Association Policies
Privacy Policy
What Is GDPR UK?
General Data Protection Regulation (GDPRUK) is a UK regulation implemented from the 2018 GDPR policy which was designed to enhance EU citizens; control over personal data that companies (including charities) can legally hold.
It concerns how our charity – Manchester Royal Infirmary Kidney Patients’’ Association (MRIKPA) in this document referred to as ‘the Association’ – holds, stores, processes and uses personal information about a living person.
Policy aims
- To ensure that all data stored is relevant to the Association and membership needs: Data is stored to distribute newsletter. Personal information has been given by the person concerned via a membership form.
- To ensure that all data, which is no longer needed, is removed from data bases at the appropriate times: This might be where a member, no longer wishes to be a member, no longer wishes to receive the newsletter, a member dies or the details of an address, telephone number or email change.
- To ensure that all data stored is protected/encrypted by the data processor.
Who does the ‘Policy’ apply to?
The policy applies to all members and employees, including Trustees and any contractors working for the charity – MRIKPA – for example, those paid to do a job of work or contracted on a regular basis.
It also covers suppliers and those providing services under a contract with the organisation.
Our Organisation – The Association’s Commitments to members.
The Association is committed to ensure any personal information is processed using the 7 principles of GDPRUK, which are: –
- Lawfulness, fairness and transparency
- Purpose limitation
- Data minimalization
- Accuracy
- Storage limitation
- Integrity and confidentiality
In line with the above The Association has a commitment and duty to ensure any personal information stored is compliant with these principles, which is also directed by the Charity Commissioners. The Association is the ‘Data Controller’ for the information it holds and in terms of the member details the Association’s Newsletter Editor is the only nominated Data Processor and the Association has a nominated Data Protection Officer.
The Association holds membership details purely to issue a regular newsletter and any ad hoc letters needed. The Association does NOT use personal information for any type of marketing.
What Type of Concerns are Covered?
Are my details on your database forever?
No, they will be removed as soon as they are no longer relevant e.g. Your details will be removed upon request or upon the death of a member.
Why are your details needed?
Your details are asked for, upon membership, in order to provide you (the member) with the newsletter throughout the year either digitally or as a hard copy through the post.
How is your data stored?
Your data is stored via a drive with secure access software and is therefore encrypted. It is also password protected. There are no members’ details on laptop drives.
Who has access to my personal information?
The data processor, who is the magazine editor, has access to personal membership information to send out the magazine and any ad hoc mail shots.
The Association’s distributor has access to name and address details to distribute the magazines direct. This information is removed after each distribution.
How long will you hold my data for?
Your details will be held for 5 years after which they will be reviewed. This may mean they are retained or removed upon request at this time.
When will my personal details be removed?
Your details will be removed upon request or upon the death of a member or at the end of the data retention period.
Safeguards
The charity – MRIKPA – recognises the need to store personal information and this is of paramount importance to its membership.
There are safeguards in place to support safe storage and enables the KPA to fulfil the 7 principles of GDPRUK.
The safeguards are: –
- Identifying the data collection points: The MRIKPA collects data through the forms in the magazine and this consented information is supplied by the member at this point.
- Communicated the purpose: The MRIKPA ensures its members understand the operational reason for their data collection. In MRIKPA’s case, it is for the delivery and distribution of the MRIKPA newsletter and any ad hoc letters that need to be sent and any fundraising needs, where appropriate.
- Thought about consent: The MRIKPA enables its members to choose which data is shared and enables members to remove their data if they so wish.
- We keep your data safe: The MRIKPA holds data securely and through encryption.
- The Association does not use any personal information for marketing purposes.
Confidentiality
Because the Association has thought about safe storage of data and personal information and upheld the 7 principles of GDPRUK through its safeguarding, your details are safe with us.
All information provided by its members to the Association is treated in the strictest confidence by the data controller (the Association) and checked by the DPO, who is the magazine editor.
How to raise your concern
If you have a concern about how your details are being stored or used, you should: –
- As a first step, contact the Data Protection Officer. Their email address is available on the Association’s website.
- If you still have a concern, the next step is to contact the chair of the Association’s committee and their email address is available on the website, who will respond to your concern.
- If you continue to have a concern, you should contact: Charity Commissioners.
MRIKPA GDPR Policy January 2024.
Ref: GDPR/MBMKGHCB2024