Data Protection Policy to comply with General Data Protection Regulations and UK law
Last reviewed: January 2024
1. The Petworth Society (the Society) finds it necessary to keep certain personal
information regarding its Members. The information is required for the Society to
operate efficiently. Under the General Data Protection Regulations (GDPR) and UK
law, the Society is the ‘data controller’ of that personal information.
2. This document sets out the Society’s policy on Data Protection.
3. Any questions regarding the Data Protection Policy should be addressed to the
Treasurer, The Petworth Society, Coppards, Middle Street, Petworth, GU28 0BE.
4. The personal information is required by the Society to function and will not be used
for any other purpose. No personal information designated as ‘Sensitive’ will be held.
5. Attached to this policy is the Society’s Privacy Notice which will be issued to the
individuals whose data is held on request. The Privacy Notice details the Society’s
approach to Data Protection.
6. The Privacy Notice sets out the following:
i. The ‘lawful reason’ for processing the personal information.
ii. The information the Society holds and how it is obtained.
iii. How the personal information will be kept up to date.
iv. How the information will be used.
v. How long the information will be held for.
vi. Who the individual should contact if there is an issue.
vii. Consent requirements.
7. Because of the type of personal information held by the Society, the very limited
amount of processing and the voluntary nature of the organisation, it is considered
that ‘implied consent’ is sufficient to comply with GDPR and UK law.
8. Except for HMRC, where applicable, no personal information will be passed to a third
party, without the specific agreement of the individual or a court order.
9. The Membership Secretary is responsible for the security of the personal information
held by the Society.
10. Any computer on which the Society holds personal information will be password
protected. Any hard copy information will be kept in a secure environment.
11. The information held by the Society will be the minimum necessary for the required
12. Personal information which is no longer required will be disposed of in a secure
13. Individuals are entitled to be told what information the Society hold about them on
request and to be given a copy of the information
14. Where there is a breach of security leading to the destruction, loss, alteration,
unauthorised disclosure of, or access to the personal data. The Society will consider
as soon as possible, and within 72 hours, what action it needs to take. In the unlikely
event that the breach might have a significant detrimental effect on the individuals,
the Information Commissioners Office (ICO) will be informed together with the
15. The Society will review this Data Protection Policy, and the necessity to hold the
personal information, every two years.