3 ACMS Data Protection Principles
Data held by ACMS
5 ACMS Members’
rights regarding data
Arts and Crafts Movement in Surrey is an independent amenity society
established in 1996 concerned with the conservation, restoration
and education about works inspired by the Arts and Crafts Movement
especially within the historic County of Surrey. It is a voluntary
organisation with an annual income of less than £5,000 p.a.
and details of the Constitution of the Society can be provided upon
1.2. In order to ensure efficient administration,
the ACMS holds a limited amount of personal data relating to its
Members. This information has always been carefully protected as
required by the Data Protection Act of 1998. However, in May 2018,
this Act becomes superseded by the General Data Protection Regulation
(GDPR). This document has been prepared in response to the requirements
of this new legislation to ensure that the ACMS has a robust data
protection policy in place by the time that the new regulations
come into effect on 25 May 2018.
General Data Protection Regulations (GDPR) are based on the principle
of individuals giving express consent for their information to be
held and used in a specific manner. This consent has to be regularly
renewed. In plain English, organisations and those who wish to hold
data about individuals have to get them to “opt-in”.
The ACMS will in future be required to gain written consent to
the processing of personal data.
2.2 The GDPR can be found
at: https://gdpr-info.eu The
Guide to the GDPR issued by the Information Commissioner’s
Office is at:
2.3 To use the language of the legislation, the elected Main
Committee is “the Controller” in the terms of the Regulations
and the Membership Secretary (or substitute appointed in accordance
with the Constitution of the Society) is “the Processor”.
2.4 The Personal Data of Members is required by the Society
to enable it to send out notifications of meetings and other events;
circulate information on conservation matters relating to Arts and
Crafts buildings; send out newsletters; issue committee papers and
other documentation for the election of officers etc. as required
by the Constitution of the Society and to enable Members to pay
their annual subscription. The ACMS also sends out notices of relevant
interest for events or exhibitions arranged by other organisations,
such as museums and galleries.
3 ACMS Data Protection Principles
3.1 The principles for the protection of members details to
which the ACMS is committed are:
3.2 The following measures and procedures are to be used to ensure
security of the Personal Data held by ACMS
- Processed fairly, lawfully and transparently in relation
to the Members
- Collected for the specified purposes set out above and not
further processed for incompatible purposes
- Relevant and limited to what is necessary for the effective
work of the group
- Accurate and kept up to date by adjustments to the Master
- Kept in hard copy and electronic format that permit identification
of members while they are active in the Society but for no longer
- Processed in a secure way that ensures protection against
unauthorised processing, accidental loss, destruction or damage,
using appropriate technical and organisational measures (GDPR
3.3 Under no circumstances is the Membership Database to be made
available to another individual or organisation. Individual data
elements, such as a phone number, may be passed on to a third party
only with the express permission of the member concerned.
- All hard copy data on an individual, including Membership
application forms and Consent responses, will be filed and stored
securely by the Processor.
- Membership data is to be consolidated on the electronic
Master Membership Database and distributed by the Processor
to the Chairman and Hon. Secretary.
- The Master Membership Database is to be kept up to date
as changes become apparent and reissued at the discretion of
the Processor. The list is to be backed up electronically.
- Personal data on those who have ceased to be members for
any reason may be retained for up to one year in case issues
arise, but is then to be deleted
- Previous Membership Lists to be erased or shredded as soon
as new ones become available
- Multiple e-mail addresses in a single e-mail are to be hidden
from other recipients by use of the Blind Carbon Copy (BCC)
- Immediate action is to be taken to deal with security breaches
including notification to individuals if there is a high risk
to their rights and freedoms. The Controller is to be informed
of all breaches.
4 Data held by the ACMS
4.1 Personal data is acquired by the ACMS in a number of ways including
submission of a Membership Application Form, via the website, through
personal contact with existing members or by phone calls or e-mails
from both members of the society or members of the general public.
4.2 For members of the public making enquiries of the society,
details of email addresses or telephone numbers will only be disclosed
to other members of the Society with the express consent of the
individual. The information will only be retained until the enquiry
has been answered and will then be destroyed.
4.3 For those
wanting to become members of ACMS the Processor (Membership Secretary
or authorised substitute as above) will ensure that clear an unambiguous
consent is gained to the retention and necessary sharing of personal
data submitted as part of a membership application.
Members of the ACMS the information usually retained includes: title,
full name, postal address, e-mail address, landline and mobile phone
numbers. Bank account information (without pin numbers or passwords)
to enable the setting up of standing order payments for membership
subscription will only be shared with the Hon Treasurer as required,
retained for the process of registration and destroyed thereafter.
4.5 Personal information, including consent forms will be retained
by The Processor on a Membership Master Database which is to be
regularly kept up to date as changes occur. Protected Copies of
the database are made available to nominated members of the Society’s
committees. This provides resilience for ACMS’s operations
in the event of illness or other unforeseen circumstances affecting
management of the group.
4.6 The personal data of Members
attending events and lectures may be available in the form of a
temporary list to members of the Events Committee who are involved
in the organisation of the event and required to carry out risk
analysis etc. This personal information may be used to report on
numbers attending or to provide study notes or necessary information
for those attending the events. The Processor will ensure that any
temporary lists are not otherwise retained.
5 The rights of Members of the ACMS
5.1. When collecting, processing and storing data, the Controller
and Processor will uphold the rights of Members by:
5.2 Your rights. You have the right to request:
- Informing them through the regular circulation of privacy
or consent notices of the way in which their data is being used
- Facilitating when requested: Access to their Personal Data
Rectification when changes have occurred Erasure Restriction
of processing Logging objections
- A copy of your personal data held by us and if necessary
have it amended
- Erasure of your personal data
- Withdrawal of your consent to processing. If you have any
queries or want to exercise any of your rights please contact
The Acting Membership
Prepared: 8 May 2018
Date for Review: 8 May 2019