GENERAL DATA PROTECTION REGULATION
This page explains how Biggin Hill Residents’ Association (BHRA) uses the personal data it collects for carrying out its functions as a residents’ association.
The categories of personal information that we collect, process, hold and share
These include personal information in respect of our:
- Members (referred to in this document as membership information, including name, address, telephone number, email address and subscription/magazine/information distribution details).
- Advertisers, suppliers and contributors to our publications and website (referred to in this document as business information, including name, address, telephone number, email address, payment information including bank details and details of articles or other information produced for BHRA by individuals).
- Contacts with organisations and individuals with whom we have contact as part of the work carried out by BHRA (referred to in this document as campaign information, including name, address, telephone number, email address and details of the particular matters associated with our work on behalf of our residents).
Why we collect and use this information
We use this information to enable us to carry out specific functions for which we are responsible and to manage our financial and contractual arrangements.
The lawful basis on which we use this information
We collect and use this information as follows:
- Membership information: Where the data subject has given consent to the processing of his or her personal data for the purpose of identifying membership, collecting and recording subscription payments, magazine/information distribution and communicating matters of interest to BHRA members. Correspondence with members will also be retained to enable BHRA to keep track of issues and past events. We also record attendance at meetings of the association and appropriate details of matters raised, which may include the name of the individuals raising or commenting on these issues, or otherwise participating at such meetings.
- Business information: Where processing is necessary for the performance of a contract to which the data subject is party or to take steps at the request of the data subject prior to entering into a contract. In some cases (e.g. financial records) it is necessary to process and retain information in compliance with a legal obligation.
- Campaign information: Where processing is necessary for performance of a task, which is in the public interest and/or in line with our legitimate interests as a residents’ association.
Storing this information
Personal information records may be paper based or on computer. Paper based records are stored under lock and key and computer records are password protected.
We hold data for up to six years, depending on its importance and having regard to the Statute of Limitations (the Limitation Act 1980). However, minutes of our meetings containing details of attendance and matters discussed with our members will be retained in perpetuity or until it is considered that they are no longer required for record purposes or on grounds of historical value.
Membership details will be destroyed within 12 months following a lapsed membership or immediately if a member notifies us in writing that they no longer wish to be identified.
What are your rights?
If at any point, you believe the personal information relating to you that BHRA holds may be incorrect, you can request to see this information and have it corrected or deleted. If you are a BHRA member, you may withdraw your consent for us to hold some or all of your personal data at any time, but this may impact on your membership. If it does, we will inform you of the implications there may be if this data is destroyed so that you can make an informed decision.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Officer, who will investigate the matter, consult with the Data Controller and respond to you as expeditiously as possible.
If you are not satisfied with our response or believe we are processing your personal data in a way that is not in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
If your personal data held by BHRA is based on consent only, you have the right to withdraw that consent at any time, and this will not affect the lawfulness of processing based on consent before its withdrawal.
The Data Controller is BHRA’s Peter Martin and you can contact him by email at email@example.com. Please mark your correspondence, ‘For the attention of the Data Controller’.
The BHRA Data Protection Officer is Michaela Groves and you can contact her by email at firstname.lastname@example.org. Please mark your correspondence, ‘For the attention of the Data Protection Officer’.*