We are committed to being transparent about how we collect and use the personal data of our members, and to meeting our data protection obligations. This policy sets out that our commitment.
Contact firstname.lastname@example.org if you have any questions about this policy.
This policy applies to the personal data of trustees and members of Riverside Naturally.
This policy aims to assist Riverside Naturally trustees to comply with the requirements of data protection legislation.
Data Protection Principles
We process personal data in accordance with the following data protection principles:
We process personal data lawfully, fairly and in a transparent manner;
We collect personal data only for specified, explicit and legitimate purposes;
We process personal data only where it is adequate, relevant and limited to what is necessary for the purposes of processing;
We keep accurate personal data and take all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay;
We adopt appropriate measures to make sure that personal data is secure, and protected against unauthorised or unlawful processing, and accidental loss, destruction or damage.
We tell individuals the reasons for processing
Trustees may have access to the personal data of group members in the course of their activity on behalf of Riverside Naturally. Individuals who have access to personal data are required:
to access only data that they have authority to access and only for authorised purposes;
not to disclose data except to individuals (whether inside or outside the organisation) who have appropriate authorisation;
to keep data secure (for example by password protection, and secure file storage and destruction);
Significant or deliberate breaches of this policy, such as sharing personal data without a legitimate reason to do so, will mean immediate loss of membership of Riverside Naturally.
Riverside Naturally will provide information to all trustees about their data protection responsibilities to help them understand their duties and how to comply with them.
What information do we collect?
We collect and process names and contact details about members. We may collect this information as part of the membership form.
Why do we process personal data?
We need to process data to ensure that we are complying with our legal obligations and duties as a SCIO. Processing member data allows the organisation to:
maintain accurate and up-to-date membership records and contact details
meet our duties as an SCIO re a membership register for transparent, proper exercise of decision making powers.
ensure effective general communications and promotions
Who has access to data?
Your information may be shared between trustees for the purposes of the organisation.
How do we protect data?
We take the security of your data seriously. We will work to ensure that your data is not lost, accidentally destroyed, misused or disclosed. Riverside Naturally will consider any statutory requirements which apply regarding the handling of personal data, balanced with the good practice approach of operating an open, transparent organisation in which members can easily communicate with one another about key issues.
We will hold your personal data for the duration of your membership. The period for which your data is held after the end of membership is for at least 6 years in accordance with SCIO regulations.