Bromsgrove Model Flying Club
Data Protection Policy V0.3
This data protection policy sets out our commitment to protecting personal data and how we implement that commitment with regards to the collection and use of personal data.
The General Data Protection Regulation or GDPR goes into effect on 25 May 2018. This EU directive is meant to give better protection to personal information throughout the European Union and create a better system of responsibility for data breaches.
Organisations which are established for not-for-profit making purposes can be exempt from registration. A not-for-profit organisation can make a profit for its own purposes, which are usually charitable or social, but the profit should not be used to enrich others. Any money that is raised should be used for the organisation’s own activities.
The exemption applies to processing which is only for the purposes of:
establishing or maintaining membership;
supporting a not-for-profit body or association; or
providing or administering activities for either the members or those who have regular contact with it.
It is considered that the club conforms with these requirements and claim to be exempt.
However, the law requires that, despite claiming exemption, the club implements policies that comply with the legislation.
We are committed to:
Ensuring that we comply with the eight data protection principles listed below.
Meeting the legal obligations as laid out in the Data Protection Act 1998 and the General Data Protection Regulation 2018.
Ensuring that data is collected and used fairly and lawfully
Keeping and processing personal data only in order to meet our operational needs of fulfil legal requirements
Taking steps to ensure that personal data is kept up to date and accurate
Establishing appropriate retention periods for personal data
Providing adequate security measures to protect personal data
Ensuring that a nominated club officer is responsible for data protection compliance and provides a point of contact for all data protection issues
Ensuring that all club officers are made aware of of good data practice in data protection
Regularly reviewing data protection procedures and guidelines within the club
Data protection principles:
Personal data shall be processed fairly and lawfully
Personal data shall be obtained for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes
Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed
Personal data shall be accurate and, where necessary, kept up to date
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes
Personal data shall be processed in accordance with the rights of data subjects under the Data Protection Act 19987.
Appropriate technical and organisational measures shall be taken against unauthorised and unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
All members and applicants for membership will be required to confirm their acceptance of the club’s Data Protection Policy by signing the Data Protection Statement (see Appendix)
Data to be collected and maintained
Home and Mobile Telephone Numbers
BMFA affiliation Status : Full, Junior, Family, Country Member
BMFC Status: Trainee, A, B or C test, Instructor, Examiner, Honorary
Date of Birth
Payments: club fees, BMFA affiliation, social events, etc
No bank details will be retained in club records.
Data will be retained for up to 5 years in case it is required for legal reasons, such as liability claims or recovery/return of property or references.
Bromsgrove Model Flying Club – Data Protection Statement
To manage your involvement in club activities, BMFC needs to maintain a computer record that includes your personal details.
Our Data Protection Policy explains the data recorded and its intended uses. It is a requirement of membership that this consent is given by signing the following Data Protection Statement.
“I understand that by submitting this form I am consenting to BMFC storing and processing my data for the purposes of maintaining records of membership, payment of subscriptions, arranging registration and membership records with the BMFA and the distribution of information about the club in the form of newsletters and email. Data will not be shared with any third party and the principles of the Data Protection Act 1988 will be adhered to.”