DATA PRIVACY NOTICE (May 2018)
1. Your personal data – what is it?
Personal data is information which relates to any living individual who can be identified from that data (in this notice called ‘your data’). Identification can be by that information alone or used in combination with any other information in the Data Controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
2. Who are we?
We are the Institute of East Anglian Artists (IEA). Our Data Controller is Mark Wilkins, our Management Consultant.
3. How do we process your data?
The IEA will comply with its obligations under the “GDPR” by keeping your data up to date, by storing and destroying it securely, by not collecting or retaining excessive amounts of data, by protecting your data from loss, misuse, unauthorised access and disclosure, and by ensuring that appropriate technical measures are in place to protect your data.
We will use your data for the following purposes: –
To operate the IEA website and provide services as requested.
To administer the membership records for all Members and Friends.
To promote the interests of the IEA.
To maintain our own invoices/accounts via PayPal/Stripe accounts.
To inform you of news, events, workshops and the other activities of the IEA.
4. What is the legal basis for processing your data?
Your consenting to our holding your data so that we can keep you informed about news, events, workshops and the activities of the IEA.
Such processing is necessary for preparing and running exhibitions, organising events, invoicing, membership and dealing with general enquiries.
Such processing is carried out by the IEA (a not-for-profit body) provided that (i) the processing relates only to Members, former Members, Friends or non-members who have confirmed their subscriptions, and other persons who raise enquiries of the IEA (ii) there will be no disclosure of your data to any third party without your consent.
5. Sharing your data
Your data will be treated as strictly confidential and will only be shared with other members of the IEA in order to carry out the activities of the IEA. We will only share your data with third parties outside of the IEA with your consent.
6. How long do we keep your data?
We will keep your data from workshops and events, and your raising general enquiries with us for one year, after which it will be destroyed.
Historical transaction data (i.e. invoicing) will be stored for five years after which it will be destroyed. Data relating to your membership will be retained until one year after you have ceased to be a Member. Annual Open Exhibition summaries will be stored permanently (you may request a copy of any identifying information).
7. Your rights and your data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your data:-
The right to request a copy of the data which the IEA holds about you.
The right to request that the IEA shall correct any of your data if it is found to be inaccurate or out of date.
The right to request that your data shall be erased when it is no longer necessary for the IEA to retain such data.
The right to withdraw your consent to the processing of your data at any time.
The right, if there should be any dispute in relation to the accuracy or processing of your data, to request that a restriction shall be placed on further processing.
The right to object to the processing of your data, (where applicable).
8. Further processing
If we wish to use your data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. When necessary, we will seek your prior consent to the new processing.
9. Contact Details
To exercise all relevant rights, or raise queries or complaints please in the first instance contact the Data Controller at firstname.lastname@example.org. Please head your communication ‘Data Privacy’.