect the NMC GB from data security risks, including but not exhaustively:

 

 

Breaches of confidentiality if information is given out inappropriately

Failing to offer choice, all individuals should be free to choose how the company uses data relating to them

Reputational damage if NMC GB suffers a serious security breach that requires reporting to the ICO

Everyone that works for or with the NMC GB has some responsibility for ensuring data is collected, stored and handled appropriately.  All individuals with access to personal data must ensure that it is handled and processed in line with this policy and data protection principles.

 

The following people have key areas of responsibility:

 

The NMC GB Committee is ultimately responsible for ensuring that the NMC GB meets its legal obligations

The Secretary is responsible for:

1) Keeping the Committee updated about data protection responsibilities

 

2) Reviewing all data protection procedures and related policies

 

3) Arranging data protection advice for the people covered by this policy

 

4) Handling data protection questions from members and anyone else covered by this policy

 

5) Dealing with requests from individuals to see the data the NPA holds about them

 

6) Checking and approving any contracts or agreements with third parties that may handle the Association’s sensitive data

 

7) Ensuring that the Association systems, services and equipment used for storing data meet acceptable security standards including performing regular checks and scans to ensure security hardware and software is functioning properly

 

GENERAL GUIDELINES

 

The only people able to access data covered by this policy are those who need it for their work

Data should not be shared informally.  When access to confidential information is required, members/committee can request it from the Secretary who will then follow the correct and legal process of disseminating that information.

The NMC GB will provide training to all committee/secretaries and volunteers to help them understand their responsibilities when handling data

Committee, secretaries and volunteers should keep all data secure by taking sensible precautions and following the guidelines within this policy

Strong passwords must be used and they should never be shared

Personal data should not be disclosed to unauthorized people, either within the Club or externally

Secretaries/Committee should ensure the screens of their computers are locked when left unattended

Data must be encrypted before being transferred electronically, including by email

Personal data must never be transferred outside the EEA

Committee, secretaries and volunteers should not save copies of personal data to their own computers under any circumstances

Data should be regularly reviewed and updated if it is found to be out of date.  If no longer required it should be deleted or securely disposed of in line with the Disposal of Data Policy.

Members, subcontractors, volunteers should request help from the Secretary or Committee if they are unsure of any aspect of data protection

DATA STORAGE – PAPER DOCUMENTS

 

When not required paper documents and files should be kept in a locked drawer or filing cabinet

Employees/committee members should make sure paper documents and printouts are not left where unauthorized people can see them.  Data printouts should be shredded and disposed of securely when no longer required

DATA STORAGE – ELECTRONIC DOCUMENTS

 

Data should be protected by strong passwords that are changed regularly and never shared

Data stored on removable media [CD/DVD/USB Stick] should be kept locked away securely when not in use

Data should only be stored on designated drives and servers and should only be uploaded to an approved cloud computing service

Data should be backed up frequently and back-ups should be tested regularly in line with the Associations standard back-up procedure

All servers and computers containing data should be protected by approved security software and firewall

DISPOSAL OF DATA

 

Data will be securely disposed of in line with the following guidance:

 

Data will be checked annually for age and relevance

Data relating to HMRC regulations will be kept for the mandatory 7-years

Data relating to product warranties and guarantees will be kept for the relevant period to facilitate said warranties and guarantees

Data will be disposed of immediately and without prejudice if a data deletion request is received except in relation to current HMRC regulations

Members, Secretaries and volunteers personal data will be held for the duration of employment and for a period of 6-years following the end of employment in line with HMRC current regulations

The NMC aims to ensure that individuals are aware that their data is being processed and that they understand:

 

How the data is used

How to exercise their rights

 

To facilitate this the NMC GB has published a Privacy Notice that is available on the NMC GB website.  The notice applies to members of the public in their dealings with the NMC GB as well as employees of the Association.

This policy may be updated as required and will be published on our website

A personal data breach can be defined as an incident that has affected the confidentiality, integrity or availability of personal data.

 

 

 

Breaches under the GDPR can include

Storing of Personal Data without permission - Photographic images of individuals and small groups can be defined as personal data and therefore fall within the scope of the Data Protection Act (DPA) 2018. One of the key changes to the current data protection framework involves audio recordings; organisations will need to actively justify the capture of conversations and the processing of personal data.

Inaccuracies in data

Using data for a purpose without permission

Unnecessary information viewed

Unjustified viewing of data

Unauthorised access by 3rd Party

Personal data lost, destroyed or corrupted (alteration)

Personal data disclosed

Passed on without proper authorisation

 

Depending on the severity of the breach the GDPR ICO can impose fines or

•Issuing warnings and reprimands;

•Impose a temporary or permanent ban on data processing which in effect will lead to the closure of an organisation.

•Ordering the rectification, restriction or erasure of data; and

•Suspending data transfers to third countries.