The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018) require organisations to have a legal basis to collect and hold Members’ personal data. As such the Edinburgh Geological Society (EGS), a legitimate membership organisation, holds and uses these data to enable the participation of Members in the activities of the Society.
What personal data does the EGS collect?
We only collect personal data given directly by an individual or by someone acting on their behalf. They may be Members or non-members of the Society. For convenience, we offer options for individuals to provide information via established, secure online providers such as PayPal. These data are stored online only for as long as they are needed and are then deleted.
Membership By applying to join, Members provide personal information including name, address, phone numbers, email address and data relating to their membership application.
Excursions and Events These are open to Members and non-members. The Excursion Bookings Secretary and the Long Excursion Organiser collect personal data such as name, postal and email addresses, phone numbers and emergency contacts. On excursions, participants sign an Excursion Register confirming their acceptance of the Code of Conduct and Safety Guidelines.
Publication Sales Book sales are open to Members and non-members. The Publications Sales Officer collects personal information such as name, postal address and email address.
Payments Standard bank statements displaying only Members and non-members names and payment amounts for the services above are accessed by the Treasurer. Any payments made by cheque are recorded on paying-in slips by Council Officers but no account details are retained.
What are these data used for?
They are used for the administration of memberships, communication of information, organisation of events and sale of publications. In other words, for Members and non-members to participate in the activities of a geological society.
How are these data stored?
The digital membership database is held securely online by WebCollect. Access to the data is password protected and only authorised office bearers have access, including the Honorary Secretary, the Membership Secretary, and the Excursions Booking Secretary. The Long Excursion Organiser keeps Long Excursion bookings securely offline, with appropriate back up.
Booking lists for each excursion are sent electronically to the relevant coordinator/leader to record attendance, payment and signature acceptance on the day of the event.
Purchase requests are retained securely offline, by the Publications Sales Officer.
Standard electronic banking statements, used by the Treasurer, are stored securely by the selected bank of the Society.
Who has access to your data within the Society?
Member and non-member personal data are only accessible internally to those Council Officers with primary roles within the Society, namely the Membership Secretary, the Publications Sales Officer, the Excursion Bookings Secretary, the Long Excursion Organiser and the Treasurer.
Data may be shared with those Council Officers with secondary roles in the Society such as the Gift Aid Authorised Official (for reclamation of Gift Aid from HMRC), the Honorary Secretary and the Excursions Secretary (for next-of-kin contact) to allow them to carry out their legitimate tasks.
In addition, ad hoc photographs and other data from Society events may be used on its website and for internal publications.
Who do we share your data with outside the Society?
Member data be disclosed or transferred in part to external agencies working on our behalf namely:
- Geological Society of London (subscription ID, title, name, postal address) who arrange the publishing and despatch of the Scottish Journal of Geology (SJG) if a Member chooses to receive hard copies of the publication at their name and postal address, or to gain online access to the SJG and Transactions of the Society (via Lyell Collection).
- University of Edinburgh Library (membership status, title, name, postal address) if a Member chooses to register to use the library facilities.
The Society has no subcontractors nor suppliers who have access to membership data other than as highlighted above, and member information is not shared with third parties.
Retention of information
Member (and non-member) information will be kept for as long as a relationship exists between an individual and the Society, and thereafter only such information as needed for legitimate purposes (e.g. financial transactions for seven years) is retained. The Archivist may retain limited membership information to fulfil the responsibility of the Society to maintain the continuity of its historical archive which dates from 1834.
The Membership Secretary retains digital data and hardcopy (e.g. record of applications, gift aid forms and correspondence). The Excursion Bookings Secretary and the Long Excursion Organiser keep hardcopy and digital data of participants to facilitate the running of events. This is reduced to a digital list of names and email addresses after each session, and in addition the Long Excursion Organiser retains a secure hardcopy excursion archive. Any lists previously sent to other Council Officers are deleted. The Publications Sales Officer retains only the names of purchasers and amount paid as digital data after each session. The Treasurer retains hardcopy and digital data required for the financial reconciliation of subscriptions, sales and excursions, and annual accounting. Signed annual accounts are held in perpetuity by the Society. The Gift Aid Authorised Official retains a copy of the data submitted to HMRC in line with HMRC regulations.
Who Is responsible for ensuring compliance?
The President and Honorary Secretary of the Society will ensure that GDPR and DPA 2018 principles are adhered to but may delegate responsibility to the relevant Council Officers mentioned above.
Accessing and controlling your information
Any Member can make a written request (by letter or email) to the Honorary Secretary for a copy of their personal data which the Society will provide within one month. Postal address: Edinburgh Geological Society, The Lyell Centre BGS. Second Floor, Research Avenue South, Edinburgh EH14 4AP; email address email@example.com.
A Member’s or ex-member’s data will be removed from, limited, or corrected within the current Membership Database on request.