Data Protection, Retention and Privacy Policy

Penrith and District Beekeepers Association (PDBKA)

1. PDBKA adheres to the requirements of the General Data Protection Regulations (GDPR) 25th May 2018 which protects individuals from the unauthorised and unreasonable use of disclosure about themselves whilst balancing the legitimate need of Charity Commission and PDBKA to collect and use personal data for the achievement of its charitable objectives.

2. Members’ names, postal addresses, telephone number, E mail addresses and financial information relating to the renewal of membership subscriptions and the level of insurance required, but no other personal information, will be held in a secure computer data retrieval system for

· use by PDBKA in connection with its beekeeping activities

· the provision of services to members by PDBKA and the other organisations to which it is affiliated.

It is the responsibility of the Trustees who hold the data to have an up to date virus protection installed on their computers, with security settings to protect the data.

3. Unless required by the Associations to which the PDBKA is affiliated or other official agencies/ individuals responsible for monitoring bee health, membership details shall not be passed to any other third party without the express permission of the member concerned.

4. With their permission, the names, phone numbers and E mail addresses of the Trustees, the Apiary Managers and the Apiary Management Team will be provided to the administrators at Acorn Bank (National Trust) to ensure that appropriate members of PDBKA can be contacted if emergencies arise at the apiary.

5. Gift Aid:

PDKA is able to re-claim part of the membership fee from HMRC if members confirm that they are able/ willing to Gift Aid their subscription.

Members will be required to confirm that they are able/ willing to gift aid when they renew their annual membership.

For administrative purposes, this information will be included on the PDBKA membership list.

6. Members will be required as a condition of membership to agree to their names and contact details being recorded in a secure electronic retrieval system for the purposes outlined above.

7. PDBKA will only retain member’s names, postal addresses, E mail addresses and phone numbers and financial information relating to the renewal of membership subscriptions and the level of insurance required, on the association’s electronic systems for a maximum of two years. These lists will be updated as members join the association for the calendar year in which the registration applies.

8. Full membership lists will only be held by the following PDBKA Officers:

· The Communications Secretary

· The Treasurer

9. This policy will also apply to the data retained about contractors and 3rd party suppliers.

10. An individual’s name and contact details will also be collected when they make a booking for an event/training course. This will be used to contact them about their booking and to allow them entry/ or to participate.

11. An individual’s name, contact details and other information may also be collected at anytime, including when making an initial booking, with their consent, in order for PDBKA to be able to communicate with them about future opportunities.

12. When collecting data PDBKA will always provide a clear and specific privacy statement explaining to the subject why the data is required and what it will be used for.

13.PDBKA will not collect or store more data than the minimum information required for its intended purpose.

14.PDBKA will update its records annually, when membership is renewed. PDBKA will request that members and current contractors check and update their data on an annual basis.

15. Right to rectification: Any individual will be able to update their data at any point by contacting the Data Protection Officer and/ or, the Treasure and the Communications Secretary. Individuals can also request that their data be updated where it is inaccurate or incomplete. Any requests for data to be updated will be processed within one month.

16. If a member resigns or wishes for any other reason, to have their information removed during the membership year, this will be actioned within one month of receiving a written notification to the Data Protection Officer, and/or the Treasurer and the Communications Secretary.

17: Security: PDBKA will ensure that the data held is kept secure:

· Electronically-held data will be held within a password-protected and secure environment

· Physically –held data (e.g. membership forms or E mail sign up sheets) will be stored in a secure environment.

· Access to data will only be given to relevant Trustees (see clause 8) and contractors where it is clearly necessary for the running of the event/activity. The Data Protection Officer will decide in what situations this is applicable and will keep a master list of who has access to data.

18.Rights of access: individuals can request to see the data PDBKA holds on them and confirmation of how it is being used. Requests should be made in writing to the Data Protection Officer. This will be complied with, free of charge, and within one month.

19. Right to object: individuals can object to their data being used for a particular purpose. When PDBKA receives a request to stop using data it will comply, unless there is a lawful reason to use the data for legitimate interests or a contractual reason.

20. Member-to–member contact: PDBKA will only share members’ data with other member’s prior consent. As a membership organisation PDBKA encourages communication between members to facilitate support networks to promote good bee husbandry.

Members can request the personal contact data of other members in writing to the Data Protection Officer, the Treasurer or the Communications Secretary. The basic details of telephone/ E mail address will be supplied if the subject has consented to their data being shared with other members in this way.

Members can also request that their contact details are not shared with other members by contacting the Data Protection Officer, the Treasurer or the Communications Secretary in writing.

21. Responsibilities:

PDBKA is the data controller of the information which is provided by its members and contractors. The Data Protection Officer, together with the Treasurer and the Communications Secretary are responsible for what data is collected and how it will be used.

Any questions relating to the collection or use of the data should be referred to The Data Protection Officer.

22. Web site management: A cookie is a small text file that is downloaded onto ‘terminal equipment’ e.g. a computer or smart phone when the user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions.

PDBKA uses cookies on its website to monitor and record browser activity. PDBKA will implement a pop-up box that will activate each new time a user visits the website. This will allow them to click to consent (or not) to continuing with cookies enabled, or to ignore the message and continue browsing (i.e. give their implied consent).

It will also include a link to the PDBKA Privacy Policy which outlines which specific cookies are used and how cookies can be disabled in the most common browsers.

23. Marketing: When PDBKA collects data from consenting supporters for marketing purposes e.g. contacting them about future events/ activities or membership benefits, PDBKA will provide :

· a method for users to show their positive and active consent to receive these communications (e.g. a tick box)

· a clear and specific explanation of what the data will be used for (e.g. tick this box if you would like PDBKA to send you E mail updates about future training opportunities/ fundraising events)

· a method through which a recipient can withdraw their consent e.g. an ‘unsubscribe link in an e mail. Opt-out requests such as this will be processesd within 14 days.

24. Deletion of data: Physical data will be destroyed safely and securely, including shredding.

All reasonable and practical efforts will be made to remove data stored digitally. Where deleting the data would mean deleting other data that we have a valid lawful reason to keep (e.g. old e mails) then the data may be retained safely and securely but not used.

Privacy Policy: Summary

· Data collected includes basic contact details and financial information related to membership renewal and gift aid on subscriptions.

· This information is not shared with other associations/ individuals without the member’s permission.

· The information is stored in a secure, password protected electronic system or, for hard copies, in a secure environment.

· Information about themselves can be accessed by individuals at any time.

· Requests for information to be updated/ deleted from records will be activated within one month of receiving notification/ request in writing.

· Web site provides the option to accept/ deny access.

Policy compiled and approved May 2018

To be reviewed every two years.

Last reviewed: May 2023 Next date for review : May 2024