Approach to data protection
Personal data submitted through the membership form will be held by the Membership Secretary alone. Council Members may ask for personal data to correspond with specific groups within the membership, or for financial purposes. Data will be transferred between Council using password protected files, and the files will be securely deleted after use. The Membership Secretary is responsible for making sure that the personal data are held on an encrypted and password protected device, and that data are securely passed between the Membership Secretary and other Council Members. Data will not be used for any other reason, other than that specified at the time of request from the Membership Secretary and will not be stored by any Council Members. There is no need to complete a Data Protection Impact Assessment because our data processing is unlikely to result in a high risk to individuals.
Comments
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
Cookies
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
Compliance with Data Protection Policy
There will be an annual review of the policies to monitor compliance by the Council.
Process for dealing with data information requests
Members can view and update the information that is currently held about them or opt out of mailing lists or membership. To request any of these members contact the Membership Secretary, their email is membership@spma.org.uk
Members wishing to delete, restrict or object to the processing of their personal data, are encouraged to contact the Membership Secretary and the Data Protection Lead on the email addresses provided above. It is necessary for us to hold certain information about members in order to run the organisation, but we will be happy to discuss any concerns, and
remove unnecessarily stored information. The outcome of the request will be documented.
What data breach procedures we have in place
If there is a security breach this should be reported immediately to the Council Members. They will put mechanisms in place to investigate and implement recovery plans if possible. Affected individuals will be contacted to inform them about the breach, and if necessary the event will be reported to the ICO (Information Commissioner’s Office), the independent regulator which exists to protect people’s information rights. All data breaches will be documented by the Data Protection Lead, even if they do not need to be reported to the ICO.
How long will we keep your information?
Information about members is updated annually in January. We will keep information for as long as necessary for the purposes it was collected for. This will vary depending on the type of information, and legal requirements or other justifications permitted by the Data Protection Law.
What are our responsibilities and your rights?
We will take great care with the information that we hold about our members. As paid members of the organisation, we hold your personal data as part of our legitimate interest
in aiding us to run the SPMA.