1. What personal data does CHARGE collect and what is it used for?
CHARGE’s membership comprises its member organizations as listed on the website.
CHARGE retains the contact details of the CHARGE Committee representatives for each member organization and co-opted Committee members. CHARGE also retains the contact details of people who have asked to receive the CHARGE newsletter and other information. For each contact, CHARGE collects, stores and processes personal data comprising the contact’s name and email address. We use contacts’ data for administration, distributing information, and event organisation.
2. Where does this data come from?
Contacts’ personal data comes from the contacts themselves.
3. How is personal data stored?
Contacts’ personal data are currently stored in an online password-protected Google account that is constantly monitored for any signs of unusual activity.
4. Who has access to personal data?
Currently only the CHARGE Secretary and Chair have access to the contact database in order for them to carry out their legitimate tasks for CHARGE. Sub-contractors of CHARGE may in future be given access to data for specific tasks, such as sending out mailings or improving our IT systems, but not for any other purpose.
5. Who is responsible for ensuring compliance with the relevant laws and regulations?
Under the GDPR (General Data Protection Regulation) CHARGE does not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring CHARGE discharges its GDPR obligations is CHARGE’s acting Secretary for the time being, who can be contacted at firstname.lastname@example.org.
6. What is the legal basis for collecting this data?
CHARGE must be able to contact its Committee members for the purposes of inviting them to attend meetings of CHARGE. For this to be effective, we need to store and process contact data for contacts in organisations that are members. We do not require the consent of the individuals concerned for this activity. CHARGE also informs contacts about its activities and sends out information and the CHARGE newsletter to those who have requested it.
7. How you can check what data we have about you?
Contacts have a right to know what information we hold about them. If anyone wants to see the basic personal data we hold about them, they should contact CHARGE’s Secretary (see para 5 above). We are required to provide this within one month.
8. Does CHARGE collect any “special” data?
The GDPR refers to sensitive personal data as “special categories of personal data”. We do not collect any “special” data.
9. How can you ask for data to be removed, limited or corrected?
There are various ways in which you can limit how your data is used. The GDPR confers a “right to be forgotten”. Any CHARGE contact may ask for all their personal data to be deleted. We aim to comply with all such requests within one month. CHARGE committee members will not be able to carry out their functions if we do not have an email address for them. Contacts may specify that they do not wish to receive future emails for CHARGE. Any contact that has reason to believe that the information we hold about them is incorrect may ask for it to be corrected. All requests in relation to this paragraph should be directed to CHARGE’s Secretary (see para 5 above).
10. How long do we retain contact data?
Each committee member is responsible for keeping the contact data for the organization that they represent up to date. Should we become aware that a member organization’s contact details are out of date, we ask the organization’s main contact to update its records on our database.
11. What happens if a contact dies?
If we become aware that a contact has passed away, their personal data is deleted.
12. Can you download your data to use it elsewhere?
No, we store so little personal data for each contact that this would make no sense.