© Croydon Astronomical Society 2012 Croydon, Surrey, England, UK Registered Charity No. 251560
Croydon Astronomical Society
Following the introduction of the new General Data Protection Regulations (GDPR) which came into force on the 25th May 2018, we would like to let you know how we collect and what the Croydon Astronomical Society (the Society) does with personal data given to it by members of the public.
Personal data relates to individuals who can be identified from that data. Identification can be by the data alone or by processing such data.
We strongly believe in protecting your personal data which is why we collect only the minimum data where necessary and store for no longer than is required and no longer than is allowed. This data is reviewed and deleted on a regular basis.
Basis for obtaining Personal Data
When enquiring for, or attending any visits to the Society (our regular meetings and either privately organised or public open evening/day visits) the Society deems that you have given your consent for us to process your provided personal data. The principle purpose is for contacting you, but also for assisting and to further your interest. This is so that we can fulfil our part of providing you with the service.
Collection of Personal Data
We collect personal information from you during the course of the Society’s activities and function. Typically but not exclusively is when you:
• enquire about our activities, register to, and/or attend a meeting, visit or other event;
• make a donation to the Society (but not if anonymously);
• apply to become a member of the Society and complete our membership form;
• specifically provide us with your personal information in any other way.
When you wish to apply for and become a member of the Croydon Astronomical Society, the information we collect and store can be clearly seen from the membership form; it is what you provide to us.
On your personal data the Society lawfully complies with its obligations under the GDPR. Typically by:
• collecting data by identifiable means;
• not collecting or retaining any superfluous data;
• storing data securely;
• ensuring that adequate physical and technical measures are in place to protect this data, such as protection from loss, unauthorised access or disclosure and misuse;
• keeping data up to date;
• processing only to further the charitable aims of the Society;
• deleting or destroying securely all data once it has expired, including all copies.
At our Kenley Observatory
The Society maintains a list (name only) of your visit so that our volunteers on duty will know who is attending or expect to visit on the evening/day, for operational and safety reasons. We use this data after the visit for statistics, future planning, our liability protection and in the eventuality of lost property.
Purpose of collected Data
We use your personal data only for the purposes of the Society, including to:
• inform you of meetings, events and activities run by the Society and related organisations;
• administer membership records;
• maintain our accounts and records (including the processing of Gift Aid applications);
• respond to your request for assistance;
• comply with our legal obligations as a charitable organisation.
Duration of stored Data
We store for no longer than is required and no longer than is allowed. For members we keep your personal data while you are a member -
Your personal data will be treated as strictly confidential by us and will not be shared with other members of the Society other than members of the Committee for administrative purposes. We do not share, give, sell, hire or otherwise pass on any personal data to other organisations or individuals (except where legally required; see below).
The technical exceptions are where we hold the data on an internet 'cloud' and where our internet service provider (ISP) performs a service to the Society such as hosting our website. We have ensured that both these organisations are also GDPR compliant and hold data securely and in accordance with the European GDPR regulations. These Internet companies will not contact you, send unsolicited emails, advertisements or other forms of communication as a result of our contract with them.
The Society would be required to share personal data if required to do so by law; for example, to HMRC for tax purposes or to the police for the prevention or detection of crime. Such circumstances would include for the prosecution of any offence committed. Also personal data may be shared if there are any legal disputes between the Society and any persons. We will share your data in other circumstances only if we have your explicit and informed consent.
The data controller of the Society is the Committee, and it decides how your personal data that you provide to the Society is processed and for what purposes. Contact details are below.
You have the right to ensure that we collect only relevant and permitted personal data, hold it securely, process it fairly, keep it accurate and up to date, and securely dispose of it when it expires or according to your wishes if sooner. Any information given verbally that is not relevant will not be recorded, and neither any information relevant or otherwise by third party without your consent.
On your personal data, unless subject to an exemption under the GDPR, you have the following right to:
• request that we provide you with a copy of the personal data that we actually hold about you, and communicate that data directly to another data controller;
• request that we correct any data if it is found to be inaccurate or out of date;
• request that your data is erased when you so wish it;
• withdraw your consent to the processing at any time;
• request that a restriction is placed on further processing where there is a dispute;
• lodge a complaint with the Information Commissioner's Office.
Data Subject Request -
To make a request to see what data we hold, what processing the Society does with your personal data or to have your data erased, you should contact the Society. In the first instance please contact the Society's Secretary at the address provided on the ContactUs page of the website. You can make that request by emailing the Secretary or writing to us at the address on our membership form. The Society will have 28 days to respond to your request. There is no fee attached to making this request.
Data Breaches and Complaints
If you believe there has been a data breach with your personal data, you should immediately contact the Society by any means as outlined above. The data breach will be investigated and findings reported back to you.
Further information regarding GDPR and making a complaint to a higher authority can be found at the Information Commissioners Office at www.ico.org.uk
Should you require any further details please do not hesitate to contact the Society.