Privacy Notice for North Romford Community Association (NRCA)
What personal data does NRCA collect?
The data we routinely collect includes members’ names, addresses, email addresses, date of birth and car registration number. We also collect names, contact details and Bank details of customers and suppliers.
What is this personal data used for?
We use members’ data for the administration of their membership; the communication of information, and the organisation of events. We use customer and supplier data for the administration of their accounts with us.
Who is your data shared with?
We do not share your data with any other organisation or person.
Where does this data come from?
We collect this directly from our members when they join the club. We also collect customer and supplier data directly from them when they begin their business relationship with us.
How is your data stored?
This information is mainly stored in digital form on computers (we use MICROSOFT EXCEL as our data processor for this purpose) and in the form of written documents stored at North Romford Community Centre, Clockhouse Lane, Romford RM5 2QE
Who is responsible for ensuring compliance with the relevant laws and regulations?
Under the GDPR (General Data Protection Regulation) we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring NRCA discharges its obligations, under the GDPR, is the Centre Manager.
Who has access to your data?
Trustees and staff of NRCA have access to members’ data in order for them to carry out their legitimate tasks for the organisation. Sub-contractors of NRCA may be given temporary access to the specific data they need for specific tasks, such as sending mailings. They are not free to use it for any other purpose.
What is the legal basis for collecting this data?
NRCA collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation, and to comply with our legal obligations.
How you can check what data we have about you?
If you want to see the basic membership data we hold about you, you should contact the Centre Manager (01708 766308, email@example.com). You can contact us with a “Subject Access Request” if you want to ask us to provide you with any other information we hold about you. If you are interested in any particular aspects, specifying them will help us to provide you with what you need quickly and efficiently. We are required to provide this to you within one month. There is not usually a fee for this, though we can charge a reasonable fee based on the administrative cost of providing the information if a request is manifestly unfounded or excessive, or for requests for further copies of the same information.
Does NRCA collect any “special” data?
The GDPR refers to sensitive personal data as “special categories of personal data”.
We do not record any such special data
How can you ask for data to be removed, limited or corrected?
There are various ways in which you can limit how your data is used.
· We are required by law to maintain a membership list containing your name and address, so you cannot ask for this information to be removed unless you resign as a member
· you cannot ask for your car registration number to be removed unless you relinquish your car parking permit
· You do not need to provide us with an e-mail address, or you may choose not to receive information emails from NRCA (we do not send any out on behalf of other organisations)
· You do not need to provide us with your date of birth unless you wish to benefit from concessions based on age.
· Any of these options can be implemented by contacting the office at NRCA
How long we keep your data for, and why?
We normally keep members’ data after they resign or their membership lapses in case they later wish to re-join. However, we will delete any former member’s contact details entirely on request.
Other data, such as that relating to accounting or personnel matters, is kept for the legally required period.
What happens if a member dies?
We do not deliberately keep members’ information after they die. If a person dies, the executor or bona fide representative of that person can ask for their contact details to be deleted immediately.