BAHS Data Protection & Security
The BAHS is categorised as a not-for-profit
organisation under the Data Protection Act. The society is exempt from
but it is obligated to carry out a few simple procedures as
- Tell people what you are doing with their data
- Make sure your staff are adequately trained
- Use strong passwords
- Encrypt all portable devices
- Only keep people’s information for as long as necessary
The data held by the BAHS society is used by committee members to:
- Run the BAHS society
- Communicate with members
by email, post and at meetings
- Administer the Members' Area
The society does not provide this data to other
organisations or third parties.
The data is held in a secure area of our website
only accessible by members of the BAHS committee. To assist in the running of the society
the committee may download data from the website and print
it out. This does not (in fact
cannot) include passwords used by members.
The data held by the society may be used by the BAHS committee to assess
trends and guide decision making. Committee
members are responsible for the safe keeping of data they download.
Examples of data downloaded and printed by committee members
are address labels and membership
The data held by the society covers:
- Member's name and possibly, partners name
- Correspondence address and possibly a second
addresses are used for the delivery of items
such as newsletters and the Glaven Historian.
- Phone numbers to allow
the committee to contact members in case of an issue
- Email addresses
are used to contact members regarding events
and other matters the committee think may be of interest.
The committee tries to minimise the number
emails sent to members to no more than one or two a week.
Notification emails to individual members will be generated
when a member uses the members' area (see below).
- Individual preferences covering, for example, how you receive items
like the AGM papers.
Through the secure Members' Area it is possible
for members (with an email address) to login to check their
subscription history. They may also check the personal data
held by the
society and update it as required.
When members use the Members' Area notification emails (covering actions
such as login, logout or updating personal details)
are provided to the login email address. If a member receives
such an email and they hadn't used the Members' area they should
email the webmaster as
it implies a possible security issue. If you do not receive
these emails when using the Members' area
please check that they are not going into a junk or spam folder.
Whilst it isn't
recommended by the society it is possible to
disable the receipt of notification
Access to membership data held on the website is accessible only through
logging in using strong passwords that are stored using one-way encryption
techniques using a 256-bit hash known as SHA256. Click
here for information held on Wikipedia about this technique.
Changes to the membership data
held on the website are recorded in an audit trail accessible
by the webmaster.
If you have questions or concerns about how the society uses the data
it holds on you please email the webmaster.