Mossley Heritage

Mossley Civic Society Data Protection and Privacy Policy

1. Introduction

In May 2018 the General Data Protection Regulation (GDPR) comes into effect. It requires all organisations that hold personal data to be transparent about the data they have, why they have it and how it is used.
Mossley Civic Society has created this policy to help ensure that the Society is compliant with the legislation.

2. Definitions

“The Society”, “we”, “us” and “our” refer to Mossley Civic Society. “Data” refers to information held by the Society identifying or relating to individuals.
For the purposes of the General Data Protection Regulation Mossley Civic Society is both the Controller and the Processor of the data.

3. Data

The data Mossley Civic Society holds on its members is the information that members provided when they joined the Society or through subsequent updates.
 This consists of name, address and, in some cases, telephone number and email address. We do not hold any kind of sensitive personal information, such as medical details.

We also hold contact details for a number of Heritage Centre volunteers who are not members of Mossley Civic Society.

4. What the data is used for

We use the details we hold about members to contact them about their membership and to send them information about the Civic Society and events. We sometimes need to contact volunteers about their turns at the Heritage Centre.
 We will seek to ensure that our use of individuals’ data does not conflict with their rights and freedoms or legitimate interests.

We do not share members’ details or pass them on to anyone else.

5. Lawful Basis

The Society has determined that the Lawful Basis for holding and using the data is that it has Legitimate Interests in doing so, for the following reasons:


  • When individuals provided their details to Mossley Civic Society they had a reasonable expectation that those details would be used to keep them informed and to contact them about their membership or about volunteering at the Heritage Centre.
  • It is necessary for the administration and fulfilment of people’s membership or for the running of the Heritage Centre.

  • It would not be possible for the Society to keep members informed or to administrate their membership or to maintain a volunteer rota for the Heritage Centre without holding and using this data.
  • Using the data is not intrusive and does not have an adverse impact on the individuals.
  • We have evaluated the balance between the Society’s interests and those of the individuals whose data is processed and concluded that the Society’s Legitimate Interests are not overridden by the rights and freedoms of those individuals.

6. Accuracy

The information we hold is that which individuals have supplied to Mossley Civic Society. Individuals have a right to see the information we hold on them, for example if they wish to check it for accuracy. Individuals may contact us if they wish to see this information or to update the information previously supplied.

7. Data storage

Individuals’ information is securely stored on computer with restricted access. Original paper application forms may also be kept on file.
 Information is kept as long as it is required. When someone is no longer a member or volunteer their data is deleted after an appropriate period.

8. Right of removal

Individuals have a right to ask us to remove the data we have for them. If they do this we will no longer be able to communicate with them.

9. Website and email

  • Our website may use cookies to collect information about visitors for the purpose of analysis and statistics. This information cannot identify who individual visitors are. No personal information is collected.

  • If someone sends the Society an email their email address will be used for sending a reply but will not be used for any other purpose. We do not pass on email addresses to anyone else.
  • When sending a group email within the Society (e.g. to committee members or to other groups of members) the email should be addressed to one recipient (possibly the sender’s own email address). All other recipients should then be added via the BCC option (‘blind carbon copy’). Individuals’ email addresses should not be made publicly known without the agreement of those individuals.

Last updated 01/05/18