Swiss Railways Society (CLBG) – Data Protection Policy – v1.0

  1. PURPOSE

To define the Swiss Railways Society (SRS) Company Limited by Guarantee (CLBG) approach to data protection in general and, specifically, the General Data Protection Regulation (GDPR).

  1. LEGAL DISCLAIMER

The information and advice contained herein is based on the General Data Protection Regulation (GDPR) 2018 and is correct to the best of our knowledge.  The UK Government has implemented this regulation into law as the Data Protection Act 2018.  The Information Commissioner (ICO) is still working through its guidance although 99% is covered for organisations such as the SRS.

  1. APPLICABILITY

All Directors, Members and Branches.

  1. POLICY

The Swiss Railways Society (CLBG) will comply with the requirements of the General Data Protection Regulation 2018.

  1. Type of data collected

The SRS will collect the following data for each member:

  • Name of member;
  • Postal address (requirement for distribution of Swiss Express);
  • E-mail address and telephone number if provided.

The SRS will collect the following data for each sales transaction:

  • Name of purchaser (and recipient if different);
  • Postal address of purchaser (and delivery address if different);
  • E-mail address and contact telephone number.

The SRS will collect the following data for each Supplier, exhibitor or trade exhibitor:

  • Name of contact;
  • Postal address;
  • E-mail address and contact telephone number.
  1. Storage of data

The following data is held on Computer:

  • Name of member, supplier, exhibitor or purchaser;
  • Postal and e-mail address and telephone number.
  1. Use of data

The SRS uses the collected data to administer the organisation and provide services to the members.

  • In addition, the e-mail addresses of the member are used to circulate notices of SRS organised events.
  • Notices of events organised by SRS Branches are distributed to the member’s e-mail address.
  • The SRS’s primary method of contact is by post.

Additionally, the SRS will collect data to support sales transactions, purchasing from suppliers and organising private and trade exhibitors at exhibitions.

  1. Sharing data outside of the SRS

The SRS does not share data outside of the SRS excepting as required for the printing and distribution of Swiss Express.  In this case an edited list is sent, consisting only of a member’s name address and membership number.

  1. Sharing data within the SRS

No membership list will be available outside the SRS Board.  The following Board members, Membership Director, Company Secretary, Sales Director and the Treasurer may have copies of the membership list but other Board members will not usually receive copies.  All Directors are required to destroy any membership lists in their possession (physically or electronically) when standing down from the Board.

  1. Deletion of Data

A member may cease to belong to the SRS either

(a)  through non-renewal of their membership, or

(b)  when a member resigns by giving notice to the Membership Secretary, or their membership is terminated under the provisions of Clause 16.1 of the Articles of Association.

The SRS will use best endeavours to ensure data is removed from all e-mail lists, and all other live personal data records held by the SRS within 3 months of one year after their resignation, ending or termination of their paid membership, whichever is the latest, excepting as may be required for tax / legal purposes.  (The period of ‘one year’ is because a member’s legal liability as a member of the CLBG remains for one year after their membership ceases.)

Sales transaction information will be deleted following completion of the transaction (e.g., item delivered and payment received) excepting as may be required for financial reporting purposes.

Supplier and trade exhibitor information will be kept for as long as tax and accounting rules require or while repeat business is expected.

Non-member Exhibitor information will be deleted within 3 months of two years after last contact.

  1. Payment Card Information

The SRS will not collect Payment Card Information.  Instead, this will be processed by third-parties (e.g., PayPal on the SRS website) on our behalf.  Members will be discouraged form sending such information to the SRS, being directed to the SRS website.

  1. Member’s choice of use of Data

Every member has the right to instruct the SRS on how their personal data is used.  On joining, each member will be asked for their information and be able to note which ways they may be contacted.  The form will also explain how the data will be used.

This form is also available on the Members Area of the SRS website and they may change the permission at any time.

Additionally, a member may write to the Company Secretary or Membership Secretary to have their permissions changed.

  1. Ensuring Data Accuracy

It is the responsibility of the member to ensure that they advise the Membership Secretary promptly of any changes to the data held by the SRS.

The SRS will, as part of the membership renewal process, undertake a full check of postal and e-mail addresses and telephone numbers of all members against the completed Renewal Form.

  1. Secure Data Storage

Hard copy and electronic data must be stored securely.  Given the sensitivity of data stored by the SRS, standard home security should be sufficient for physical information and electronic storage mediums (e.g., external drives) including PCs.

This data must not be stored in a website (SRS or otherwise).

If Cloud storage solutions are used they must be configured securely to prevent unauthorised access (this may not be the default security setting).

  1. Data Protection Officer

The SRS does not have a Data Protection Officer.

However, the Company Secretary is the officer who holds the responsibility for ensuring that this policy is complied with.  The e-mail address is Secretary@swissrailsoc.org.uk.

The membership records are maintained by the Membership Secretary and in the first instance he should be contacted at membership@swissrailsoc.org.uk

 

  1. PUBLICATION INFORMATION

This policy was approved by the Board on 21 July 2018

Issue Date              22 July 2018

Reviewed               20 July 2019

Next Review            July 2022

Author                    Neil Wheelwright