The Business Archives Council is committed to protecting the privacy and security of personal data and will comply with all data protection legislation in its handling of your personal data. It will ensure that any third parties who work with us are also compliant with the law, and in the way they handle and store information.
When we collect data
We collect data from you:
- when you join the Council and when you renew your membership
- when you make orders or bookings with us
- when you attend events or meetings of the Council
- when you volunteer or act in an honorary capacity for the Council
- when you supply or we buy from you
- when you visit our website
- when you make enquiries or we interact with you in the course of Council business.
We hold contact and financial details supplied by you when you join. In some cases we will hold ‘special category’ information, such as dietary requirements, in relation to events you attend; such ‘special category’ information will be deleted as soon as it is no longer required for the purpose for which it was collected. We will hold information about your attendance at BAC meetings and events including photographs and video or audio recordings.
How we use your data
We use your data to administer your membership and the activities of the Council, distribute our newsletter, to send you notifications of meetings and events, general updates (including future changes we may make to this privacy notice) and other relevant information. Individuals who apply to join will be asked their preferred method of receiving communications from the Council and this will be noted on the membership database. We will ask at the point of renewal if there is any change in your preferences.
If the law requires us to, we may need to collect and process your data, and we may also use your data, typically in an emergency, where this is necessary to protect your vital interests, or someone else’s vital interests.
We may share your data with third parties who act for us (e.g. collect subscriptions or organise our conferences and events) and will ensure that they comply with all relevant data protection legislation. We will not share your data with any other third parties.
We maintain an historical record of our activities, which is archived in the public interest, so it can be used for research in accordance with data protection legislation.
Personal data will be held on secure password-protected computers, and physical records and media in locked cabinets and secure archive store. No trustees will hold personal data outside these central storage systems.
How to contact us
Under GDPR you have the right to request in most circumstances access to the personal data we hold about you, and copies of any data shared with a third party. You can also request the correction of your personal data and in certain circumstances the erasure of your data and the suspension of processing. You can contact us to exercise these rights at any time.
If you have any questions about our handling of your personal data or wish to exercise your rights under GDPR, please contact our secretary on firstname.lastname@example.org
If you feel your data has not been handled correctly you may lodge a complaint with the Information Commissioner’s Office on 0303 123 1113 or on their website https://ico.org.uk/for-the-public/.
25 May 2018