This policy sets out how The Harrogate and Nidderdale Art Club complies with the General Data ProtectionRegulation. It deals with data relating to club members and supplements the Club’s overall Information SecurityPolicy which covers other IT security issues (e.g. website, credit card machine)

Data held by the Club
The full name, address, telephone number(s) and email address of each Club member are held by the Club on the membership database spreadsheet. This information is provided by the member themselves when they apply to join HANAC.

The Chairman, Secretary, Treasurer, Membership Secretary, Exhibition Organiser and Technology Officer have access to this data. The Membership Secretary is responsible for making sure that records are kept up-to-date.

Reasons for holding this data
The data is held so that the relevant Committee members can communicate with Club members and keep them informed of club activities.The data is not shared with any other party or organisation. The data is only available to Committee members as outlined above. Measures will be taken (e.g. use of :BCC on emails) to ensure that the data is not shared across theClub.

Retention of data
Data will be retained for the period of membership of the Club plus 1 year after membership ceases. It will then be deleted. Annually, when membership is renewed in September, the membership list will be updated.

Information for HANAC members
All members will be informed about what data is held on them, why it is needed and who holds their data. Under the GDPR they can request access to the data held on them. (Under the current regulations, HANAC will have a month to comply.) They also have the right to rectification, to erasure, to restrict processing, to data portability*, to object and the right not to be subject to automated decision-making including profiling.

All members are asked to consent to their data being held and confirm that they have been informed of their rights under the GDPR when they apply to become a member or renew their membership.

*Data portability is the ability to move data among different application programs, computing environments or cloud services.

Guidelines for Committee Members

• Please make sure that you are familiar with the policy on data protection.
When a person applies to become a member of HANAC, they will be informed of the Data Protection Policy and what data will be held. Their details will added to the membership list by the Membership Secretary.

• When contacting members by email, please ensure that you use the :BCC function to ensure that recipients cannot see the email addresses of other members.

• Do not give the contact details of any member to a third party without their permission.

• Before taking photographs or videos for publicity purposes, please read the policy on Photos/Video.

The Harrogate and Nidderdale Art Club Policy on Photos and Videos

Photographs, videos and other media (e.g. audio) in which individuals can be identified can be seen as personal data in the eyes of the law, and must be taken, stored and used in line with data protection principles.

Photographs, videos and other media:

  • will only be used for the purpose for which they were taken (e.g. to publicise the activities of HANAC), and no other purpose.

  • will not be held longer than necessary.

  • will be destroyed if the people in them ask for them to be destroyed.

  • will be held, and disposed of, securely so that they don’t end up in the hands of a third party.

As a general rule, the names of the people who are photographed will not be included in any publicity.

Consent

Adults and young people will be informed before being photographed or filmed. This may be by:

  • Displaying signs at the event.

  • Advertising in the publicity for the event

  • If practical, making an announcement

  • Informing all members at the AGM and on membership renewal, that photographs may be taken at any club meeting.

They will be given the chance to opt out before photos are taken.