The Digswell Residents Association currently handles personal data in compliance with the DPA 2018 and is required to comply with the General Data Protection Regulation (“GDPR”). For the purposes of data protection legislation, the Association is defined as a “data controller” in respect of your personal data.
This notice is to provide you with information as to how the Association uses the data we hold for you as a member and what rights the GDPR gives you in respect of your data.
What we do with your data
We will only collect and use your personal data where:
- there is a legal obligation for us to do so;
- it is for our legitimate interests; or
- you have given us your consent to do so.
Legitimate interests include processing your membership of the association and maintaining communication. We will not use your data for our legitimate interests if they are overridden by your interests, rights or freedoms.
If we are processing your data on the basis of your consent, you can withdraw your consent at any time by contacting the Administrator of the Association (details below). The withdrawal of consent will not affect the processing of personal data carried out before consent was withdrawn.
If at any time, we propose to use your personal data for any other reason than outlined above, we will provide you with further details as to why and for what reason we intend to do so.
What data do we hold
The data we hold may include:
- personal details;
- financial details where you have given these to us.
- Information regarding the work of the DRA and anything you communicate to us.
In order for us to provide you with the best possible experience on our website, we need to collect and process certain information. Depending on your use of the Services, that may include:
- Contact us via email — for example, when you ask for support, send us questions or comments, or report a problem, we will collect your name, email address, message, etc. We use this data solely in connection with answering the queries we receive;
Who the data may be shared with
We may share your data with other organisations including:
* Any organisation that we deem necessary to carry out the work of the DRA
- Any legal advisers appointed by the Association to act on its behalf.
Retention of data
We will hold your personal data for as long as you are a member
Storage of data
All of our data is stored in the UK. Should any data be required to be transferred outside the EU (e.g. by a service provider or adviser) we will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy notice.
You will have a number of rights under the GDPR. These include the right to:
- see the data we hold about you;
- request personal data to be amended if it is inaccurate or incomplete;
- request the deletion or removal of personal data where there is no compelling reason for its continued use;
- block or restrict the processing of your personal data; and
- object to the processing of your personal data.
There is also a right under the GDPR to receive a copy of your personal data (in a structured, commonly used and machine-readable format) and to transfer your data to another service provider or data controller. This right applies where your data is being processed on the basis of your consent.
If you wish to exercise any of your rights or have concerns about the processing of your data or wish to raise any issues in relation to data protection, please contact us: firstname.lastname@example.org
If you are unhappy with how your personal data is being handled, you also have the right to make a complaint to the Information Commissioner’s Office, an independent body set up to uphold information rights, which will investigate your complaint. Contact details are available at www.ico.org.uk.
On behalf of the Digswell Residents Association
May 2019. www.digswellra.org.uk