General Data Protection Regulation (GDPR)
1. What is the GDPR?
The GDPR is data protection for citizens of the European Union developed to provide one unifying, streamlined set of rules about data. The GDPR took effect on 25 May 2018. The Sussex Association of Naval Officers (SANO) seeks to be GDPR compliant to the best of its ability.
Personal Data: Data relating to a living person and from which that person can be identified.
Data Subject: The person about whom personal data are processed.
Data Controller: The person or organisation who decides how the personal data are processed and for what purposes.
Processing: Anything done with/to personal data, including storage.
Data Processor: The person or organisation doing the data processing.
3. SANO’s Executive Committee (EC)is the Data Controller and Data Processor (contact details below).
4. A SANO member is a Data Subject and the EC complies with the GDPR by keeping his/her Personal Data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting the Personal Data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect Personal Data.
5. SANO EC processes a member’s Personal Data for the following purposes: –
- To administer SANO membership records
- To maintain SANO accounts and records
- To maintain contact with members, and awareness of their health and welfare circumstances so far as relevant to the association’s objects
- To inform members of SANO news and events
- To facilitate visits to other locations
6. What are the legal bases for processing a SANO member’s Personal Data?
- Explicit consent of the data subject so that members can be kept informed about news and events.
- Contract SANO has with a member making the processing necessary.
- Legitimate interests of SANO and its need to process data in order to contact members.
7. Sharing a SANO member’s Personal Data
A member’s Personal Data will be treated as strictly confidential by the EC and will only ever be shared with other SANO Members for purposes connected with a SANO event. Personal Data will only be shared with a third party when required for access to a location as part of an organised visit (members’/guests’ names and car details).
8. How long does SANO EC keep a member’s Personal Data?
A member’s Personal Data is kept for as long as his/her membership is valid and for a further calendar year.
9. Rights associated with Personal Data
A member has the following rights with respect to his/her Personal Data: –
- The right to request a copy of their Personal Data which the EC holds;
- The right to request that the EC corrects any Personal Data if it is found to be inaccurate or out of date;
- The right to request their Personal Data is erased where it is no longer necessary for the EC to retain such data;
- The right to withdraw their consent to the Processing at any time
- The right, where there is a dispute in relation to the accuracy or processing of their Personal Data, to request a restriction is placed on further Processing;
- The right to lodge a complaint with the Information Commissioner’s Office.
10. Further Processing
If the EC wishes to use a member’s Personal Data for a new purpose, not covered by this Data Protection Notice, then a new notice will be provided explaining this new use and setting out the relevant purposes and Processing conditions prior to commencing the Processing. Where and whenever necessary, the member’s prior consent will be sought to the new Processing.
11. Contact Details
To exercise all relevant rights, queries or complaints please in the first instance contact the SANO Secretary:
Lt Cdr R J Wright, CEng, MIET, RN
Chanctonbury View, Countryman Lane, Shipley, West Sussex, RH13 8PZ
Date approved by EC: April 2020
Date for review: January 2022