CJRA DATA PROTECTION POLICY
In order to operate, The Cambridge
Association (CJRA) needs to gather, store and use certain forms
These can include members, suppliers, volunteers, business contacts and other people the CJRA has a relationship with or regularly needs to contact.
This policy explains how these data should be collected, stored and used in order to meet CJRA data protection standards and comply with the law.
Why is this policy important?
This policy ensures that the CJRA:
• Protects the rights of our members, volunteers and supporters
• Complies with data protection law and follows good practice
• Protects the Association from the risks of a data breach
Who and what does this policy apply to?
This applies to all those handling data
on behalf of the
CJRA, for example:-
• Committee members
It applies to all data that the CJRA holds relating to individuals, which is primarily:
• Email addresses
• Postal addresses
• Phone numbers
• Jewish affiliation.
Everyone who has access to data as part of the CJRA has a responsibility to ensure that they adhere to this policy.
The Data Controller for the CJRA is the Treasurer. They, together with the Committee, are responsible for why data are collected and how it will be used. Any questions relating to the collection or use of data should be directed to the Data Controller in writing.
Data Protection Principles
1. We fairly and lawfully process personal data
CJRA will only collect data where lawful and where it is
necessary for the
legitimate purposes of the Association.
• A member’s name and contact details will be collected when they first join the Association, and will be used to contact the member regarding Association membership administration and activities. Other data may also subsequently be collected in relation to their membership, including about their payment history for fees and subscriptions.
name and contact details of committee members, employees,
volunteers and contractors
will be collected when they take up a position, and will be used
them regarding Association administration related to their role.
• An individual’s name and contact details will be collected when they make a booking for an event. This will be used to contact them about their booking and to allow them entry to the event.
• An individual’s name, contact details and other details may be collected at any time (including when booking for an event), with their consent, in order for the CJRA to communicate with them about Association activities.
2. We collect and use personal data only for specified and lawful purposes.
collecting data, the CJRA will always explain to the subject why
the data is
required and what it will be used for, for example:-
“Please enter your email address in the form below. We need this so that we can send you email updates for Association administration including about events, subscriptions and other business.”
We will never use data for any purpose other than that stated or that can be considered reasonably to be related to it. For example, we will never pass on personal data to third parties without the explicit consent of the subject”.
3. We ensure any data collected are relevant and not excessive
The CJRA will not collect or store more data than the minimum information required for its intended purpose.
For example we need to collect email addresses and telephone numbers from members in order to be able to contact them about Association administration.
4. We ensure data is accurate and up-to-date
The CJRA will ask members, employees and volunteers to check and update their data. .Any individual will be able to update their data at any point by contacting the Data Controller.
5. We ensure data is not kept longer than necessary
The CJRA will keep data on individuals for no longer than 12 months after our involvement with the individual has stopped, unless there is a legal requirement to keep records.
6. We process data in accordance with individuals’ rights
following requests can be made in writing to the Data
• Members, volunteers and supporters can request to see any data held on them.
• Members and supporters can request that any inaccurate data held on them is updated.
• Members and supporters can request to stop receiving any marketing communications.
• Members and supporters can object to any storage or use of their data that might cause them substantial distress or damage or any automated decisions made based on their data.
8. Transfer to countries outside the EEA
The CJRA will not transfer data to countries outside the European Economic Area (EEA), unless the country has adequate protection for the individual.