Blackpool BeachDoug McIlwraith

GDPR Data Protection

General Data Protection Regulation (GDPR)

Dorking Camera Club (DCC) Data Protection Policy  (GDPR).

 1    What personal data does DCC collect?

The data we normally collect includes names, addresses, telephone numbers, and email addresses. In addition, we also collect date joined, competition class, distinctions, and photographic interests by category, committee membership, special interest group membership, and camera equipment. We collect this data directly from individuals, and it is stored in the club membership system.

We also collect the images, scores, and awards from DCC competitions/exhibitions which may include personal data. This data is collected and published in the club competition system, and published in emails outlining the results, and, unless the individual has opted out when loading the image into the competition system, the DCC website.

We collect personal data on judges and speakers, including name, email address, telephone number, and limited biographical data.

2    What is our data protection policy?

DCC complies with the principles of data protection (the principles) enumerated in the EU General Data Protection Regulation (GDPR). We will make every effort possible in everything we do to comply with these principles. The principles are:

2.1 Lawful, fair and transparent

Data collection must be fair, for a legal purpose and we must be open and transparent about how the data will be used.

2.2 Limited for its purpose

Data can only be collected for a specific purpose.

2.3 Data minimisation

Any data collected must be necessary and not excessive for its purpose.

2.4 Accurate

The data we hold must be accurate and kept up to date.

2.5 Retention

We will not store data longer than necessary.

2.6 Integrity and confidentiality

The data we hold must be kept safe and secure.

3    What is this personal data used for?

We use data on members for the administration of DCC club membership; the publishing of the DCC website; the communication of information, including both DCC matters and third party events and developments deemed to be of interest to members; and the organisation of events.

We use data on judges and speakers for the administration of our programme and to advertise some events to other camera clubs.

4    Who is your data shared with?

Data on DCC committee members and Special Interest Group leaders are published on the website. Limited information on members, including name, email address, photographic interests, and camera equipment may be published to other members in a Members’ Directory.

Where images are selected on behalf of DCC to represent DCC in external competitions this information is also passed on to the organising body for use in its competitions.  

Your personal data is not passed on by us to external organisations, with the following exceptions:


Data on judges and speakers is published on our website and our printed programme and in communications sent to other camera clubs in the Surrey Photographic Association.
No data is shared with anyone outside the UK. 

5    Where does this data come from?

Data comes from club members: when they register or re-register for membership a signature is required and a box ticked to say they are aware of the GDPR rules;  when they enter competitions/exhibitions; and when club members take on duties and responsibilities requiring other members to know either as a Committee Member, leader of a  Special Interest Group or for other ad-hoc responsibilities (such as the tea rota).

Data comes from presenters and judges: when they agree to judge one of DCC’s competitions or to deliver a presentation.

6    How is your data stored?

This information is mainly stored in digital form remotely on our membership system, and on private computers with some backup paper records held by DCC Committee members.  Any information that is stored remotely is stored in compliance with the GDPR and requires the explicit approval of the DCC Data Protection Officer.

Data relating to members, as outlined in Section 1, is stored in the following web applications:

7    Who is responsible for ensuring compliance with the relevant laws and regulations?

Although under the GDPR (General Data Protection Regulation) we do not have a statutory requirement to have a Data Protection Officer.,

8    Who has access to your data?

Members of the committee have access to data in order for them to carry out their legitimate tasks for  DCC.   DCC committee members have access to data for specific legitimate interests such as contacting members.  They cannot use it for any other purpose.

9    What is the legal basis for collecting this data?
DCC collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation and participant in locally and nationally recognised exhibitions/awards/competitions.  At least one of the following two conditions must apply whenever we process personal data:

A    Consent

We hold recent, clear, explicit, and defined consent for the individual’s data to be processed for a specific purpose.  We must also ensure that individuals whose data is being processed by us are informed of the basis for processing their data, as well as the intended purpose.  We do this by making this policy known when we seek consent.

B   Legitimate Interest

The processing is necessary for our legitimate interests.

10      How you can check what data we have about you?

If you want to see the data we hold about you, you should contact the Data Protection Officer, or any other Committee Member.  If you are interested in any particular aspects, specifying them will help us to provide you with what you need quickly and efficiently. We will provide this to you within one month.  There is not usually a fee for this, though we can charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or if DCC incurs additional costs to access the data such as if it is in a cloud storage, or for requests for further copies of the same information.

 
11      Does DCC collect any “special” data?

The GDPR refers to sensitive personal data as “special categories of personal data”.   We do not record any such special data with the sole exceptions of:

 
12    How can you ask for data to be removed, limited or corrected?

Contact the Data Protection Officer or any Committee Member.  

13    How long we keep your data for, and why?

We normally keep member data for two years after a member leaves DCC in case they later wish to re-join. However, we will delete any details entirely on request.  

Since underlying statistical data, such as information from competitions/exhibitions continues to be necessary in relation to the purpose for which it was originally collected and processed, results from these events are not deleted.   Historical lists and award lists are required for archiving purposes and names cannot be removed from them.

Other data, such as that relating to accounting or personnel matters, is kept for the legally required period.


14    What happens if a data subject dies?

We do not normally keep information after someone dies with the exception of historical data outlined in 13 above.

15     What about DCC and Social Media websites like Facebook?

DCC has a presence on the following social media sites: Facebook, Flickr and Twitter. All members are free to join these pages. If you join one of these Social Media sites,  please note that providers of the social media platforms have their own privacy policies and that the club does not accept any responsibility or liability for these policies or the use of your personal data on them,.  Please check these policies before you join any social media platforms, which is required before you subscribe or follow the DCC presence on them.


Approved on behalf of the Dorking Camera Club committee by the Chairman

Signed:  . . . David E Balaam. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Dated: . . . . 8th June 2021. . . . . . . . . . .  . ..  . .. . . . . . . . . . .