Data Protection Policy

  1. The General Data Protection Regulation (GDPR) came into force in the UK from 28 May 2018. The aims are to strengthen and unify data protection for all individuals within and outside the European Union. The legislation gives control back to citizens and residents over their personal data held by organisations, such as The Arts Society, ARUN (TASA).

 

  1. The Committee of TASA have a responsibility to demonstrate compliance with the GDPR by ensuring that data is securely held and processed. The principles of this policy apply to members of TASA and to those who have applied for membership and are on our waiting list.

 

  1. The following information is collected and stored by TASA. Data marked thus (*) is shared with our parent body, The Arts Society UK:

 

  • name (*)
  • home address (*)
  • email address (*)
  • contact telephone number(s) (*)
  • subscription preferences
  • methods of payment

 

  1. This information is used for the administration and management of the Society.

 

  • to communicate with members about lectures, events of interest, outings and trips
  • to process subscription preferences and payments
  • to distribute by post The Arts Society Magazine

 

  1. We adhere to the following basic guidelines:

 

  • data is not shared outside TASA or The Arts Society UK unless prior consent has been given and/or there are specific and agreed reasons
  • strong passwords are used and never shared
  • data is updated and consent refreshed via the membership renewal process and/or the membership application process
  • access to data is restricted to those on the Committee who need to communicate directly and/or regularly with members
  • laptops and PCs, used by the Committee, containing members’ personal data, are password protected
  • committee members’ laptops/PCs have firewall security and adequate protection against known IT threats
  • paper copies of data are stored securely
  • committee activity is regularly monitored, to ensure that everyone on the Committee understands the responsibilities in handling and processing personal data
  • e mail communications with members are sent by means of Blind Copy (BCC)

 

  1. Members and those on the waiting list are advised that they can ask for their data not to be used for any of the 3 points in item 4, by contacting the Membership Secretary at any time.

 

July 12 2018