HIGH TOR PLAYERS
  • Home
  • Tickets
  • Archive
  • History
  • Get In Touch
  • Privacy
THE HIGH TOR PLAYERS – PRIVACY POLICY – MAY 2018

How we use Member’s and Supporter’s information
The High Tor Players is and amateur drama society and collects data on members and supporters for the purpose of keeping them informed about Society events and future plays. (Data)

The data that we will collect and hold includes:
Name, address, email and phone data

Data Controller
Currently Fran Happe, the Society Secretary, acts as the data controller.
hightorplayers@gmail.com

We use the data:
  • To manage the affairs of the Society and keep membership records
  • to keep records of supporters for publicity purposes only

The lawful basis on which we use this information
We collect and use Members and Supporters Data under article 6 of the General Data Protection Regulations namely – the data subject has given consent to the processing of his or her personal data for one or more specific purposes.
​

We do not collect data under article 9 (which relates to issues such as race ethnicity and religion)

Storing Data
We hold data for no longer than necessary and no longer than:
  • In relation to members – data will be retained no longer than 12 months after a member has withdrawn from membership.  This is to enable the Treasurer to complete annual accounting.
  • In relation to supporters we will retain data only for as long as we have consent of the supporter and will remove all records within i month of a request to ‘unsubscribe’ as a supporter.

Main risks to the Organisation
  • Unauthorised access to written data
  • Theft or loss of computer or memory stick
  • Hacking of computer or scamming of data

Key Precautions
  • Laptops containing data will normally be passworded and kept in personal custody or under lock and key
  • Electronic data will not be networked
  • Documents and files will be kept in locked premises or in personal custody

What to do if information is requested by GDPR
The Data Controller will respond to a lawful request supported by the statutory remittance as soon as practically possible and in any event within 28 days.

Who is responsible in the event of a breach?
Any breach to be reported to the Data Controller as soon as possible.  The Data Controller will ensure that the ICO is notified of a breach within 72 hours of its occurrence coming to the attention of the Data Controller.

We never share and data with any organisations and, in particular, we do not share data with any marketing companies or for the purpose of marketing to third parties.


Copyright © 2022