View from Angel Building Clerkenwell

Privacy Notice for the London Forum of Amenity and Civic Societies
May 2018

1. What personal data does the London Forum collect and what is it used for?
The London Forum’s membership comprises full members, associate members and individual members. Full members are societies, each of which nominates a main contact to the Forum, and, in most cases, a small number of additional contacts. Associate members are also organisations with named contacts, though no main contact. These nominees of full and associate members together with individual members and other individuals who have expressed an interest in the work of the forum are referred to collectively as the Forum’s contacts. The expression member societies in this document refers to full members only.

For each contact, the Forum collects, stores and processes personal data comprising the contact’s name and email address, and frequently also a postal address and telephone number, together with their communications preferences. We use contacts’ data for membership administration, distributing information to members, and event organisation.

2. Where does this data come from?
Contacts’ personal data mostly comes from the contacts themselves, or from other contacts in their societies. Some data comes from the websites of full and associate members.

3. How is personal data stored?
Contacts’ personal data are stored in an online MySql database held on a secure webserver that is constantly monitored for any signs of unusual activity. Access to this data is via a password protected page on the London Forum website. For each member society, the main contact can access that society’s data using a password specific to that society. Some personal details such as attendance lists at Forum open meetings may be stored on paper under lock and key by the London Forum Secretary for the time being. The intention is that in due course these too will be stored on our secure webserver with password protection.

4. Who has access to personal data?
London Forum officers have access to the contact database in order for them to carry out their legitimate tasks for the Forum. Sub-contractors of the Forum may be given access to data for specific tasks, such as sending out mailings or improving our IT systems. They are not free to use it for any other purpose. Data files derived from our database for such purposes are password protected.

5. Who is responsible for ensuring compliance with the relevant laws and regulations?
Under the GDPR (General Data Protection Regulation) London Forum does not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring the Forum discharges its GDPR obligations is the Forum’s Membership Secretary for the time being, who can be contacted at membership@londonforum.org.uk

6. What is the legal basis for collecting this data?
The GDPR specifies a number of different reasons why organisations might hold and process personal data. The London Forum bases its Privacy Policy on a mix of legitimate interests and consent.

The Forum must be able to contact its members for the purposes of inviting them (a) to renew their membership, and (b) to attend General Meetings of the Forum. For this to be effective, we need to store and process contact data for personal members, and contact data for one or more contacts in organisations that are full members or associate members. We do not require the consent of the individuals concerned for this activity.

The Forum also informs contacts about its activities (and occasionally those of other organisations that might be of interest to members), and invites them to Forum events via the e-bulletin service and via its newsletter, NewsForum. We conduct this processing activity on the basis of consent. Although many of the Forum’s contacts have already given their consent by specifying which communications they wish to receive and by what means, others have not. Our approach is that:

a. existing contacts that are not linked to member organisations are being asked now to confirm their communications preferences and signify their consent

b. contacts that are linked to member organisations will be asked to do so prior to, or as part of the 2019 membership renewal round.

c. new contacts, whether in member organisations or not, will be asked to do likewise within one month of being added to our database.

Contacts that do not signify consent within 3 months of first being asked will be removed from the e-bulletin and/or NewsForum distribution lists.

7. How you can check what data we have about you?
Contacts have a right to know what information we hold about them. If anyone wants to see the basic personal data we hold about him or her, they should contact the Forum’s Membership Secretary (see para 5 above). We are required to provide this within one month.

8. Does the Forum collect any “special” data?
The GDPR refers to sensitive personal data as “special categories of personal data”. We do not collect any “special” data.

9. How can you ask for data to be removed, limited or corrected?
There are various ways in which you can limit how your data is used. The GDPR confers a “right to be forgotten”. Any Forum contact may ask for all their personal data to be deleted. We aim to comply with all such requests within one month. Forum contacts may choose not to provide us with an email address and/or postal address, though this will limit the services that the Forum is then able to provide. Contacts may specify that they do not wish to receive Forum emails and/or hard copy of the Forum’s newsletter. Any contact that has reason to believe that the information we hold about them is incorrect may ask for it to be corrected.

All requests in relation to this paragraph should be directed to the Forum’s Membership Secretary (see para 5 above).

10. How long do we retain contact data?
Member societies are responsible for keeping their contact data up to date. Should we become aware that a society’s contact details are out of date, we ask the society’s main contact to update its records on our database.

11. What happens if a contact dies?
If we become aware that a contact has died, their personal data is deleted.

12. Can you download your data to use it elsewhere?
No, we store so little personal data for each contact that this would make no sense.

If you have any queries regarding this policy or the use of your personal information please address them to:

The Secretary
London Forum of Amenity and Civic Societies
70 Cowcross Street
London EC1M 6EJ
or use the Contact Form