The Holst Birthplace Trust is a registered charity (No. 1078599) with around 250 subscribing members (Friends of the Holst). Its purpose is to manage the Holst Birthplace Museum and, through its membership scheme and other fundraising, collect funds in support of its Museum in Cheltenham, in the process offering a regular series of cultural events for members.
Personal data is used to maintain a membership and volunteers list, to record payments including Gift Aid, and to keep members informed about events. It is only available to other Trustees within defined parameters
This policy statement describes the way the Trust manages the personal information it holds on its members. We will regularly review this policy and may make changes from time to time. Questions about this policy should be directed to the Membership Secretary by emailing firstname.lastname@example.org.
What data do we hold?
- First and last names, postal address, phone number(s), email, payment methods (but not bank account details), subscription payments and donations; names and contact details for event payments and annual Gift Aid claims.
- A separate list of members’ email addresses for mailing through the online Mailchimp mailing tool.
- Email address, and sometimes names, of non-members who sign up via our website to receive information about the Museum and our events, e.g. e-bulletins and our newsletter. These mailing-only non-members are integrated into the Mailchimp tool by explicit consent.
How do we obtain this data?
- Details are provided by new members on their application form, either online through a downloadable form or using the Friends membership leaflet.
- Through bookings for an event.
- Members provide updates to their data as and when: a new email address, changed address details, and so on.
How is the data stored?
- Membership records are stored offline in an Access database on a password-protected computer used by the Membership Secretary. A stand-alone hard drive is used to back up the data.
- For Trust events name and contact details for participants are held online and offline by event managers.
- Hard copy Gift Aid authorisations are held by the Membership Secretary.
- Original paper membership forms are held by the Membership Secretary in secure storage. These confirm permission to contact members.
- A list of members’ names and emails is stored online on the Mailchimp server and managed by two Trustees; access is by discrete login and password.
- A list of email consents is held offline by the Membership Secretary.
How is the data used?
- To maintain a list of members and their subscription payment status and contact choices
- To generate annual Gift Aid returns.
- To produce mailing lists (name/address labels) so as to keep members informed about the charity’s activities, including forthcoming events and the Annual General Meeting.
- To manage the process of organising events: names contact details and membership status
- To provide contact details in response to ad hoc requests from Trustees.
- To provide updates by email on our events in addition to the quarterly newsletter mailings (by post and/or by website link sent by email).
Who has access to the data?
- Primarily the Membership Secretary for managing membership subscriptions and renewals, and providing Gift Aid returns to the Treasurer.
- He or she also provides:
- name/address labels for postal mailings
- membership lists and contact details to events organisers
- contact details in response to ad hoc requests from other Trustees.
- The Membership Secretary (as nominated data owner) maintains the Mailchimp emails list, with support from the editor of the newsletter (nominated as the Mailchimp administrator).
- Data is not passed on or sold to any Third Party or used in any way to target fundraising for the charity.
- Any member or website signee may, by Subject Access request, see all data held on them personally by the Trust.
What is the legal basis for using this data under GDPR?
- Personal data about existing members is used on the basis of Legitimate Interest, and in compliance with the Trust’s legal and regulatory obligations: as part of the process in running the charity and serving its members.
- Consent to use the data in this Legitimate Interest way is implicit in its provision.
- From the inception of GDPR new members and new website signees give their explicit opt-in consent.
What is the retention policy?
- Personal data is retained for as long as members renew their membership.
- Cancelled memberships are held in a separate Lapsed Members database and deleted after one year, or once Gift Aid claims have been processed (Gift Aid claims being held on a rolling 6-year basis).
- Personal details used in managing events are deleted after each event ends.
- Every email sent using the Mailchimp tool has the option for members to unsubscribe from future mailings.
What are your rights in relation to your personal data?
- A member may ask at any time to see a copy of the information that the Trust holds on them, how it was obtained and how it is being used.
- A member may at any time request that their personal data be amended or deleted from the database, or transferred to a third party.
- A member may request that their email be removed from the Mailchimp list, by clicking on the unsubscribe link at the foot of an email. Their database record will be amended to show that they have withdrawn their consent. If a member is unhappy about the use of their data, or has any other question they should contact the Membership Secretary in the first instance: see details below.
- A member has the right to complain to the Information Commissioner’s Office
Who is responsible for controlling this data?
- The Chairman of Trustees is responsible for setting this Policy, in consultation with other Trustees, and for ensuring that it is observed (Data Protection Controller)
- The Membership Secretary has day to day management and control of this data (Data Protection Processor).
Holst Birthplace Museum, 4 Clarence Road, Cheltenham GL52 2AY