" Data Protection and Security for The Blakeney Area Historical Society(BAHS)
The Blakeney Area Historical Society (BAHS) in North Norfolk

The Blakeney Area Historical Society

Covering The Blakeney Haven (Blakeney, Cley, Morston,Salthouse, Wiveton) & Adjacent Hinterland   Contact Us

Members' Area
Events / Lectures
Current Newsletter
Glaven Historian
History Centre
Guest Book
BAHS Constitution
Books & Publications
Contact Us
Information Emails


Links on this website are displayed using the colour Indigo


If your contact details or email address change please login to the members' area and update them otherwise please inform the membership secretary.

Website Issues

If you have a problem with the website please check if this is a known issue by clicking here.


BAHS Data Protection & Security

The Data Protection Act 1988 is designed to protect personal data stored on computers or in an organised paper filing system. The Blakeney Area Historical Society (BAHS) is categorised as a not-for-profit organisation under the Data Protection Act (with the DPA being superseded by the EU's General Data Protection Regulation (GDPR) in May 2018). Further information on the Data Protection Act and the the GDPR may be found by clicking here (GDPR) or clicking here (ICO DPA).

As the society only processes personal data for recreational reasons only, it is exempt from registration. This was determined by completing the ICO's online Registration Self-Assessment questionnaire.

However the society tries to ensure it complies with the goals of the Data Protection Act and the GDPR so we try and comply with the following:

Anyone who processes personal information must comply with eight principles of the Data Protection Act, which make sure that personal information is:

  • fairly and lawfully processed;
  • processed for limited purposes;
  • adequate, relevant and not excessive;
  • accurate and up to date;
  • not kept for longer than is necessary;
  • processed in line with your rights;
  • secure; and
  • not transferred to other countries without adequate protection.

The society is also obligated to carry out a few simple procedures as described below.

  • Tell people what you are doing with their data
  • Make sure staff are adequately trained
  • Use strong passwords
  • Encrypt all portable devices
  • Only keep people’s information for as long as necessary

In line with these principles and procedures the following notes describe the policies and practices adopted by the BAHSand how they may affect our members and visitors (individuals who have signed up to our information service).

Opt In/Opt Out?

The GDPR refers to something called 'legitimate interest' and this is the basis on which the data we hold on members and visitors is held. Without this data it would not be possible to run the BAHS as a historical society.

When we contact past and present members and/or visitors we do so as they have shown a legitimate interest in the BAHS.

Past and present members may opt out of email contact at any time. Past members and visitors may also request for their details to be removed from the BAHS system.

Data Held

The data held by the BAHS is used by committee members to:

  • Run the BAHS
  • Communicate with members by email, post and at meetings
  • Administer the Members' Area

The society does not provide this data to other organisations or third parties.

The data is held in a secure area of our website only accessible by members of the BAHS committee. To assist in the running of the society the committee may download data from the website and print it out. This does not (in fact cannot) include passwords used by members. The data held by the society may be used by the BAHS committee to assess trends and guide decision making. Committee members are responsible for the safe keeping of data they download.

Examples of data downloaded and printed by committee members are address labels, membership and subscription lists.

The data held by the society covers:

  • Member's name and possibly their partners name
  • Correspondence address and possibly a second address. Correspondence addresses are used for the delivery of items such as newsletters and the Glaven Historian.
  • Phone numbers to allow the committee to contact members in case of an issue
  • Email addresses are used to contact members regarding events and other matters the committee think may be of interest. The committee tries to minimise the number emails sent to members to no more than one or two a week. Notification emails to individual members will be generated when a member uses the members' area (see below)
  • Individual preferences covering, for example, how you receive items like the AGM papers
  • Subscription information including membership category, payment details, payment method and date payment recorded
  • Bank details are recorded to allow auditing and tracking of payments however this information is present on all cheques
  • Details on meeting attendance are recorded including the names of attendees

Data NOT Held

Please note the society doesn't hold data such as credit card details.

Members' Area

Through the secure Members' Area it is possible for members (with an email address) to login to check their subscription history. They may also check the personal data held by the society and update it as required.


Members are advised to use a unique password for access to the BAHS website. However we understand this isn't the easiest thing to do. However members are advised that to reduce risk they should not use on the BAHS website a password that is used elsewhere on sensitive or secure websites such as banking financial, or cloud file management websites which if hacked could cause a financial loss or loss of important data.


When members use the Members' Area notification emails (covering actions such as login, logout or updating personal details) are provided to the login email address. If a member receives such an email and they hadn't used the Members' area they should email the webmaster as it implies a possible security issue. If you do not receive these emails when using the Members' area please check that they are not going into a junk or spam folder. Whilst it isn't recommended by the society it is possible to disable the receipt of notification emails.

Access to membership data held on the website is accessible only through logging in using strong passwords that are stored using one-way encryption techniques using a 256-bit hash known as SHA256. Click here for information held on Wikipedia about this technique.

Changes to membership data held on the website are recorded in an audit trail accessible by the webmaster.

Further Information

If you have questions or concerns about how the society uses the data it holds on you please email the webmaster who has been nominated by the the BAHS Committee as the Data Protection Officer.