Personal data relates to a living individual who can be identified from it (the ‘data subject’.) The processing of personal data (including use) is governed by the General Data Protection Regulation (“GDPR”) incorporated in the new Data Protection Act on 25th May 2018.
Easter Camp has a lawful basis for keeping and using the personal data of all on its mailing list, as applicants have shown their consent by the affirmative action of applying for camp or for information. Holding the personal data on a mailing list serves the legitimate interests of Easter Camp in publicising its activities and seeking new campers.
Easter Camp will therefore continue to hold and use the personal data of all individuals on its mailing list, unless they indicate a wish to be removed from it. It will also hold the personal data of individuals who apply for camp or for information in the future or agree to be on the mailing list in future.
Personal data of individuals is used –
• to run Easter Camp each year;
• to maintain financial records;
• to inform people of future camps and to report on past camps;
• to ask for donations as appropriate;
• to pass information to the Chair, or other members of the Committee, on a need to know basis, to aid in the organisation of a particular camp;
• to generally promote the interests of Easter Camp.
Records of the information given on the application forms will be kept for 3-years after which time they will be securely destroyed. They will be kept by the Data Controller (Treasurers).
If an Easter Camp attendee wishes Easter Camp to remove their name from the database the Data Controller (Treasurers) should be informed.
If an Easter Camp attendee changes their contact details please advise the Data Controller (Treasurers) accordingly.
Easter Camp complies with its obligations under the GDPR by keeping personal data up to date (Easter Camp use a separate database for each particular years’ camp); by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure; and by ensuring that appropriate technical measures are in place to protect personal data. We take reasonable steps to make sure that the data we hold is secure by ensuring it is held as few places as practical, that if it is stored in the cloud, a reputable storage system is used and that unauthorised people do not have access to the data.
All personal data will be treated as strictly confidential and will only be shared with other people in order to carry out a service to campers or for purposes connected with its activities. It will not be shared with third parties except with the data subject’s consent; it will not be sold, and it will not be used for marketing.
If permission has been given for Easter Camp to do so on the application form for that years’ camp, the data will be used to produce a contact list (name, address, phone number, mobile phone number, email address) to be distributed to that particular years’ Easter Camp attendees.
Membership and mailing list data will be retained while it is still current. Financial records will be retained for 7 years after the transaction they relate to.
Data subjects have the right –
• to request a copy of any personal data which Easter Camp holds about them;
• to request Easter Camp to correct any personal data that is inaccurate or out of date;
• to request that personal data be erased if it is no longer necessary for Easter Camp to retain it;
• to withdraw consent to the processing at any time;
• to request the data controller to provide them with their personal data;
• if there is a dispute about the accuracy or processing of personal data, to request a restriction be placed on further processing;
• to object to the processing of personal data;
• to lodge a complaint with the Information Commissioner’s Office; see the website at www.ico.org.uk.
This policy will be reviewed every 2 years.
Adopted …. May 2018
Reviewed Spring 2022