Chelmsford YHA Group

Commitment

Chelmsford YHA Group is committed to ensuring that data is collected and used appropriately, fairly and lawfully.

What data is collected?

Personal data is collected from members of the Group. This may include, for example, name, address, telephone numbers, email addresses, passport and driving licence details, relevant medical and dietary information, bank account details, and emergency contacts. Only data necessary for the Group's activities is collected. Contact details are also collected from prospective new members who enquire about the Group, to enable information about the Group to be supplied to them.

How is personal data used?

Data is used for the management of the Group and organisation of events and activities. This includes communicating with members by post, telephone and email, about their membership status, organisational issues, news and information about the Group, financial transactions with the Group, and promoting the Group's activities. Personal data collected by the Group is not to be used for any other purpose.

Who has access to personal data?

Data is shared among members of the Group for the purposes described above. Personal data is not shared outside the Group except where necessary for the organisation of the Group's activities. For example, information may be used for booking accommodation or transport, or completing bank transactions. Data may also be disclosed when required by law, or if disclosure is necessary in an emergency situation.

How is data stored?

Storage of data is distributed among members of the Group. Members holding personal data do so in a safe and secure way that takes reasonable steps to avoid accidental loss or misuse. The Group ensures that members are aware of their obligations to safeguard personal data. For example, passwords should be used to control access to computer records, devices should have up-to-date security software installed and paper records should be stored in a safe place.

Have members given consent?

Processing of members' personal data is justified on the basis of consent from individuals. Members of the Group are made aware of this policy and asked to give consent for their personal data to be collected and used as described. Consent should be given in writing, either on paper, by email or online, and records of the consent retained. Consent may be withdrawn by contacting datacontroller@chelmsfordyha.org.uk.

There are situations in which data may be used, without specific consent, to pursue legitimate interests of the Group in ways which might reasonably be expected. For example, using contact details when money is owed, or to provide information to prospective new members.

Is the data accurate and up-to-date?

Members are given the opportunity to check the accuracy of the information held about them and to provide updates.

For how long is data retained?

Personal data is kept for current members of the Group and may be retained for up to 3 years beyond membership expiring. Data is deleted if it is out-of-date, or if an individual has withdrawn consent and there is no legitimate need to keep their data. Contact details for prospective new members are deleted if they fail to join the Group or do not give consent to their data being retained.

Deletion means removal of records from the current data in use for the Group's activities. Records may still exist as part of archived data that is not available for use. Note that the holding of contact details by individuals for their own social and domestic purposes is outside the scope of this policy.

Who is the Data Controller?

The Group's treasurer acts as data controller and is responsible for ensuring that queries and concerns about data protection are dealt with effectively and promptly. Members have the right to see data held about them and to object to how it is being used. Contact datacontroller@chelmsfordyha.org.uk.

What information does the Group distribute?

• Newsletter: The Group's newsletter/programme is distributed to members of the Group and to prospective new members and other interested parties. This contains contact details for committee members and event organisers. Members have the choice of receiving the newsletter by post or by email.

• Address List: A contact list is distributed among members of the Group. All members are given the opportunity to opt out of inclusion on this list. The list is provided for the private and social use of members only. Disclosure to non-members of any details from the list may not be made without the relevant members' specific consent. Copies of the address list must be destroyed if they are superseded by a later issue, if the holder is no longer a member of the Group, if they are no longer required, or if it is over 3 years since the date of issue.

• Website and Social Media: Personal data (for example, private contact details) are not displayed on the Group's website unless by specific consent. The website lists the names of the current Committee Members but does not show the full names of other members of the Group. The website includes photographs of members engaged in Group activities and events, but does not identify individuals. If any personally identifiable information is posted on social media, this should be done with appropriate privacy settings.

• Email list: Members of the Group are invited to join an email list. They may decline the invitation, or unsubscribe from the list at any time. The list is only to be used by members and former members for messages that are relevant to the activities and interests of the Group. The list is not to be shared outside the Group, other than with the service provider. Ex-members are not automatically removed from this list, but they can unsubscribe if they wish.

Status of this policy

This policy was agreed by the Group's committee on 18th April 2018. The committee will review this policy regularly and update it if necessary.
Updated with minor corrections and clarifications: 28/04/2018.
Last reviewed at committee meeting: 17/03/2021.