Data Protection Policy

View as PDF

1. Overview

1.1 Orpington Astronomical Society (hereafter referred to as the ‘OAS’) is a registered charity with the sole objective of promoting an interest in the science of astronomy. Its area of operation is centred on Orpington, but extends to Bromley, Sevenoaks and their environs. The total membership of the Society is less than 100 people.

1.2 In order to effectively carry out this objective the OAS is obliged to hold some personal data of its members. It also operates a Website for the purpose of disseminating Society information and which includes a forum for the discussion of items of astronomical interest.

1.3 The membership data thus held is solely used for the purposes of running the OAS and making its membership aware of society activities and news. The data is kept with the approval of the individual members and the amount held is kept to the absolute minimum necessary for the Society to function.

1.4 The OAS Membership form shown in Annex A details the personal data collected along with the individual member’s consent for the OAS to hold and use their personal data in order to carry out its activities according to this policy.

1.5 It is the policy of the OAS that upon joining the Society only the following information is collected and held:

  • Full name;
  • Home address;
  • Email address;
  • Home and mobile telephone numbers;
  • Date of birth if under 18 years old;
  • The date the Society was joined.

Note: having joined the OAS a member can subsequently request to have an account created in order to obtain full access to the ‘Forum’ on the OAS Website, see Sections 4.1 and 4.3.

1.6 The OAS does NOT collect NOR hold any personal financial data.

1.7 The membership data is only held by elected members of the OAS Committee, Sections 2.4 and 2.5 refer.

1.8 Member’s data will NEVER be passed to any third party organisation without the individual’s prior explicit consent. Note: the only envisaged scenario where this might occur is in the event of the OAS Website service provider being changed.

1.9 The responsibility for implementation of this policy lies with the Chair of the OAS who has the role of ‘Data Controller’ as required by General Data Protection Regulations, but in practical terms maintenance of current personal data lies with the Treasurer (who also performs the role of OAS Membership Secretary) and the Website Manager in respect of the OAS Website.

2. Personal Data Management

2.1 OAS membership data is held in an encrypted, password protected data file (hereafter in this document referred to as the ‘Membership Spreadsheet’).

2.2 The Membership Spreadsheet shall be kept up to date by the OAS Treasurer.

2.3 The Membership Spreadsheet shall only be held on computers that have up to date operating systems and antivirus protection.

2.4 The only OAS Committee members permitted to hold a copy of this spreadsheet are:
– The Chairman;
– The Vice Chair;
– The Website Manager.

2.5 In exceptional circumstances other members of the OAS that have been co-opted on to the Committee or have become an Associate Committee Member for a specific reason, may be permitted to hold the Membership Spreadsheet for a limited period.

2.6 For OAS officers who need to communicate with the membership by email, such as the editor of TOAST (the OAS quarterly magazine), a confidential email group is available to protect the privacy of individual members called the ‘Toast-list’.

3. Data Retention and Members’ Rights

3.1 Members’ data shall only be held for as long as they are a paid up member of the OAS, thereafter it will be deleted.

3.2 OAS committee members holding a copy of the Membership Spreadsheet shall permanently delete their copy if they change or end their OAS Committee role.

3.3 Any member has the right to view the data held by the OAS and have it corrected or deleted at any time, the request shall be in writing via the Chair of the Society (Section 1.9 refers). However deletion of data will result in termination of membership.

4. Website Operation

4.1 General Operation

4.1.1 The OAS Website is available to anyone, however some parts of the Forum can only be accessed by OAS members and who have had an account set up by the OAS Website Manager.

4.1.2 Anyone with an account logging into the site will have a temporary cookie set up to determine if the browser accepts cookies, this cookie contains no personal data and is deleted on closing the browser.

4.1.3 Upon logging in several cookies will also be set up to save login information and screen display choices. Login cookies last for two days, and screen options cookies last for a year. If “Remember Me” is chosen, the login will persist for two weeks. Upon logging out of the account, the login cookies will be removed.

4.1.4 Upon editing or publishing an article, an additional cookie will also be saved in the browser. This cookie includes no personal data and simply indicates the post ID of the article just edited. It expires after 1 day.

4.2 Embedded Content From Other Websites

4.2.1 The OAS Website includes embedded content e.g. a Twitter feed, videos, images, etc.; such content will behave in the exact same way as if the visitor has visited the other website, and hence may collect data, use cookies, embed additional third-party tracking, and monitor interaction with that embedded content, as if logged in to that website.

4.3 User Accounts and Data Retention

4.3.1 Forum users can set up a profile which can contain personal information they choose to include and which is then visible to any logged in user. Individuals can edit, or delete their personal information at any time (except they cannot change their username). Similarly the OAS Website Manager can also see and edit the profile information.

5. Action to be Taken in the Event of a Possible Data Breach

5.1 With reference to Information Commissioner’s Office (ICO) Website the risk to individual members associated with a breach of OAS data is assessed as at worst being ‘neutral’, or more probably ‘unlikely’. Nethertheless on becoming aware of a possible data breach, the OAS Chair shall within 72 hours contact the ICO by telephone to discuss the breach to decide what if any action needs to be taken.

5.2 OAS Chair shall inform in writing any member that may be affected that there has been a breach and what personal data may have been accessed.

Annex A

Orpington Astronomical Society Membership Form