A new EU General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. This new regulation changes the way that businesses and charities process personal data.
This Publicity policy explains what personal data the BAY Centre may collect when publishing a publicity article , how we store that data, how we use that data and how to view that data.
Personal Data that we may collect for a Publicity Article
The BAY Centre may collect an individual’s photo and/or name when preparing a publicity article either through personal contact, phone calls, emails or some other method.
The BAY Centre may, with Consent, use personal data to prepare a publicity article for publishing on our websites. www.bayc.uk and our Facebook website.
With Consent, a published article containing personal data may also be sent to other news outlets for publishing.
Only four people have access to the personal data. They are the Chairman, the Secretary, the Treasurer and the Booking clerk.
The BAY Centre uses a business form of Google drive (known as G Suite) to store personal data. Google encrypt all data on their online storage.
Access to the personal data is via G Suite Userids and passwords. (Click here to see info on Google's cloud security). Only 4 people have access to the data, the Chairman, the Treasurer, the Secretary and the booking clerk.
Backups are held on a separate server and are encrypted and password protected.
This website uses HTTPS which is a secure, encrypted internet transmission protocol. If the online forms are used, personal data will be encrypted and securely transmitted to our website caching host (Cloudflare), then onto our website host (TSOHost), then automatically transferred to our Google online storage.
The BAY Centre will retain personal data obtained for publicity purposes for the following periods -
Personal contact data will be deleted 15 months after the publicity article has been published.
An individual may request at any time that their personal data be removed from a publicity article and this will be actioned as soon as possible.
If consent has been withdrawn by an individual in a group photo it should be possible to make that individual unrecognisable without removing the photo. If this cannot be achieved then the photo will be removed.
How to view, change, object to or delete the Data used for publicity
If a person wishes to view, change, object to or delete their personal data, they can visit our Privacy Centre web page (link is on the www.bayc.uk homepage) or use the following -
2) Download forms (See the ‘GDPR Downloads’ option in the GDPR menu on www.bayc.uk ) that can be filled in then emailed to ‘[email protected]’ or posted to ‘Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’.
3) Request a form by writing to ‘Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’.
4) Write a letter to ‘ Bookings, The BAY Centre, 1 Cassis Close, Burnham-on-Sea, Somerset, TA8 1NN’ detailing whether you wish to view, change or delete your data.
Note: Personal Data deletion is available if the Lawful Basis for processing is Consent: which is applicable to Donors & Grantors: whose personal data has been used in a publicity article. Volunteers: whose personal data is used to communicate with them and to record their names in Charity documents. Hirer's; who have consented to show their personal data on our website and Individuals whose personal data has been used in a publicity article. Employees who wish to be paid their wages by bank payments. Volunteers who have their names recorded in committee minutes.
Note: Any use of personal data before the consent has been withdrawn remains valid.
Note: Objecting to the use of personal data is available and, optionally, deleting personal data if the lawful basis for processing is Legitimate Interests: which is currently used for Donors; to communicate with them. CCTV; collecting images for the prevention and detection of crime.
The BAY Centre will report any data breaches of personal data to the relevant authorities within 72 hours of becoming aware of a data breach.
The BAY Centre will also inform the individuals whose Persona Data has been breached. We will also inform all other individuals that a Data Protection breach has occured.
The data breach will be reported to the ICO (Information Commissioner’s Office) which is the UK's independent body set up to uphold personal information rights.
Under the new Regulation, the BAY Centre needs a lawful basis (reason) to store and process a donor’s personal data. The BAY Centre uses the following lawful bases -
> Consent. This basis is used for the processing of all personal data for publicity purposes. Separate consent will be obtained for the use of Photos, Names and passing a publicity article containing personal data to 3rd parties.
For individuals or very small groups, consent will be sought on a personal basis with each individual granting consent by use of a Google form (where possible), word of mouth or any others means that the individual wishes to use.
For other groups of people where individual consent would be extremely difficult if not impossible to collect then the consent will be gained verbally and recorded by the use of a Google form (where possible) or any other means that can be used. In this case the people whose photos or names are to be collected will be informed before a photo is taken and given the option to participate or not.
Consent can be withdrawn by individuals at any time by using the BAY Centre’s ‘Delete Personal Data’ form on our website. A Link to the form can be found on the Home page of our website, www.bayc.uk
April 2018 Document initially published. The policy is one of a series of policy documents that replace all previous policy documents that existed in a variety of different formats, some electronic, some paper and some verbal.