Friends of Castleshaw Roman Forts -
Local societies are required to have a policy on why
members’ personal information is collected, how it is
used and stored. The purpose of this policy is to comply
with the General Data Protection Regulation (GDPR) which comes
into force on 25th May 2018.
Why do we collect your personal information?
• To record a list of members and manage subscription
• To communicate information on meetings, field trips
and other matters of interest to members
What information do we hold?
• Members’ Names, Postal and Email Addresses and
• Speakers’ organisations contact details
Who uses this data?
• Committee members
• The Data Controller is the Chairperson
• The Data Processors are the Treasurer, Membership
Secretary, Webmaster (members) and the Events Secretary
Where is this information stored?
• Electronic and paper records held by the Chairman,
Treasurer, Webmaster and Membership and Events
Secretaries. These officers will keep members’ contact
details confidential and not share them with third
parties without the permission of the individuals.
Types of data
• Electronic spread sheets and email lists with members’
• Sign-in books
• emails & Correspondence
• Photographs of individuals (at events). Website,
Facebook and Blogs.
Consent for data collection & storage
• All members of are asked for their personal details
and for their consent to store this information.
• This privacy notice is displayed on the website (if
applicable) and a copy is given to all prospective
Retention of Personal Information
• Members’ personal information will be stored as long
as they are members.
• If a member should leave the Society this information
will be destroyed following an annual review of
membership records. Members failing to pay their
subscription will be assumed to have left.
• If an ex-member wishes to continue to receive
communications from the society their details may be
held until they ask for this to discontinue.
• Other records will be stored only for as long as it is
necessary. For example speakers may be asked to return
to give a further talk.
Rights of individuals
The GDPR includes the following rights for individuals:
• the right of access;
• the right to rectification;
• the right to erasure;
• the right to restrict processing;
• the right to object.