The Bedford Astronomical Society’s Data Protection and Retention Policy Statement
This policy explains how this data is collected, stored and used to meet BAS’s data protection standards and comply with the General Data Protection Regulations (GDPR). To operate, the Bedford Astronomical Society needs to gather, store and use individual membership details as supplied via the annual Membership Form that requests name, address, telephone number(s) and e-mail address. This data is needed to record membership, process subscriptions and communicate.
Why is this policy important?
This policy ensures that BAS:
- Protects the rights of members
- Complies with data protection law and follows good practice
- Protects the group from the risks of a data breach
Who and what does this policy apply to?
This applies to all data that BAS holds relating to individual members and those handling it on behalf of BAS and includes:
- Email addresses
- Postal addresses
- Phone numbers
Roles and responsibilities
The Data Controller is the BAS Publications Editor and any questions relating to the collection or use of data should be directed to The Newsletter Editor via our Contact Page. The BAS Membership Secretary and Treasurer also have secure access to members data for their administrative duties.
BAS fairly and lawfully process personal data in a transparent way and only collect data where necessary for the legitimate purposes of those who need it and have a responsibility to ensure that they adhere to this policy and will ensure all Data Processors are compliant with GDPR.
This data is held securely, password protected and only used to record membership, administer subscriptions and to communicate. It will not be passed on to any other party without asking for your specific permission to do so.
We ensure data is accurate and up-to-date
BAS will ask existing members annually to reapply for membership that commences on 1st September. However, any individual can update their data or have it deleted at any point by contacting the Data Controller. The data held of an individual who does not reapply for membership two months after the start of the annual season will be deleted from the BAS records.
We will keep personal data secure
BAS will ensure that data held is kept secure:
- Electronically held data will be held within a password-protected and secure environment.
- Passwords for electronic data files will be re-set each time as individuals with data access leaves their role/position.
- Physically-held data will be stored securely;(/li>
- Access to data will only be given where this is clearly necessary
When BAS collects, holds and uses an individual’s personal data, that individual has the following rights over that data. BAS will ensure its data processes comply with these rights and will make all reasonable efforts to fulfil requests from an individual in relation to these rights.
- Right to rectification: individuals can request that their data be updated where it is inaccurate or incomplete.
- Right to erasure: individuals can request for all or part of their data held on them to be deleted. BAS’s data retention policy will ensure data is not held for longer than is reasonably necessary in relation to the purpose it was originally collected. If a request for deletion is made we will comply with the request unless there is a lawful reason to keep and use the data for legitimate interests or administrative obligations.
Though unlikely to apply to the data processed by BAS, we will also ensure that rights related to decision making (including profiling) are complied with where appropriate.
We only share individuals’ data with the subject’s prior consent.
Data collected will only ever be used in the way described and consented to and will not be passed on to a third party unless this has been explicitly consented to.
Data retention policy
Regular Data Review
A regular review of all data will take place to establish if BAS still has good reason to keep and use the data held at the time of the review. Generally a data review will be held every two years on digital documents (e.g. spreadsheets)
How data will be deleted?
- Physical data will be destroyed safely and securely, including shredding.
- All reasonable and practical efforts will be made to remove data stored digitally