In order to protect your personal data and ensure that it doesn’t get abused we have written this policy to govern the use of personal data by the Stirling and District Camera Club (SDCC).
The policy is designed to comply with the EU General Data Protection Regulations (GDPR) which you can find out more about at here. The GDPR was approved by the EU Parliament on 14 April 2016 with an enforcement date of 25 May 2018, after which time organizations (such as SDCC) found to be in non-compliance with the regulations may face heavy fines.
The GDPR is intended to protect personal data which is any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
What Type of Personal Data Do We Use and How Do We Use It?
The personal data that we will request from you is the minimum that we need for the daily running of our club (SDCC). The following describes the data we use and how we use it:
- Your name: this is necessary to identify you as a legitimate SDCC member (i.e. someone who has paid the requisite membership fees for the current club session) and also to properly attribute your photographs in both internal/external club competitions and on the SDCC website (sdcc.org.uk), if appropriate.
- Your Email address: Email communications are our primary means of communicating with our members and we require that all members provide us with a suitable Email address. Your can register your preferences for the types of Email communications we send you (see section ‘How Do We Obtain Personal Data and Your Consent to Use It?’).
- Telephone number (optional): if you choose to share a telephone number with us we may use it to contact you for the purposes of Club business.
How We Protect Your Data
Your personal data will be held online at the following locations:
- Name: will be used on the SDCC website to give attribution to your photographs and identify your entries in competition score/result sheets (provided you have given prior consent).
How Do We Obtain Personal Data and Your Consent to Use It?
To gather your personal data and record your consent to use this data we use the online service provided by Mailchimp (see https://mailchimp.com). This can be accessed via a link provided in the footer of our Email communications to you. Your personal information and consent can be updated, or withdrawn, at any time via this service.
How Long Do We Retain Your Data?
Unless you specifically request that we delete your personal data (see ‘Can You Delete Your Data?’) we will retain your data as long as you remain a legitimate SDCC member (i.e. you have paid the appropriate membership fee for the current session).
A few months after the start of a new club season, and if you have not paid your membership fees, we will delete all of the personal data we hold for you with the exception of any accreditation data on our website (e.g. photograph accreditations and competition score/result sheets). We need to keep this type of data (basically your name) since we need to be able to look at past competition scores to decide what images to enter to inter-club competitions and to check we have not previously entered a particular image.
Can You Delete Your Data?
If you wish us to delete your personal data that we hold about you please contact us to request deletion. Once we have verified that the request is a legitimate request (i.e. it comes from you) we will delete all data we hold (including personal data on the website) within a reasonable period.
Please note that in the case of members whose name may be engraved onto competition trophies, as winners of particular competitions) that we will be unable to delete this particular type of personal information.
What We Do Should Your Data is Accidentally Disclosed
In the event that we become aware of a breach of the data protection measures in place to protect your personal data we will endeavour to inform you of this breach within 72 hours. We will also inform the Data Protection Authority of any such breach.