General Statement of Swindon Film Society’s Duties and Scope
In order to operate, Swindon Film Society, referred to below as ‘The Society’, needs to
gather, store and use certain information about it members and will take all reasonable
steps to do so in accordance with this Policy.
Data Controller
The Data Controller for Swindon Film Society is the Society’s Committee. The Data
Controller will endeavour to ensure that all personal data is processed in compliance with
the General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) which comes
into force on 25 May 2018.
The Principles
The Society will, so far as is reasonably practicable, comply with the GDPR Principles to
ensure all data is:
Fairly and lawfully processed
Processed for a lawful purpose
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than necessary
Processed in accordance with the data subject’s rights
Secure
Not transferred to other countries without adequate protection
Personal Data
Personal data covers both facts about an individual where that data identifies an individual,
for example, a member’s name, postal address and email address.
Processing of Personal Data
The Society will only collect and process data with consent, where lawful and where it is
necessary for the legitimate purposes of the group.
Rights of Access to Information
Members and ex-members have right of access to information about their personal data
held by the Society. Any request for the following will be actioned within fourteen days of
the request being made:
to see any data stored about them;
that any inaccurate data held on them is updated;
to stop receiving any communications from the Society;
to have their data deleted from the Society’s records.
Accuracy
The Society asks members to inform us of any changes to their personal data, e.g. change of
address or email. Any individual will be able to update their data at any point by contacting
the Data Controller.
Data Security
The Society will ensure that data held by us is kept secure. Electronically-held data will be
held within a password-protected and secure environment and physically-held data (e.g.
membership forms or email sign-up sheets) will be stored securely. Any physically held data
will be securely destroyed if no longer required.
Retention of Data
Members’ personal data will by default remain on the Society’s records for three years after
an individual’s membership lapses, before being removed and erased. This data will be
retained for the purpose of informing previous members about the Society’s programme by
email and post.