Privacy and Data Protection
We collect statistical information about access to and use of our websites through our server logs, but this information is not reported or used in such a way as to reveal personal information about you, nor would such information be shared with a third party.
https://reports.mraths.org.uk runs on WIKINDX software that uses PHP sessions/cookies to store temporary data (for its navigation and environment). Personal information about users is not stored. Useful information about how to control/delete cookies though your browser can be found here.
MRATHS and data protection law
The Malvern and Radar Technology History Society (‘the Charity’) needs to collect and use certain types of information about individuals who come into contact with the Charity in the course of, its work, and servicing its membership. Any personal information, whether collected and stored in electronic or paper form, must be appropriately dealt with. The Charity fully complies with the General Data Protection Regulation, or GDPR, which is EU legislation replacing and strengthening the UK’s Data Protection Act 1998.
Because the Charity is not a public authority, and its core activity does not involve large-scale monitoring of data subjects, or large-scale holding of protected personal data as defined in Articles 9 or 10, GDPR does not require us to employ a Data Protection Officer (see Article 37.1). As a small organisation with relatively little data, we have therefore chosen not to do so.
In the interests of good charity governance, however, we have designated a Trustee to take responsibility for data protection issues as they arise, and to oversee the work of our data controllers and processors. The Data Protection Trustee(DPT) can be contacted at DPT and is happy to respond to any concerns or questions from members and other data subjects of the Charity.
In particular, the Data Protection Trustee oversees implementation of measures to ensure compliance with GDPR, and ensures that trustees, members, volunteers and others acting in the Charity’s name are handling data in accordance with the Principles of Data Protection laid out in Articles 5 to 11 of GDPR.
This policy will be periodically reviewed and updated to reflect best-practice developments and to comply with amendments made to GDPR post-Brexit, when the Data Protection Bill currently before Parliament becomes law.
Your rights as a data subject
In general we hold as little data as possible that could cause any harm if breached, and is relatively harmless (for example, names and email addresses). Unless you are a Trustee, member, or volunteer, you are not likely to be one of our ‘data subjects’, that is, somebody on whom we hold data. If you are a data subject then yu have the following rights:
- Under GDPR Article 15 you have the right to ask us if we do hold data on you, and if so, what, and on what basis. Any such enquiries should be made to DPT. We will reply within 30 calendar days. Should it prove that data on you is mistaken, under Article 16 you then have a right to ask us to correct such an error.
- Under GDPR Article 17 you have the ‘right to be forgotten’: to require us to delete data which is no longer needed, or held only by your consent. We hold little or no data by consent, so the scope for Article 17 is limited. However, we will look at any Article 17 request case by case so that your rights are fully upheld. Such a request should be made to: DPT.
- Under GDPR Article 13 you have the right to know what we keep, why, and for how long, whenever you provide us with data on yourself.
Article 13.1 requires the Charity to declare the Data Controller for our data: we are a small organisation, and the Data Controller is the Charity itself (as it was also under the terms of the Data Protection Act 1998).
Article 13.2 provides that you may, if not satisfied with our response, complain to the regulator. Since the Charity is based in the UK, this is the Information Commissioner’s Office or ICO.
Our full policies as they affect you are available in response to an Article 15 request (see above), but in brief: If you join the Charity, which is a CIO, we are required to keep membership records by law. If you then leave, or your subscription lapses, your contact details will be kept for a reasonable period in case the lapse was accidental, since many members do forget to renew but then rejoin. After this period, the record of your membership will be deleted.
The Charity does not sell or pass your data, to any third party unless required to do so by law.