This Privacy Policy explains how we collect, store and use the personal information you give to us. If you have any questions concerning your personal data and how we look after it or if you would like to update how you would like to hear from us, then please contact us (click here).

Norfolk and Norwich Naturalists’ Society Data Protection Policy

Thanks for reading this page – it is part of our compliance with the UK General Data Protection Regulation (GDPR) 2018

Personal Data held, how it is used, where it is stored, who accesses it and how, your consentamending your data, removing data no longer needed.

Introduction

This policy describes how members’ data is held and used by the Norfolk and Norwich Naturalists’ Society. The policy has been agreed by the Council of the Norfolk and Norwich Naturalists’ Society and forms part of the society’s compliance with the General Data Protection Regulation.

Personal Data Sources

When a member subscribes, renews their subscription or amends their contact information a record is added or amended in our data.
When a purchaser of our publications places an order, their contact information is only retained for accounting purposes and for no other, nor is it shared except for the purpose of sending that order.

Personal Data Held

In order to provide membership services, the Norfolk and Norwich Naturalists’ Society hold all or part of the following personal information:

  • Member’s ID – a numeric identifier to avoid confusion over similar names.
  • Member’s name
  • Postal delivery address
  • Member’s email address
  • Up to two phone numbers. (Optional but kept if provided)
  • Membership type (eg “Full”, “Non-member”, “Affiliated”)
  • Date of joining the Society, if known
  • Amount of subscription received
  • Amount of any donation to the Society
  • Free-form comments about the subscription (eg subscriber’s reference, payment method,…)
  • Date of most recent subscription payment.
  • Date next payment due (normally 1st April annually)
  • A list of publications to be sent.

How We Use Personal Data

The primary purpose of holding this data is for the Norfolk and Norwich Naturalists’ Society to fulfil its obligation to send members their subscribed publications to the address they supplied.
Occasionally, other communications regarding the Norfolk and Norwich Naturalists’ Society business may be sent either electronically or by post. In these cases the communication will only concern the proper functioning of the Norfolk and Norwich Naturalists’ Society. Examples might be: subscription change or reminder notices or notices of Norfolk and Norwich Naturalists’ Society events.
The Norfolk and Norwich Naturalists’ Society will not use its membership list to supply third parties with address lists or other information unless required to do so under UK law. Nor will the Norfolk and Norwich Naturalists’ Society use the data for fund-raising or direct marketing.

Storage of Personal Data

We store Membership data on an encrypted database on a personal computer with password protection and it may be copied to secure “Cloud” storage such as OneDrive. The computer has up to date anti-virus protection software.
We keep a separate secure mailing list on MailChimp, entries on which are held in a GDPR compliant manner. Access to that data is only available to Officers of the Society with whom access has been shared for the Society’s purposes and who have been informed of the latest password. Back up data will only be used to restore corrupted or lost primary data.
The database membership details are held for two years after membership has ceased, in order to validate accounts. Thereafter the record of every ex-member is deleted and a note added to a history archive recording only that fact.

Access to Personal Data

Only the nominated manager of the data “Data Manager” (currently the Membership Secretary) may access the data and only for official Norfolk and Norwich Naturalists’ Society business. If the Data Manager is indisposed the Chairman of the Norfolk and Norwich Naturalists’ Society may appoint another Committee Member to take on that role. If this happens it will be documented.

If you are a Member, you give consent for the Society to hold the information which you supplied to us, and which is necessary for us to serve you as a member and without which the Society does not consider you to be a Member.

Members may request in writing access to their own details for their own purposes. Proof of identity will be required before passing this information on as a “Subject Access Request” (SAR). (For example if a request is received the email address or postal address must match those we hold).

We will respond within the statutory limit of 40 days.

Changes to Personal Data

Members can request changes such as address changes in writing and must include proof of identity such as providing the old address or by sending from the email address we hold.

Deletion of Personal Data

If a member dies or resigns or when membership has lapsed the details of the member will be deleted after two years. This is to allow subscribers who have forgotten to renew to catch up, or to allow family members to continue membership.
If a valid request to delete a membership record is received, this will be done as soon as it is confirmed by the member.


Document Revison History

Revised November 2021
Revised April 2020
Rewritten April 2018 for GDPR 2018
Completely revised April 2015
Previous version on request only.