Talbot Owners’ Club; European Union General Data Protection Regulation.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). The UK Government has incorporated these requirements into UK law under the Data Protection Bill, with the regulations coming in to force on Friday, 25th May 2018. The focus of the regulations is to lay out the way in which all organisations handle personal information. They specify the rights of the individual and the responsibilities of any organisation that captures and stores data that can be identified as personal. This includes names, dates of birth, addresses, - anything that relates to a person.
The Talbot Owners’ Club (TOC) exists to “promote the fuller enjoyment of Talbot ownership”. As such, information to enable contact between the Club and its Members and between Members themselves is an integral part of the Club’s activities and one of its greatest benefits. The TOC aims to record and use only the minimum amount of information about its Members to enable this to be achieved and this document sets out the Club’s approach.
The changes don’t alter what we use your personal information for but make it easier for you to find out how we use and protect your information.
The requirements of the GDPR, and how the TOC will comply, are as follows:
1. More communication
What data does the Club record?
GDPR states that Clubs will need to give people more information about how and what we do with your data at the point you collect it.
In the TOC, data is collected for Membership purposes only. When you sign up, this is done on a paper form which is securely stored by the Membership Secretary, then added to the Club’s electronic database system.
Your details are used by the TOC essentially so that we know who you are, how to contact you and to maintain effective and up-to-date records of Talbot cars. Your details are not passed or sold onto any other third party and we have kept the personal details we hold on you to an absolute minimum so that they only consist of:
Talbot car ownership details
Membership subscription status
Who can see these details?
All Members’ details are stored on password-protected secure servers. The complete database is only accessible by three people within the TOC:
Secretary – For purposes of emailing Members with relevant information
Webmaster - For purposes of administration
Treasurer - For purposes of Membership subscription payments
A Membership List containing the above information is provided in printed form to all Members. Members can access records of other individual Members and their Talbot cars via the protected Members-only section of the TOC website. New members are welcomed in the Club Magazine along with their contact details and information about their cars. The Magazine is only available to Members, apart from individual copies which are lodged with the FBHVC, or which may be sent to photographers whose pictures we have used or advertisers in the Magazine.
What if someone asks for my details or email address?
The TOC will never provide details to another party; the Membership list is not provided to any outside person or agency in either printed or electronic form, other than the mailing house for Magazine distribution (See 3). If someone asks for your details, we will send their request to you so that you may reply to them if you wish.
Your email address may be used by the Club for direct contact about your Membership, but in no circumstances will it be provided to anyone not associated with the TOC mailing list or to anyone outside of the TOC.
2. Responding to subject access requests and Data Retention
In most organisations, when someone requests a copy of the personal data that is held about them, this has to be presented within a 40-calendar day period. The TOC will comply with this practice.
What happens if I let my Membership expire?
For Members of the TOC whose Membership expires, Membership details will be held to allow continuity of Talbot car ownership records. If you wish, expired Members can request that their personal details are deleted by contacting email@example.com and to confirm their details are no longer held by the Club.
GDPR policies indicate that there will be direct obligations on data processors as well as on data controllers. At the TOC, we use the following third parties for processing data:
Mailing house for Magazine distribution:
A name and address file is sent direct to the mailing house, Cheshires Laser Mail, in order to create labels for Magazine postage. The email is encrypted and password-protected and the password is sent in a separate email. The name and address list is for once-only use and is then destroyed. The mailing house is Data Protection registered, No ZA302273. Copy details of the mailing house Data Security Policy is held on file by the TOC. (Details to follow)
Why? We use this for processing payments.
All payment details are stored on Paypal servers and are not accessible to the TOC at any point. Paypal feeds the payment into our system, although any information on that transaction, apart from the payment date and fee paid, is not stored on our servers.
4. Getting consent
Under GDPR it is important we get consent to use your personal data in certain ways; in the case of the TOC, to send the Magazine and relevant emails about Club activities and to maintain subscriptions and Talbot car ownership records.
From May 1st 2018, the Membership Application form asks applicants to sign and return the completed form, which will also signify their agreement to the Club retaining and storing their personal data, both in written and electronic form as required under the provisions of the GDPR. This information is essential to the running of the Club and all such information will only be disclosed to other Club Members in the form of a welcome in the Club Magazine, in the Club Membership list and in the protected Member’s section of the Club website. Their signature is proof of agreement; EUGDPR regulations as applied to the Talbot Owners’ Club can be read on the Club website; www.talbotownersclub.co.uk (To follow)
Existing Members who joined before May 1st 2018
All Members who joined before May 1st 2018 are being contacted and informed that, as a condition of your Membership, you agree to the Club retaining and storing your personal data as outlined in Section 1 both in written and electronic form as required under the provisions of the GDPR. Such information will only be disclosed to other Club Members in the form of a Club Membership list and in the protected Member’s section of the Club website.
New and existing Members - can I keep my contact details confidential from other Members of the Club?
The aim of the TOC is to create and support a community of Talbot owners and the ability of Members to contact each other is the very essence of the Club. However, if you wish that your details are not published within the Club, please contact firstname.lastname@example.org
Can I unsubscribe from Club emails?
Yes, a new facility is being introduced to enable you to unsubscribe so that you no longer receive emails from the TOC.
GDPR contains additional policies for the protection of children’s personal data. Whilst children are welcome to join the Club, the TOC recommends that parents or guardians should sign up for their child thus providing consent that the Club can store associated data. Because being a Member may involve a payment via Paypal or by cheque, which themselves have adult age restrictions, we believe that all Members who do sign up and pay via these sources are therefore adults creating accounts for themselves, or if for a child, are providing consent by making the payment. It is also for this reason that a Member’s age is not requested.
6. Data breaches
In the unlikely event of a data breach where unauthorised access has been made to access Member’s data, all Members on the data base will be informed.
7. Member’s concerns
In the TOC, we have done the best we can to understand and be compliant with the new GDPR rulings that come into effect on May 25th 2018. Whist we trust that Members should have no cause for concern about the way their details are kept, should anyone have any concerns or any questions, then these should be addressed to email@example.com
Talbot Owners’ Club, 26 April 2018