The Holst Birthplace Trust is a registered charity (No. 1078599) with around 250 subscribing Members (Friends of Holst Victorian House). Its purpose is to manage the Holst Victorian House and, through its Membership scheme and other fundraising, collect funds in support of its Museum in Cheltenham, in the process offering a regular series of cultural events for members.
Personal data is used to maintain a Membership and Volunteers list, to record payments including Gift Aid, and to keep members informed about events. It is only available to other Trustees within defined parameters.
This policy statement describes the way the Trust manages the personal information it holds on its members. We will regularly review this policy and may make changes from time to time. Questions about this policy should be directed to email@example.com.
What data do we hold?
- First and last names, postal address, phone number(s), email, payment methods (but not bank account details), subscription payments and donations; names and contact details for event payments and annual Gift Aid claims.
- A separate list of Members’ email addresses for mailing through the online Mailchimp mailing tool.
- Email address, and sometimes names, of non-members who sign up via our website to receive information about the Museum and our events. These mailing-only non-members are integrated into the Mailchimp tool by explicit consent.
How do we obtain this data?
- Details are provided by new Members on their application form, either online or in hard copy.
- Members provide updates to their data as and when: a new email address, changed address details, and so on.
How is the data stored?
- Membership records are stored online in an Access database.
- For events name and contact details for participants are held online and offline by event managers.
- Hard copy Gift Aid authorisations are held by the Treasurer.
- Hard copy Membership forms are held by the Membership Secretary until data has been transferred to our database and then shredded.
- A list of members’ names and emails is stored online on the Mailchimp server and managed by a designated member of Staff; access is by discrete login and password.
- A list of email consents is held offline integrated into the Membership database accessible by a designated member of Staff and the Membership Coordinator.
How is the data used?
- To maintain a list of Members and their subscription payment status and contact choices
- To generate annual Gift Aid returns.
- To produce mailing lists (name/address labels) so as to keep members informed about the charity’s activities, including forthcoming events and the Annual General Meeting.
- To manage the process of organising events: names contact details and membership status
- To provide contact details in response to ad hoc requests from Trustees.
- To provide updates by email on our events in addition to the bi-annual Journal mailings (by post and/or by website link sent by email).
Who has access to the data?
- Primarily the Membership Coordinator for managing Membership subscriptions and renewals, and providing Gift Aid returns to the Treasurer.
- He or she also provides:
- name/address labels for postal mailings
- Membership lists and contact details to events organisers
- contact details in response to ad hoc requests from other Trustees.
- A designated member of Staff maintains the Mailchimp emails list.
- Data is not passed on or sold to any Third Party or used in any way to target fundraising for the charity.
- Any member or website signee may, by Subject Access request, see all data held on them personally by the Trust.
What is the legal basis for using this data under GDPR?
- Personal data about existing Members is used on the basis of Legitimate Interest, and in compliance with the Trust’s legal and regulatory obligations: as part of the process in running the charity and serving its members.
- Consent to use the data in this Legitimate Interest way is implicit in its provision.
- From the inception of GDPR new Members and new website signees give their explicit opt-in consent.
What is the retention policy?
- Personal data is retained for as long as Members renew their Membership.
- Cancelled memberships are held in a separate Lapsed Members database and deleted after one year, or once Gift Aid claims have been processed (Gift Aid claims being held on a rolling 6-year basis).
- Personal details used in managing events are deleted after each event ends.
- Every email sent using the Mailchimp tool has the option for members to unsubscribe from future mailings.
What are your rights in relation to your personal data?
- A Member may ask at any time to see a copy of the information that the Trust holds on them, how it was obtained and how it is being used.
- A Member may at any time request that their personal data be amended or deleted from the database, or transferred to a third party.
- A Member may request that their email be removed from the Mailchimp list, by clicking on the unsubscribe link at the foot of an email. Their database record will be amended to show that they have withdrawn their consent. If a Member is unhappy about the use of their data, or has any other question they should contact the Trust via firstname.lastname@example.org.
- A Member has the right to complain to the Information Commissioner’s Office
Who is responsible for controlling this data?
- The Chair of Trustees is responsible for setting this Policy, in consultation with other Trustees, and for ensuring that it is observed (Data Protection Controller)
- A designated member of Staff and Volunteer Membership Coordinator have day to day management and control of this data (Data Protection Processor).
Holst Birthplace Museum, 4 Clarence Road, Cheltenham GL52 2AY