This policy explains how this data is collected, stored and used to meet BAS’s data protection standards and comply with the General Data Protection Regulations (GDPR). To operate, the Bedford Astronomical Society needs to gather, store and use individual membership details as supplied via the annual Membership Form that requests name, address, telephone number(s) and e-mail address. This data is needed to record membership, process subscriptions and communicate.
This policy ensures that BAS:
This applies to all data that BAS holds relating to individual members and those handling it on behalf of BAS and includes (but not limited to):
The Data Controller is the BAS Publications Editor and any questions relating to the collection or use of data should be directed to The Newsletter Editor via our Contact Page.
The BAS Membership Secretary and Treasurer also have secure access to members data for their administrative duties.
BAS fairly and lawfully processes personal data in a transparent way and only collect data where necessary for the legitimate purposes of those who need it and have a responsibility to ensure that they adhere to this policy and will ensure all Data Processors are compliant with GDPR.
This data is held securely via a paid-for professional subscription service (Membermojo) and only used to record membership, administer subscriptions and to communicate. It will not be passed on to any other party without asking for your specific permission to do so.
We ensure data is accurate and up-to-date. BAS will ask existing members annually to reapply for membership that commences on 1st September. However, any individual can update their data or have it deleted at any point by logging into their own account on Membermojo, or contacting the Data Controller. The data held of an individual who does not reapply for membership two months after the start of the annual season will be deleted from the BAS records.
BAS will ensure that data held is kept secure:
When BAS collects, holds and uses an individual’s personal data, that individual has the following rights over that data. BAS will ensure its data processes comply with these rights and will make all reasonable efforts to fulfil requests from an individual in relation to these rights.
Right to rectification:
individuals can request that their data be updated where it is inaccurate or incomplete, either by logging into MemberMojo, or via the Data Controller.
Right to erasure: individuals can request for all or part of their data held on them to be deleted. BAS’s data retention policy will ensure data is not held for longer than is reasonably necessary in relation to the purpose it was originally collected. If a request for deletion is made we will comply with the request unless there is a lawful reason to keep and use the data for legitimate interests or administrative obligations.
Though unlikely to apply to the data processed by BAS, we will also ensure that rights related to decision making (including profiling) are complied with where appropriate.
We only share individuals’ data with the subject’s prior consent
Data collected will only ever be used in the way described and consented to and will not be passed on to a third party unless this has been explicitly consented to.
Regular Data Review
As our membership records are now kept on a secure website, with automated processes for manging expired memberships, a specific physical review of data held is no longer performed. However, the type of data we request is reviewed as part of the AGM, wherein any changes to the data collection processes are then made.
Physical data will be destroyed safely and securely, including shredding.
Data held on the website is automatically archived and deleted, but can be manually deleted if required.
Cookies are used to track your visit to a particular website, and the pages/features that you use while you are on that site. Cookies are small files, placed into special folders on your computer to help us monitor the performance of the website.
There are currently no cookies in use by BAS, other than automatic system-generated ones for tracking authorised logins to the site.