BAHS Data Protection & Security
The Data Protection Act 1988 is designed to protect personal data stored on
computers or in an organised paper filing system. The Blakeney Area Historical Society (BAHS) is
categorised as a not-for-profit organisation under the Data Protection Act (with
the DPA being superseded by the EU's General Data Protection Regulation (GDPR)
in May 2018). Further information on the Data Protection Act and the the GDPR
may be found by clicking
here (GDPR) or clicking
here (ICO DPA).
society only processes personal data for recreational reasons only, it is exempt from registration. This was determined by completing the ICO's online
Registration Self-Assessment questionnaire.
However the society tries to ensure it complies with the goals of the Data
Protection Act and the GDPR so we try and comply with the following:
who processes personal information must comply with eight principles of the
which make sure that personal information is:
- fairly and lawfully processed;
- processed for limited purposes;
- adequate, relevant and not excessive;
- accurate and up to date;
- not kept for longer than is necessary;
- processed in line with your rights;
- secure; and
- not transferred to other countries without adequate protection.
The society is also obligated to carry out a few simple procedures
- Tell people what you are doing with their data
- Make sure staff are adequately trained
- Use strong passwords
- Encrypt all portable devices
- Only keep people’s information for as long as necessary
In line with these principles and procedures the following notes
describe the policies and practices adopted by the BAHSand how they may affect our members and visitors (individuals
who have signed up to our information service).
Opt In/Opt Out?
The GDPR refers to something called 'legitimate interest' and this
is the basis on which the data we hold on members and visitors is held.
Without this data it would not be possible to run the BAHS as
a historical society.
When we contact past and present members and/or visitors
we do so as they have shown a legitimate interest in the BAHS.
Past and present members may opt out of email contact at
any time. Past members and visitors may also request for
their details to
be removed from the BAHS system.
The data held by the BAHS is used by
committee members to:
- Run the BAHS
- Communicate with members
by email, post and at meetings
- Administer the Members' Area
The society does not provide this data to other
organisations or third parties.
The data is held in a secure area of our website
only accessible by members of the BAHS committee. To assist in the running of the society
the committee may download data from the website and print
it out. This does not (in fact
cannot) include passwords used by members.
The data held by the society may be used by the BAHS committee to assess
trends and guide decision making. Committee
members are responsible for the safe keeping of data they download.
Examples of data downloaded and printed by committee members
are address labels, membership
and subscription lists.
The data held by the society covers:
- Member's name and possibly their partners name
- Correspondence address and possibly a second
addresses are used for the delivery of items
such as newsletters and the Glaven Historian.
- Phone numbers to allow
the committee to contact members in case of an issue
- Email addresses
are used to contact members regarding events
and other matters the committee think may be of interest.
The committee tries to minimise the number
emails sent to members to no more than one or two a week.
Notification emails to individual members will be generated
when a member uses the members' area (see below)
- Individual preferences covering, for example, how you receive items
like the AGM papers
- Subscription information including membership
category, payment details, payment method and date payment recorded
- Bank details are recorded to allow auditing and tracking of
payments however this information is present on all cheques
- Details on meeting attendance are recorded including the
names of attendees
Data NOT Held
Please note the society doesn't hold data such as
credit card details.
Through the secure Members' Area it is possible
for members (with an email address) to login to check their
subscription history. They may also check the personal data
held by the
society and update it as required.
Members are advised to use a unique password for access to the BAHS website. However we understand this isn't the easiest thing
to do. However members are advised that to reduce risk they
should not use on the BAHS website a password that
is used elsewhere on sensitive or secure websites such as banking
financial, or cloud file management websites which if hacked could cause
a financial loss or loss of important data.
When members use the Members' Area notification emails (covering actions
such as login, logout or updating personal details)
are provided to the login email address. If a member receives
such an email and they hadn't used the Members' area they should
email the webmaster as
it implies a possible security issue. If you do not receive
these emails when using the Members' area
please check that they are not going into a junk or spam folder.
Whilst it isn't
recommended by the society it is possible to
disable the receipt of notification
Access to membership data held on the website is accessible only through
logging in using strong passwords that are stored using one-way encryption
techniques using a 256-bit hash known as SHA256. Click
here for information held on Wikipedia about this technique.
Changes to membership data
held on the website are recorded in an audit trail accessible
by the webmaster.
If you have questions or concerns about how the society uses the data
it holds on you please email the webmaster who
has been nominated by the the BAHS Committee as the Data Protection