home join! news information maps history gallery contact links

General Data Protection Regulation (GDPR)

Go straight to consent form.


The General Data Protection Regulation comes into force on 25th May 2018. Under the regulation we are required to:

  • tell you what data we hold on you;
  • obtain your consent to hold such data;
  • take reasonable precautions to secure your data;
  • provide you with a copy of such data on request;
  • allow you to change or delete any data we hold on you;
  • delete personal data that are no longer required.

You will of course realise that if you ask us to delete all your data, we then will not be able to send you newsletters, timetables, membership reminders or any ad hoc messages.

What Data We Hold

The data we hold fall into two categories: the membership database and membership accounts.

The database holds the following data:

  • your contact details (name, postal address and email address if applicable);
  • membership number and type, year of joining (if known);
  • post code (copy for sorting and filtering), local station code;
  • date of last renewal and payment type (PayPal, cash, cheque);
  • whether you require printed timetables.

The membership account shows all payment details for the year, including payment type (cash, cheque, automated or PayPal) and cheque details if applicable. The account is sent to the Treasurer by email and used to reconcile the bank and PayPal statements. The Treasurer supplies details of automated payments (online banking, standing orders, etc.) to the Membership Secretary. Year end accounts are held for a number of years in accordance with normal accounting practice.


The database is held on a personal computer which is behind two firewalls which both block incoming requests. It is not currently encrypted. Regular backups are made to a separate device.

No personal data are stored on the web server or in the ‘cloud’. However data entered on web forms are transmitted to the Membership Secretary by email. Mail to our domain ( is forwarded by our host’s mail server to the recipient.

We do not pass personal data to any third party, and will not do so unless compelled by law.


You are entitled to request a copy of the current data we hold on you.

You may also request that any or all such data are amended or deleted.

Requests should be sent by email to

Please be aware that although we can delete or amend all current data it will not be feasible to update all archived backup copies.


Please complete and submit the form below to indicate your consent to MMPA holding your data. This only needs to be done once.

 I consent to the Marlow - Maidenhead Passengers’ Association holding my contact and payment details. I understand that I can withdraw this consent at any time.

First name or initials: Membership number: *
Last name: Postcode:
E-mail address:
   the form or  all data.
 * leave blank if you can't remember. All other fields are required.

Valid HTML 4.0!   Best with Any Browser   Mastered on RISC OS 6

Last updated 15th April, 2018