Privacy Notice, Data Protection and Procedures

PRIVACY NOTICE

Sussex Indian Punjabi Society needs your name and email address, phone number or postal address in order to send you information about group activities.  

Sussex Indian Punjabi Society asks for information about you, your children, location and age to: 

  • help plan activities and events; and  
  • provide summary reports to outside bodies (e.g. Brighton and Hove City Council).  

We will only use your personal information for these purposes when you have given explicit consent. 

Your details will be stored securely in a password protected file, and will be removed within one month if you end your membership of Sussex Indian Punjabi Society or ask to be removed from our mailing list.  

We will never share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so.  

You can withdraw your consent for us to use your information, or ask us to amend or delete your details, at any time by emailing: info@sussexindianpunjabisociety.com

DATA PROTECTION POLICY


1.    Definitions

a) Personal data is information about a person which is identifiable as being about them. It can be stored electronically or on paper, and includes images and audio recordings as well as written information.

b) Data protection is about how we, as an organisation, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.

2.    Responsibility

a) Overall and final responsibility for data protection lies with the Management Committee, who are responsible for overseeing activities and ensuring this policy is upheld.

b) All volunteers are responsible for observing this policy, and related procedures, in all areas of their work for the group.

3.    Overall policy statement

a) Sussex Indian Punjabi Society needs to keep personal data about its committee, members, volunteers and supporters in order to carry out group activities.

b) We will collect, store, use, amend, share, destroy or delete personal data only in ways which protect people’s privacy and comply with the General Data Protection Regulation (GDPR) and other relevant legislation.

c) We will only collect, store and use the minimum amount of data that we need for clear purposes, and will not collect, store or use data we do not need.

d) We will only collect, store and use data for:

  • purposes for which the individual has given explicit consent, or
  • purposes that are in our group’s legitimate interests, or
  • contracts with the individual whose data it is, or
  • to comply with legal obligations, or
  • to protect someone’s life, or
  • to perform public tasks.

e) We will provide individuals with details of the data we have about them when requested by the relevant individual.

f) We will delete data if requested by the relevant individual, unless we need to keep it for legal reasons.

g) We will endeavour to keep personal data up-to-date and accurate.

h) We will store personal data securely.

i) We will keep clear records of the purposes of collecting and holding specific data, to ensure it is only used for these purposes.

j) We will not share personal data with third parties without the explicit consent of the relevant individual, unless legally required to do so.

k) We will endeavour not to have data breaches. In the event of a data breach, we will endeavour to rectify the breach by getting any lost or shared data back. We will evaluate our processes and understand how to avoid it happening again. Serious data breaches which may risk someone’s personal rights or freedoms will be reported to the Information Commissioner’s Office within 72 hours, and to the individual concerned.

l) To uphold this policy, we will maintain a set of data protection procedures for our committee and volunteers to follow.

4.    Review

This policy will be reviewed every two years

DATA PROTECTION PROCEDURES

1.    Introduction

a) Sussex Indian Punjabi Society has a data protection policy which is reviewed regularly. In order to help us uphold the policy, we have created the following procedures which outline ways in which we collect, store, use, amend, share, destroy and delete personal data.

b) These procedures cover the main, regular ways we collect and use personal data. We may from time to time collect and use data in ways not covered here. In these cases we will ensure our Data Protection Policy is upheld.

2.    General procedures

a) Data will be stored securely. When it is stored electronically, it will be kept in password protected files. When it is stored online in a third party website (e.g. Google Drive) we will ensure the third party complies with the GDPR. When it is stored on paper it will be filed carefully in a locked filing cabinet.

b) When we no longer need data, or when someone has asked for their data to be deleted, it will be deleted securely. We will ensure that data is permanently deleted from computers, and that paper data is shredded.

c) We will keep records of consent given for us to collect, use and store data. These records will be stored securely.

3.    Membership information

a) Members will fill in a membership form which will include:

  • their names and contact details – this will be used to inform them of the society’s events and activities
  • optional information about them, their children, location and age – this will be used to help the Society plan our activities and events

b) Members will:

  • be added to our mailing list
  • have the option to be added to our electronic messaging group (for example WhatsApp).

c) When people complete a membership form we will explain how their details will be used, how they will be stored, and that they may ask to be removed from the list at any time. We will ask them to give separate consent to:

  • receive information about the Society’s events and activities
  • be added to our electronic messaging group (for example WhatsApp)
  • keep information about them, their children, location and age to (a) help the society plan our activities and events (b) provide summary reports to outside bodies (e.g. Brighton and Hove City Council)

4.    Mailing list

a) We will maintain a mailing list. This will include the names and contact details of members and other people who wish to receive publicity from Sussex Indian Punjabi Society.

b) When people sign up to the list we will explain how their details will be used, how they will be stored, and that they may ask to be removed from the list at any time. We will ask them to give consent to receive information about the Society’s events and activities.

c) We will not use the mailing list in any way that the individuals on it have not explicitly consented to.

d) We will provide information about how to be removed from the list with every mailing.

e) We will use mailing list providers who store data within the EU.

5.    Selling tickets

a) We sell tickets to some of our events to help cover the cost.

b) To buy tickets people can contact a committee member or purchase them through an online platform (such as Eventbrite).

c) When buying tickets, people will be asked if they wish to be added to our mailing list (see section 3). If they do not opt to be on the mailing list, their details will be deleted within one month of the event, and will not be used for any purpose other than communicating with them about the event.

6.    Contacting committee members and other volunteers

a) The committee need to be in contact with one another in order to run the organisation effectively and ensure its legal obligations are met.

b) The committee will also need to be in contact with volunteers, and volunteers may need to be in contact with each other, in order to carry out their tasks effectively.

c) Committee and volunteer contact details will be shared among the committee and volunteers.

d) Committee members and volunteers will not share each other’s contact details with anyone outside of the committee, or use them for anything other than Sussex Indian Punjabi Society business, without explicit consent.

7.    Review


These procedures will be reviewed every two years