Highworth Artists’ Society is compliant with the rules of the General Data Protection Regulation (GDPR) for the protection of the data of members and others who have connections with HAS.
Others who have connections (described as “associates”) include visiting tutors, committee members of other art groups, guests who attend exhibitions, recipients of invitations, non-members who attend HAS events, Council Office or other venue personnel, exhibition sponsors and any person(s) for whom an on- going connection with HAS is desired.
The Committee of HAS and those who carry out certain tasks on behalf of HAS reserve the right to hold the contact details of members (under GDPR – Legitimate Interests) and of associates who have given their explicit and uncoerced consent to do so.
Contact details include the person’s name, postal address, email address and telephone no(s) for the purpose of sending them information regarding the activities of HAS and to keep members informed of matters related to their membership. These contact details will not be disclosed to any third party without the explicit and uncoerced written consent of individual members or associates. Should anyone feel that their personal data is being misused by HAS they have the right to appeal to the Information Commissioners Office (ICO).
Contact details will be held by the committee on computer, memory sticks and as hard copy. All information will be removed and securely destroyed should membership or association cease - unless HAS has the explicit consent of those former members and associates to continue to send them HAS information and invitations or if the former member’s contact details are required for financial purposes. In this case the
contact details of the former member may be kept by the Treasurer for up to 60 days after the end of the financial year (March 31st) following cessation of membership. Such details will then be deleted.
Membership consent will essentially remain throughout the membership period unless the member withdraws consent or there are changes to the way HAS use/process personal data. Members will be informed of any new items/changes and asked to give their consent if it is required.
Contact details of purchasers are securely destroyed/deleted from the invitation list 3 years after purchase unless HAS have the explicit consent of the purchaser to continue to send invitations. Consent will be sought from all new purchasers at the time their purchase was made.
HAS is obliged to process financial data to comply with the law (under GDPR - Legal Obligation) and to fulfil the financial obligations of the Society. Records are kept for 6 years for HMRC and audit purposes and are deleted/securely destroyed after that time. No financial information is held about members other than the fact that they have made payments by cheque, cash, standing order and online bank transfer. In the case of
purchasers the only financial information held is that they have paid by cash or cheque. Society Bank Statements are held as paper copies and shared only with an accountant for the purposes of the annual audit. Financial information is held by the Treasurer and kept on a computer which is password protected and fully anti-virus protected, on memory sticks and as hard copy.
If a member of the Committee relinquishes his/her post, he/she will delete/securely destroy all records at the time of handing over responsibility to another appointed person.
Emails and correspondence from members and associates will be deleted as soon as the content is no longer needed. All group emails will be sent as ‘Blind Carbon Copy’ (BCC) so that names and email addresses are not visible to other person(s) receiving the email.