Introduction

1. In the course of its work, the Battersea Society collects information about both members and other people who are interested in receiving information about the Society and our activities. This document sets out how the Society handles personal information and complies with its statutory obligations and the advice provided by the Information Commissioner’s Office (ICO) and by organisations in the voluntary sector. This policy will be reviewed every two years.

Legal Principles

2. The Society is committed to the legal principles as defined by the ICO. We shall

• use data legally under a permitted lawful basis.

• use data fairly, being clear, open and honest with people whose data we hold.

• collect only what we need and use it as we planned and communicated that we would.

• keep our records accurate and up to date.

• store data securely and confidentially.

• take responsibility for what we do with data.

• have records and policies that show how we are handling data.

3. We shall respect people’s rights to their personal data, including their right to

• understand what data we have about them and how it is being used.

• see that information and get their own copy of it to use however they want.

• correct the information if it is wrong.

• ask for it to be deleted or limit how it is used.

• complain if they don’t like things the Society is doing with their data.

4. We gather and hold the minimum amount of personal information about our members that we need for the purpose of informing them about their membership and about the Society’s activities. We do not gather any personal information that is in one of the special categories defined by law. Members have the right to unsubscribe from mailing lists for the communications we circulate via different channels.

Data security, retention and deletion

5. Personal data is held by the Secretary, Treasurer and Membership Secretary on password-protected computers which are backed up regularly. The data is processed only insofar as it is necessary for the administration of membership and the operation of mailing lists. We do not make the data available to anyone other than the elected Officers of the Society and a small number of others appointed by the trustees to undertake specific functions for a defined and limited period.

6. Our online membership subscriptions are managed by Squarespace and payments are managed by Stripe. Both comply with relevant privacy legislation and follow best practice for data security. Stripe is one of the largest financial services companies for online transactions, and has been audited by a Payment Card Industry (PCI) — certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. Membership data is also held on our accounting system – currently Club Treasurer – which also provides high levels of protection.

7. We retain personal data on members for as long as they retain their membership. Records of subscription payments are held on our accounting system for a period of six years, to meet the requirements of the Charities Act for the retention of financial records. We delete information about individuals who are on our mailing list but are not members of the Society within one month of their informing us that they no longer wish to receive information from us.

Data Access

8. Members who wish to receive a copy of the information the Society holds about them should direct their application to the Membership Secretary. Non-members should direct their application to the Secretary. The relevant officer will provide the information in a secure way within one month.

Training

9. Officers responsible for holding personal data will receive regular training on their legal obligations and on the guidance provided by the ICO, the Charity Commission and other relevant bodies.

Data breaches

10. Training will include guidance on how to reduce the risk of data breaches, how to recognise and identify any breaches that might occur, and the action to be taken in that case. Any breach will be reported to the Board of Trustees, and where necessary to the ICO.

If you have any queries regarding this policy or the use of your personal information please address them to the Secretary.

April 2023