Under the General Data Protection Regulations which came into effect on 25 May 2018 the Dvořák Society, like many other organisations, is required to consider how it uses personal data and to inform its members via this Privacy Notice.
Information we hold. The following personal information relating to members is held on the Dvořák Society database; some categories do not apply to all members.
Membership number, name, address, telephone number, email address, website address, membership category, date of joining, date of Gift Aid declaration, record of subscription payments and donations, record of banker’s order details, and a log of individual communications.
Amendment and retention of information. This information all originates from the member, as supplied initially when joining the Society or subsequently amended. Any member has the right to know what personal information is held, to have any errors rectified, and to have data deleted. Such requests should be made to the Membership Secretary, who will deal with them within one month without charge. Any subsequent unresolved complaints can be referred to the Information Commissioner’s Office (ICO). When someone ceases to be a member his/her contact details, membership category, date of joining, date of Gift Aid declaration and statement of any arrears are transferred to a separate database and retained for five years.
Use of personal data. Only the Membership Secretary has access to and control of the database, which is held at his home. He shares relevant information with the Committee as needed for the efficient conduct of the Society, and provides address labels (generated from the database) for mailings to members. Personal data is not made available to any external bodies, except that data of Dvořák Society members who are also members of the International Martinů Circle (IMC) may also be shared with the UK representative of the IMC and the IMC office in Prague. The designated Data Protection Officer for the Dvořák Society is the Membership Secretary, who will report to the ICO any data breach that puts at risk the rights and freedoms of individuals.
Lawful basis for processing personal data. By applying for membership and paying a subscription, which is accepted, the member has a contract with the Dvořák Society for certain services (e.g. receipt of publications), and the information we hold and use is needed for us to supply those services.
Consent. GDPR allow processing of an individual’s data without consent if this is necessary to supply goods or services that have been requested, as has been done by applying to join and remaining a member. So we do not need to seek renewed consent to continue supplying our normal services to members. However, to use personal data to send information from third parties (e.g. to publicise a concert organised by others) requires the positive consent of the recipient, in the form of ‘opt-in’ rather than ‘opt-out’. Steps have been taken to secure this consent from those on the London Events email group.
Publication of information. In the past the annual Dvořák Society Yearbook has included a Membership Directory giving members’ contact details. Members have always had the option of asking for some or all of their personal data to be withheld from this, but this does not meet the more stringent GDPR requirement for positive consent. Therefore, for 2018 at least, the Membership Directory will not be included in the Yearbook. Members who wish to communicate with other members are asked to contact the Membership Secretary, who will be happy to forward messages.
Jurisdiction. An organisation that operates in more than one country, as the Dvořák Society does, has to make clear which is its lead supervisory data protection authority. For the Dvořák Society this is the UK Information Commissioner’s Office.