General Data protection Regulation (GDPR) Data Management Policy
Purpose
This policy sets out the methods by which South Hams Theatre & Concert Club (SHTCC)(The Club) will adhere to its understanding of the requirements of the General Data Protection Regulation (GDPR).
Data collection, use and retention by SHTCC falls into two categories:
(1) Membership Data and (2) Trip data.
(1) Membership Data
SHTCC collects data from prospective and existing members in order to facilitate the running of the Club and to provide members with the Club’s benefits. This data is managed by the Chairman of the club along with the Membership Secretary. A member of the Club can be appointed to oversee the management of the data. The data protection policy will periodically be reviewed.
Each member, prospective and existing, is asked to complete and sign a ‘membership Application’ form which sets out the nature of the data collected and processes for which it will be used. The specifics of this data collection and use are as follows:
1. The information provided on the appropriate form (Membership Application) will be used by the Club for purposes only in connection with the running of the Club, which included communicating by post, phone and e-mail.
2. The data on the form includes name, address, phone number/s, email address/es, date joined, whether an individual or joint member, subscription amount and date paid.
3. The data is stored on a memory stick/computer/back-up hard drive with virus and malware checking software and in a file of the hard copy forms. This data may be provided to Officers of the Club and other members when it is needed to facilitate the running of the Club and for the benefit of the membership.
4. Members are requested to inform the Club in writing of any changes in the information.
5. Members details will be removed from the Club’s stored records within 28 days of a written request to the address on this document.
6. The data of members who leave the Club will be deleted/securely stored.
7. Any member has the right to have a copy of the stored information about him/herself.
8. The data will never be disclosed for marketing purposes.
9. Members have a right to complain to the Information Commissioners Office if it is believed there is a problem with the Club’s handling of data.
(2) Trip Data
The Club also collects, processes and stores data related to trips to theatres/concert halls/hotels. This data is managed by the Club’s Ticket Secretary and is shared with the Coach Host who has volunteered for that specific event.
1. Data collected from a booking form comprises: Event, Date, Member/s Names/s, Phone No., E-mail address, Total tickets requested, Seat Type, Coach Only (If applicable), Cheque enclosed for amount, Special requests, Pick Up Point, Are you willing to be Coach Host (Y or N), Guest’s Names, Phone No.’s and e-mail addresses.
2. Data is only held until completion of the event, all bills are settled which in any case does not exceed 30 days.
3. The coach host does not retain her schedule of attendees but returns it to the Ticket Secretary who will deal with it as per item 2 above.
4. For an event involving a hotel stay additional data collected includes Room Type requested, Menu Selection (if relevant) and special requests.
5. A Rooming list for the hotel being used and Passenger list for the Coach company will be provided to the respective companies. Their GDPR policies will then apply to this data which comprises Names and preferences only.
6. No financial data, history of shows attended or show preferences is held beyond the immediate process required to run the club and put on trips to shows as per the club's constitution.