Introduction
The Society’s aims are to advance the education of the public in the art and science of photography, its theory and practice, by the provision of lectures, workshops, exhibitions, information and advice and other related activities. It is subject to the General Data Protection Regulation (GDPR) and the Society’s Policy meets the GDPR’s conditions for the lawful basis for processing data.
General Principles of data collection and retention
Data collection must be fair and for a legal and specific purpose. Any data collected must be necessary and not excessive for its purpose. Records must be accurate and kept up-to-date and not kept for longer than necessary.
The legal basis for processing
We process data collected for the Society’s legitimate interests as a membership organisation(one of the six lawful bases set out in the GDPR). We ask for consent to process any data where the processing would not meet the legitimate interests’ basis.
What data do we keep?
We keep members’ names, residential addresses, email addresses, contact telephone numbers and any photographic distinctions. This data is necessary to communicate with members and may be required when entering external competitions. We also keep records of award winners, previous Society programmes and Committee minutes, and photographic interests collected from new members.
Who is it shared with?
The Society’s Committee members have access to members’ personal data, and, if not a Committee member, the Society’s SPA Representative whose function is to circulate information to members coming from the SPA and other SPA clubs. Normal communication is via the Members’ Forum, but email or postal mail may be used on an occasional basis. Emails are sent to members using BCC for confidentiality. The Society does not pass data to marketing companies. Data is passed to the organisers of external competitions who need names and distinctions of members whose images are used.
How is data stored?
Data is stored on personal computers with password protection and adequate computer security software. It is also stored in paper form in files. If there is a data breach the relevant member, or members, will be notified and steps taken to ensure better security in the future.
How long is data kept?
If a member has not renewed their membership, they will be regarded as an ex-member. Their data may be kept for up to two years after leaving, apart from data relating to internal and external awards and competitions for archive purposes.
Who manages the membership data?
The Membership Secretary is responsible for collecting data and keeping it up-to-date. Members are responsible for ensuring any changes are notified promptly to the Membership Secretary. Members are entitled to access their personal data and can ask for any part of it to be updated or deleted, although this may result in them no longer receiving any communications from the Society.
Compliance with the Policy
Compliance with this policy will be kept under review by the Committee.