General Data Protection
Regulation (GDPR) Policy
1. POLICY STATEMENT
The Guild of Wiltshire Artists (hereafter The Guild) collects stores and processes limited personal data about its members. The Guild strives to discharge its legal obligations under the GDPR appropriately. As data users, The Guild's officers, committee members and members are obliged to comply with this policy when storing and processing personal data on The Guild's behalf. The Guild strives to process personal data fairly and lawfully for purposes limited to the efficient running of the club and conforming to GDPR in respect of adequacy, accuracy and relevance to its purpose. Data must be held securely and erased once it has served its purpose and processed in accordance with members' rights.
2. PURPOSE
Personal data is collected by The Guild in order to ascertain that the applicant member is who they say they are and that they reside within Wiltshire (or by special discretion of the committee certain adjoining Counties). Also in order that information, news, advice and instructions concerning The Guild and its activities can be conveniently circulated to the membership. The data collected for each member comprises - full name, address, telephone number, E-mail address, exhibition participation and meeting attendance. A record will be kept of each member's attendance at Guild workshops and other events to ensure that members comply with The Guild rule of attending 6 events per annum.
3. COLLECTION AND CONSENT
The above data will be collected via a membership/GDPR form when new members receive an invitation to join the Guild. This form will embody a privacy statement describing what the intended use of the data is, how it will be securely stored, who will hold it, to whom it will be available and when it will expire and be erased. They will be advised of their right to access, amend and withdraw their consent at any subsequent time. They will also be advised of their right to appeal to the Information Commissioner's Office (ICO) if they believe that their personal data is being mishandled or abused. New applicants will be asked to positively give their consent by signature to the described use and retention of their personal data. Their signature will also provide blanket positive consent to exhibit any artwork with names and prices that they may submit for inclusion in any Guild exhibition and for the display of any art works and profile details on the Guild's website, Facebook page and printed promotional material and press releases for The Guild's Exhibitions and events that they submit for that purpose. They will also be asked to give consent to displaying their image in photographs taken at Guild events. The completed membership/GDPR consent forms will be sent to the Guild Treasurer with membership fee then securely transferred to and held by the Membership Secretary under lock and key. The form, along with all personal data will be held until the member leaves The Guild when it will be securely destroyed and all related personal information removed from The Guild's records.
4. WITHDRAWAL OF CONSENT
See Para. 8 Members' Rights.
5. DATA RETENTION AND STORAGE
The full set of members' data will be stored in electronic form on two removable data storage devices (RDSDs) to avoid vulnerability to hacking. One RDSD will be held by The Treasurer and the other by the Membership Secretary. Both RDSDs will be kept under lock and key and will not leave their respective premises. Other limited membership details will be held by officers of The Guild who require them for circulation of information and distribution of cheques for art sales etc. and the general running and provision of membership benefits by the following officers and Committee members:
6. LIST OF DATA HOLDERS
7. DATA PROCESSING
Members' data is used only within the Guild and primarily for information circulation by E-mail. E-mail circulations must always and without exception use the BCC facility so that members' details are not visible to other members, E-mail interceptions or hackers. The Guild will, in all respects, process data in accordance with the General Data Protection Regulation (GDPR). The Guild will only hold data that is necessary for the purposes of running the Guild efficiently and conferring membership benefits and maintaining a full record of its membership.
8. MEMBERS' RIGHTS
It is the right of any member to request sight of all the data held by the Guild on said member and to require the Guild to amend the data or remove it from all records. This will involve withdrawal of consent and as a consequence the member will be advised that the Guild will no longer be able to include them in distribution of information and forms etc. Every member has the right to appeal to the CIO if he/she feels that their data is being misused or inappropriately stored.
9. DATA BREACHES
Because of the limited distribution of members' data within The Guild breaches are unlikely and should be easily recognised by the data holder. As soon as a breach is recognised it must be reported to the Chairman and the subject must be notified immediately and advised of what data has been compromised. Security must be reviewed and modified to ensure that a further breach cannot ensue.
10. ACCESS TO COMMITTEE MEMBERS & OFFICIALS
A list of Committee Members and Guild Officials and their functions can be found on The Guild website any of whom can be contacted by E-mailing the website where it will be promptly passed on to the appropriate officer who will contact the member.
11. NEW APPLICANTS' DATA
When a new applicant asks to join The Guild he/she is sent a pamphlet with an attached application slip requesting Name, address, telephone and E-Mail address. This data is retained and held securely by the Membership Secretary. It is not seen by anyone else and is held until there is a vacancy when the applicant is invited to submit work to a review panel. In the event that the applicant is unsuccessful the application slip with its data is securely destroyed. If the applicant is successful then he/she is asked to complete the Guild's membership and data consent form whereupon the slip is securely destroyed.