The Arts and Crafts Movement in Surrey. A cottage by Sir Edwin Lutyens at Munstead.

William De Morgan tile. Click to visit the Demorgan centre.

Data Protection Policy


1 Introduction
2 Legislation
3 ACMS Data Protection Principles
4 Data held by ACMS
5 ACMS Members’ rights regarding data


1 Introduction

1.1 The Arts and Crafts Movement in Surrey is an independent amenity society established in 1996 concerned with the conservation, restoration and education about works inspired by the Arts and Crafts Movement especially within the historic County of Surrey. It is a voluntary organisation with an annual income of less than £5,000 p.a. and details of the Constitution of the Society can be provided upon request.

1.2. In order to ensure efficient administration, the ACMS holds a limited amount of personal data relating to its Members. This information has always been carefully protected as required by the Data Protection Act of 1998. However, in May 2018, this Act becomes superseded by the General Data Protection Regulation (GDPR). This document has been prepared in response to the requirements of this new legislation to ensure that the ACMS has a robust data protection policy in place by the time that the new regulations come into effect on 25 May 2018.

2 Legislation

2.1 The General Data Protection Regulations (GDPR) are based on the principle of individuals giving express consent for their information to be held and used in a specific manner. This consent has to be regularly renewed. In plain English, organisations and those who wish to hold data about individuals have to get them to “opt-in”. The ACMS will in future be required to gain written consent to the processing of personal data.

2.2 The GDPR can be found at: The Guide to the GDPR issued by the Information Commissioner’s Office is at:

2.3 To use the language of the legislation, the elected Main Committee is “the Controller” in the terms of the Regulations and the Membership Secretary (or substitute appointed in accordance with the Constitution of the Society) is “the Processor”.

2.4 The Personal Data of Members is required by the Society to enable it to send out notifications of meetings and other events; circulate information on conservation matters relating to Arts and Crafts buildings; send out newsletters; issue committee papers and other documentation for the election of officers etc. as required by the Constitution of the Society and to enable Members to pay their annual subscription. The ACMS also sends out notices of relevant interest for events or exhibitions arranged by other organisations, such as museums and galleries.

3 ACMS Data Protection Principles

3.1 The principles for the protection of members details to which the ACMS is committed are:

  • Processed fairly, lawfully and transparently in relation to the Members
  • Collected for the specified purposes set out above and not further processed for incompatible purposes
  • Relevant and limited to what is necessary for the effective work of the group
  • Accurate and kept up to date by adjustments to the Master Membership Database
  • Kept in hard copy and electronic format that permit identification of members while they are active in the Society but for no longer
  • Processed in a secure way that ensures protection against unauthorised processing, accidental loss, destruction or damage, using appropriate technical and organisational measures (GDPR Section 5)
3.2 The following measures and procedures are to be used to ensure security of the Personal Data held by ACMS
  • All hard copy data on an individual, including Membership application forms and Consent responses, will be filed and stored securely by the Processor.
  • Membership data is to be consolidated on the electronic Master Membership Database and distributed by the Processor to the Chairman and Hon. Secretary.
  • The Master Membership Database is to be kept up to date as changes become apparent and reissued at the discretion of the Processor. The list is to be backed up electronically.
  • Personal data on those who have ceased to be members for any reason may be retained for up to one year in case issues arise, but is then to be deleted
  • Previous Membership Lists to be erased or shredded as soon as new ones become available
  • Multiple e-mail addresses in a single e-mail are to be hidden from other recipients by use of the Blind Carbon Copy (BCC) facility
  • Immediate action is to be taken to deal with security breaches including notification to individuals if there is a high risk to their rights and freedoms. The Controller is to be informed of all breaches.
3.3 Under no circumstances is the Membership Database to be made available to another individual or organisation. Individual data elements, such as a phone number, may be passed on to a third party only with the express permission of the member concerned.

4 Data held by the ACMS

4.1 Personal data is acquired by the ACMS in a number of ways including submission of a Membership Application Form, via the website, through personal contact with existing members or by phone calls or e-mails from both members of the society or members of the general public.

4.2 For members of the public making enquiries of the society, details of email addresses or telephone numbers will only be disclosed to other members of the Society with the express consent of the individual. The information will only be retained until the enquiry has been answered and will then be destroyed.

4.3 For those wanting to become members of ACMS the Processor (Membership Secretary or authorised substitute as above) will ensure that clear an unambiguous consent is gained to the retention and necessary sharing of personal data submitted as part of a membership application.

4.4 For Members of the ACMS the information usually retained includes: title, full name, postal address, e-mail address, landline and mobile phone numbers. Bank account information (without pin numbers or passwords) to enable the setting up of standing order payments for membership subscription will only be shared with the Hon Treasurer as required, retained for the process of registration and destroyed thereafter.

4.5 Personal information, including consent forms will be retained by The Processor on a Membership Master Database which is to be regularly kept up to date as changes occur. Protected Copies of the database are made available to nominated members of the Society’s committees. This provides resilience for ACMS’s operations in the event of illness or other unforeseen circumstances affecting management of the group.

4.6 The personal data of Members attending events and lectures may be available in the form of a temporary list to members of the Events Committee who are involved in the organisation of the event and required to carry out risk analysis etc. This personal information may be used to report on numbers attending or to provide study notes or necessary information for those attending the events. The Processor will ensure that any temporary lists are not otherwise retained.

5 The rights of Members of the ACMS

5.1. When collecting, processing and storing data, the Controller and Processor will uphold the rights of Members by:

  1. Informing them through the regular circulation of privacy or consent notices of the way in which their data is being used
  2. Facilitating when requested: Access to their Personal Data Rectification when changes have occurred Erasure Restriction of processing Logging objections
5.2 Your rights. You have the right to request:
  1. A copy of your personal data held by us and if necessary have it amended
  2. Erasure of your personal data
  3. Withdrawal of your consent to processing. If you have any queries or want to exercise any of your rights please contact The Acting Membership Secretary


The content of this site is © copyright 2005-2020 Arts and Crafts Movement in Surrey except where noted. GDPR policy.