Use of Personal Data: policy updated on [29 May 2022]

The General Data Protection Regulation (GDPR) controls the use and storage of personal information. The Canterbury Commemoration Society (CCS) must comply. This document explains key features of the GDPR in its application to CCS.

What is personal information?

Personal information is any information stored about an individual, which can identify that individual and link them to any further information.

What information does the CCS collect? The CCS holds –

• a database that includes the name, contact telephone numbers, postal and email addresses, and miscellaneous information about members such as “former trustee” (“the members’ database”);
• a database containing the names and email addresses of supporters (“the supporters’ database);
  a database of the names and email addresses of individuals who have asked CCS to keep them informed of its events (“the events database”); and
• details of the contributions which project donors and other benefactors have made to CCS, together with their names, contact telephone numbers, postal and email addresses.

How does CCS use this information?

CCS uses contact details to generate mailings about meetings, events, and other news of CCS and for accounting purposes. It shares personal information with its IT consultant (to facilitate the business of CCS), with Mailchimp (for communications with members) and with Stripe (for the processing of payments).

Where and how does CCS store this information?

CCS holds the information on its databases, on password-protected PCs with up-to-date security software.

How long does the CCS store this information?

1. When a member leaves the CCS, the CCS will delete their personal information from the members’ database.
2. When a supporter tells the CCS that they no longer wish to be such, the CCS will delete the supporter’s personal information on the supporters’ database.
3. When an individual tells the CCS that they no longer wish the CCS to inform them about its events, the CCS will delete the individual’s personal information on the events database.
4. When a project donor or other benefactor informs the CCS that they wish the CCS to delete their personal information from its records, the CCS will delete the personal information of the project donor or benefactor on its records.

Who can view it and what can they view?

Trustees may view the information which CCS has collected for the purposes of its business. Members, supporters, individuals on the events data base, project donors and other benefactors may see and, if necessary, correct their own data.