Swindon IVC Information Security Policy
Revised 19th April 2018
This Document sets out the guidelines that members of the Swindon IVC (SIVC) should follow in order for the SIVC to comply as fully as it is possible for the club to do, with the Data Protection Act.
The Data Protection Act 1998 sets out rules to make sure personal information is handled properly, and that individuals have the right to know what information is held about them.
These include the following guidelines from the Data Protection Act:
- The person collecting the information must explain how it will be used.
- Information collected for one purpose cannot be used for something else without consent.
- You may collect only the information needed to process an application and not collect additional information.
- Information must be accurate and up to date.
- Personal Data should not be kept for longer than necessary.
- Information is processed in accordance with your rights.
- Technical and organisational security measures must be applied against unauthorised disclosure, accidental loss or destruction.
- Information must not be transferred outside the European Economic Area (EEA) without consent.
Swindon IVC members should therefore comply with the following guidelines:
The On line Enquiry Form, the Application for Temporary Membership, the Membership Form and the Membership Renewal Form will all carry a statement as to the purpose of the personal data collected. If any members have any forms which do not carry this statement please do not use and destroy as soon as possible.
For any enquiries and any temporary members that do not become full members information will be kept for no longer than 12 months from the enquiry date or the end of the temporary membership whichever is the latter.
The details of members who have left the club will only be kept for a period of 18 months after their membership has ceased.
Any personal information that must be kept in accordance with legal obligations will be retained by the club for the statutory minimum legal period.
The membership list is available online to full members via secure login. Hard copies should not be kept.
Membership Lists will only include Full Name and Address of member plus disclosed Telephone Numbers and e-mail address. If a member does not wish their telephone or email address to be included in the Membership List, they must inform the Membership Secretary that they do not wish information to be disclosed.
Members should not keep membership lists that are more than 12 Months old. Old Membership lists must not be placed in rubbish bins, but must be shredded before being disposed of.
Members must not send Membership Lists outside the EEC.
When putting events in the Monthly programme care must be taken by the Editor, not to state the full name of the events organiser and only state the first name and where necessary the first initial of the surname (eg John S.). Home addresses must not be stated in the programme. My House or Johns House should be substituted. Members can consult the Membership list or the event organiser for the address.