|MARLOW - MAIDENHEAD PASSENGERS' ASSOCIATION|
General Data Protection Regulation (GDPR)
The General Data Protection Regulation came into force on 25th May 2018. Under the regulation we are required to:
You will of course realise that if you ask us to delete all your data, we then will not be able to send you newsletters, timetables, membership reminders or any ad hoc messages.
What Data We Hold
The data we hold fall into two categories: the membership database and membership accounts.
The database holds the following data:
The membership account shows all payment details for the year, including payment type and cheque details if applicable. The account is sent to the Treasurer by email and used to reconcile the bank and PayPal statements. The Treasurer supplies details of automated payments (online banking, standing orders, etc.) to the Membership Secretary. Year end accounts are held for a number of years in accordance with normal practice.
The database is held on a personal computer which is behind two firewalls which both block incoming requests. It is not currently encrypted. Regular backups are made to a separate device.
No personal data are stored on the web server or in the ‘cloud’. However data entered on web forms are transmitted to the Membership Secretary by email. Mail to our domain (mmpa.org.uk) is forwarded by our host’s mail server to the recipient.
We do not pass personal data to any third party, and will not do so unless compelled by law.
Email distribution of newsletters etc. will not show the addresses of all recipients. Messages will either be sent individually (including by mail-merge) or to undisclosed recipients (i.e. BCC).
You are entitled to request a copy of the current data we hold on you.
You may also request that any or all such data are amended or deleted.
Requests should be sent by email to firstname.lastname@example.org.
Please be aware that although we can delete or amend all current data it will not be feasible to update all archived backup copies.
Use of Data
Your contact details are used primarily to send you newsletters, membership reminders and ad hoc communications.
We do not in general send out marketing material. There may be occasions when a train operator makes a special offer that is beneficial to members, and this could be communicated via the newsletter or direct email.
We do not in general carry out any processing of personal data. The only exception is that we may occasionally produce statistical data such as the distribution of members between local stations or postcode districts.
Because your details are only used to communicate with you and the operation of your membership would not be possible without those details, it is not necessary for you to give explicit consent. Applying for or renewing your membership implies consent for the information you supply or supplied to be used for the purposes for which it was supplied.
Last updated 29th April, 2019