Reepham and District Photographic Club
Data Protection Policy
Reepham and District Photographic Club [The Club] is a Data Controller within the UK which collects and holds personal information relating to its members:
1. For the use of contacting and supplying information about the club’s activities and competitions etc. to its members.
2. Information relating to photographs entered into competitions.
3. Information relating to other clubs that enter into competitions with this club and to include judges.
This information may include electronic data as well as written documents.
Information collected will not be forwarded to any other parties for advertising or marketing without the express permission of the subject of the information.
The information will be held by the secretary of the club as the Data Controller.
The Club may retain historical archives for example, but not limited to, records of meetings, awards and other event results.
The Club must publish and review this document and their compliance with this policy regularly or at least at each AGM.
Supply a copy to each member as they join and supply a copy to each other club that becomes involved with the club.
Consent for the collection of data will be automatically assumed as part of the agreement for an individual to join the club.
Volunteers who collect data relating to the club’s competitions or outings etc. will be classified as a separate data collector and must forward their collected data directly to the secretary promptly and may not pass on or use the data collected in any other way whatsoever.
Personal data and information may have to be forwarded to other institutions and clubs when entering third party competitions. Action:
The PAGB has published separate guidance on the safeguarding of children and others, collectively referred to as ‘vulnerable individuals.’
The guidance remains applicable, and no additional issues arise for Clubs form the change of data protection legislation.
Date subjects are entitled to access their personal data held by a data controller. That is in addition to making a data protection policy generally available. The data subject does not have to give a reason for the request, and the few exemptions are unlikely to apply.