Privacy Policy
Home Meetings / Events About Us Money in Photos Projects News Stoma Team

Version Number 1                                                                             Revision Date June 2019


Swindon Ileostomy Association (Swindon IA)

General Data Protection Regulation Policy Statement


This document defines the policy that will be adopted by the Swindon Ileostomy Association (hereinafter known as Swindon IA) so that the group complies with the General Data Protection Regulation (GDPR), which came into effect on 25 May 2018.

This policy document contains three sections;


1. General Policies

2. Policies for the protection of data

3. Policies for access to the data

This policy is concerned with the storage and use of  personal data, which is defined in article 4 of the GDPR. ( https:/ /gdpr-info.eu/art-4-gdpr )


1. General Policies

1.1 The only data we hold on individual members is that obtained from members’ application forms. That data consists of: name, address, age, telephone number, e-mail address, ostomy type and, if selected, any Gift Aid preferences at the time of applying for membership of Swindon IA or subsequently updated by the member.

1.2 Swindon IA will apply the regulations as fully as possible given the restraints of;

1.2.1 The size of the group.

1.2.2 Type of personal data held.

1.2.3 Funds available.

1.3 The Data Protection Officer will always be a member of the committee of Swindon IA.

1.4 Swindon IA have currently appointed the treasurer as Data Protection Officer (DPO) with roles as defined in the GDPR articles 37, 38 and 39.

1.5 The regulation of "consent" will be defined in the terms and conditions of being a member of Swindon IA.

1.6 Data will not be held for members who resign, die or have requested us not to hold their data. Once a member’s data has been removed, we will not be able to communicate with that member. "Life" members will have written consent from the individuals documented, as defined in the GDPR.

1.7 Swindon IA will not share member’s personal data with any third party, without a member’s prior consent or where a court order instructs us to comply.


2. Policies for the protection of data


2.1 The data will only be accessed by two members of the committee:

2.1.1 Treasurer

2.1.1.1 for the management of membership additions/deletions/amendments.

2.1.1.2 for the issue of relevant information to members via magazines, newsletters, notice of meetings and events etc.


2.1.2 Secretary  

2.1.2.1 for the management of membership additions/deletions/amendments.

2.1.2.2 for the issue of relevant information to members via magazines, newsletters, notice of meetings and events etc.


2.2 If in the future Swindon IA decides to organise fund raising appeals or lotteries etc., we will ask members in advance to opt in to such activities.

2.3 The data held by the secretary will be a copy of the treasurer’s data, updated monthly to ensure a backup copy is held at a different site.

2.4 The data will not be encrypted due to cost of specialised software.

2.5 The data will be Password protected with a strong password.

2.6 The password will be a minimum of 8 characters long. A mix of letters and numbers with at least 1 capital and 1 special character * ^ & ~ % $ ! etc. which is not on the end.

2.7 The password will be changed at least twice per year and not documented in any electronic format.


3. Policies for access to the data


3.1 All requests for information as to what data is held by Swindon IA for an individual will be via e-mail to the Treasurer’s e-mail address; treasurer@swindon-ia.org.uk or via letter to the Treasurer, Mr R Wanless, 17 Knowlands, Highworth, Swindon, SN6 6NB.

3.2 The procedure for making a data request will be published in the Swindon IA newsletter and on the Swindon IA web site www.swindon-ia.org.uk

3.3 All data requests will be dealt with by the Data Protection Officer (DPO) or their deputy if the DPO is away for an extended period.

3.4 All data requests will be free of any charges.

3.5 All data requests will be actioned within one calendar month of receipt of either an email or a letter.

3.6 Only data relating to the individual making the request will be sent, requests of data for a third party will be rejected.