NORTH WEST WIMBLEDON RESIDENTS’ ASSOCIATION PRIVACY NOTICE
On 25th May 2018 the EU’s General Data Protection Regulation (“GDPR”) will come into force. The Government currently has a Bill before Parliament, the Data Protection Bill 2017, which imports the provisions of the GDPR into UK law, with some variations to suit UK practices and requirements, and which will continue in force after Brexit. All organisations however small are bound by the GDPR and the Bill (when it becomes an Act) and so NWWRA must follow the specified data protection rules.
Who are we?
North West Wimbledon Residents’ Association. Our contact details are at the end of this notice. We are the ‘data controller’ for the purposes of GDPR. This means that we decide how your Personal Data is processed and for what purposes.
What is your Personal Data?
Personal Data is data that relates to a living individual who can be identified from that data. We might be able to identify you from the data itself or by linking that data to other information we have access to. GDPR tells us how we must process your Personal Data. We collect:
- Email Addresses
- Telephone numbers
- A record of annual membership subscription paid
- A record of emails sent to you from NWWRA
What is the legal basis for processing your Personal Data?
NWWRA is a Residents’ Association of members. The data we process is collected from individual members of NWWRA, either through registration on LoveAdmin.com or through a NWWRA road representative. Data is processed on the basis of legitimate interest as a residents’ association.
How do we process your Personal Data?
We comply with our obligations under GDPR in the following ways:
- By keeping Personal data up to date,
- By storing and destroying it securely,
- By not collecting or retaining unnecessary or excessive amounts of data,
- By protecting Personal Data from loss, misuse, unauthorised access and disclosure and
- By ensuring that appropriate technical measures are in place to protect Personal Data
How do we use your Personal Data?
- To manage your membership information and process annual subscriptions for NWWRA
- To inform you of news, events, activities or services which we think you might like to hear
- To share your Personal Data with NWWRA road representatives to enable them to collect annual subscriptions and update data for the purposes of delivering the service we provide
- To carry out the legitimate purposes expected of a residents’ association
Do we share Personal Data with anyone?
Personal Data will be treated as strictly confidential and will be shared only with organisations whose services are required in order to go about the legitimate activities of NWWRA. We will only share your Personal Data with other third parties with your consent. These third parties, in turn may rely on data processors to provide services that help them help us. Some third parties we use may operate outside the EEA. In these cases, we will make sure that we have robust contracts in place with those third parties and that adequate safeguards exist to protect and secure your Personal Data. When you give your consent to our holding of your Personal data you agree to us sharing your Personal Data with third party processors and sub-processors located both inside and outside the EEA.
Where your personal data may be processed
LoveAdmin.com is the data processor. Information is stored securely on dedicated servers housed in a purpose built data centre. SSL is used to protect the information when transferring data between the server and NWWRA or members.
Data is protected through a unique username and password, which have been authenticated and encrypted for maximum security. No financial information (bank details, credit card information etc) is held by LoveAdmin.com, this is held by the payment facilitators (Paypal and GoCardless).
How long will we keep your Personal Data?
As long as a resident is a member of NWWRA we shall retain their Personal Data. If a resident leaves the area, we will keep their information for no longer than we reasonably need. Usually this will be for a period of no more than a month.
What are your rights over your Personal Data? Members have a right
- To request a copy of the Personal Data which we hold, without any charge
- To request that we correct any Personal Data found to be inaccurate or out of date
- To request that your Personal Data is erased when it is no longer necessary for us to keep it
- To withdraw your consent to the processing we carry out at any time
- To ask us to restrict further processing
- To object to the processing of Personal Data
- To update your personal data yourself on LoveAdmin.com, or to have it removed through contacting the membership secretary
If you have a problem, complaint or if there is something you don’t understand, please contact us through this page.
Should a breach of your privacy occur, you should notify the UK regulator at the Information Commissioner’s Office within 72 hours. At https://ico.org.uk