In 2018, new data protection legislation came into force in the UK (The EU General Data Protection Regulation, GDPR).  It is designed to give individuals more control over the personal data that organisations hold on them. 

Use of personal data

Yelvertoft Environmental Group (YEG) will only send out standard mailings or email communication such as newsletters, updates, or information about events to people who have stated that they wish to receive this material.  Similarly, people who have attended events or responded to questionnaires can only be contacted subsequently if they have opted into further contact. 

YEG may need to hold the bank details of individuals or groups should any payments to YEG be due. If paid membership of YEG is introduced at any time this information is needed for membership payments.  YEG would also send out reminders for membership renewal.

Security

YEG will never share information with third parties and will ensure that personal details are kept secure.

Actions

Opt-in

YEG will compile mailing lists of people who ‘opt in’ to future communications either by emailing YEG ticking a box on its website. The website will include an explanation of what the information will be used for, and we will maintain a record of who has opted into each form of contact. It is important to note that the concept of ‘implied consent’ (from pre-ticked boxes or inactivity) is not considered consent.  Therefore, all consent requests must be prominent, non-ambiguous and not form part of general terms and conditions. If anyone wants to receive information in the future, it is vital that this is clearly stated in responses to our emails.

Procedures for deleting data and providing information on the data held

Any personal data will be deleted if an individual requests it, using an easy one-step process. YEG will include information on its website asking individuals to email us if they wish their data to be deleted. Similarly, individuals can request information on the data held about them by emailing us.

Data security and compliance

We will put in place appropriate safeguards to keep personal information confidential and as secure as possible. Data will only be available to authorised committee members. We will ensure, as far as possible, that any third parties we use for processing personal data do the same. If a password is used by an individual for access to any of YEG’s information, that person is responsible for keeping the password confidential. Personal data will be stored for as long as it is needed or required by statute and will be disposed of properly. YEG will report any data breaches in accordance with the Data Protection Act and General Data Protection Regulations guidelines.

Review

This Policy will be reviewed on a biennial basis or to reflect updates in legislation.

13th April 2021