Creators Floor – Howitzvej 60, 1, 2000 Frederiksberg
9am – 20 pm
1. ABOUT THIS POLICY
- This policy explains when, why and how we collect personal information about our members, as well as how it is secured to ensure your rights are protected.
- We will always comply with the General Data Protection Regulation (“GDPR”) when dealing with your personal data.
- We (NBA) will be the ‘controller’ of all personal data for the purposes of the GDPR.
2. SOURCE OF INFORMATION
- Currently the Association:
- has a website that allows data subjects to contact the Association with queries, posts photos of Association events and has an updated blog
- has an email newsletter system for members
- runs events, along with an associated ticketing system
- runs a Facebook group
- stores data both locally and on the cloud
- does not use any of the personal data it collects for marketing purposes (except to update members about Association events)
- The only personal data collected by the association is:
- Each Member’s full name and email address. This is for the purpose of managing the Association’s online membership directory and for informing members of all information relevant to their membership. The legal basis for this is consent. We will seek the Member’s consent on their member application form. The member may withdraw their consent at any time by contacting us that they no longer wish their details to appear in the Membership Directory or no longer wish to receive emails from us.
- The bank account or credit card details for each member (or person paying fees on the member’s behalf). This is for the purpose of obtaining a membership fee. The legal basis for this is the performance of the Associations’ contract with the Member.
3. REASON FOR DATA
3.1 The purposes for which the personal data collected are:
(a) Managing each member’s membership
(b) Managing events for the Association
(c) Posting photos of Association events, members to the Association’s website and social media pages
4. HANDLING OF DATA
4.1 We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction. Privacy by Design is now integrated into our new technology systems to ensure preventative protection that is minimally invasive to you and Privacy by Default is implemented so settings are as a standard set for maximum privacy protection, with the option to opt-in for further sharing of personal data with more parties if the user needs.
4.2 We will not transfer your personal data outside the EU without your consent.
4.3 For any payments we take online a recognised online secure payment system will be used.
4.4 We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
4.5 Our data will be stored locally on a database on a computer owned by the organisation and remotely on the cloud on Google Drive and WordPress. Site admins will have access to this data.
- We use a third party service, WordPress.com to publish our website. This site is hosted at WordPress.com, which is run by Automattic Inc. We use a standard WordPress service to collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. WordPress requires visitors that want to post a comment to enter a name and email address. For more information about how WordPress processes data, please see Automattic’s privacy notice.
4.6 We will never sell your personal data.
4.7 We will not share your personal data with any third parties without your prior consent, except where required to do so by law.
4.8 We may pass your personal data to third parties who are service providers, agents and subcontractors who are completing tasks and providing services on your behalf (eg. ticketing agents and newsletter mailing services. The legal basis for this is for the legitimate interest of operating the Association. However, this will be done minimally such that only the personal data that is necessary for the third party to complete the service will be transferred. It is possible that third parties will engage others (sub-processors) to process your data. Contractual arrangements will ensure that all information is kept secure and used only for agreed purposes.
5. DISPOSAL OF DATA
5.1 We will hold your data on our systems for as long as your membership persists at the Association and as long afterwards as it is the Association’s legitimate interest to do so; or as long as necessary to comply with our legal obligations.
5.2 We will review your personal data to establish whether we are still entitled to process it. In the event that we are not entitled to do so, we will stop processing it and retain it only in an archived form for the purpose of complying with future legal obligations eg. compliance of tax requirements and exemptions, and the establishment, exercise or defence of legal claims
5.3 We securely destroy all financial information once it has been used and it is not longer needed.
6.1 You have rights under the GDPR:
(a) To access your personal data.
(b) To be provided with information about how your personal data is processed.
(c) To have your personal data corrected.
(d) To have your personal data erased in certain circumstances.
(e) To object to or restrict how your personal data is processed.
(f) To have your personal data transferred to yourself or to another business in certain circumstances.
(g) To lodge a complaint with a supervisory authority such as the Danish Data Protection Agency if you consider that the processing of personal data infringes the General Data Protection Regulation.