Privacy Policy

Cambridge Advanced Motorists - Data Policy

This Policy document describes how Cambridge Advanced Motorists (CAMIAM) holds and manages personally identifiable data.

Data Protection Principles

  • The Data Protection Principles of the Information Commissioner’s Office include the following rules: Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

  • Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

  • Personal data shall be accurate and, where necessary, kept up to date.

  • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

The Purposes of CAMIAM Retaining Personal Data

  1. to identify individuals with a direct connection to the CAMIAM organisation, to record their status within the organisation (e.g. associate, observer, etc.), and to enable the group committee to pass information to them (e.g. newsletter)

  2. to serve the primary purpose of CAMIAM, i.e. the guidance of individuals in driving, by those qualified by IAM rules to do so

  3. to provide IAM HQ with group statistics (amalgamated, not personally identifiable)

  4. to publicise group activities and events to individuals likely to be interested

  5. to offer recently lapsed members news of our current events and other benefits of membership

  6. CAMIAM does not hold sensitive personal data.

  7. CAMIAM will only use personal data for its own legitimate interests

In addition, the following are the Archival Purposes of retaining data:

  1. for statistical analysis by the group (e.g. how have our numbers changed over 10 years?)

  2. to correlate data held by the IAM (e.g. to verify a claim by an IAM member that they were trained by CAMIAM in 1997)

  3. to provide records for evidence as may be necessary in a court of law or any legal action

The Data

The following data may be held to meet the stated purposes:

  • Name(s)

  • Address(s)

  • Decade of birth (e.g. 1960's)

  • Telephone Number(s)

  • Email Address(es)

  • Status within group (e.g. Associate, IAM member, Honorary member, lapsed member)

  • Group role(s) if any (e.g. Secretary, Newsletter editor,)

  • IAM Qualifications (e.g. Test Pass, Observer, National Observer, F1RST, Fellow, Masters)

  • Relevant dates (e.g. membership renewal dates, test pass dates, last contact)

  • Additional information relating to CAMIAM's activity (e.g. particular skill sets such as off-road driving qualifications; professional training qualifications, etc.)

  • Essential additional information affecting CAMIAM's administration (e.g. that a member has died). Once this ceases to be essential, the data may no longer be held.

Data Locations

Data exists in three primary locations:

  1. Shared 'live' database accessible to a limited set of committee members

  2. On computers belonging to those committee members

  3. On hard copy within archives

Physical Protection

Access

Read access to the live database is restricted to specific committee members. Write access is limited to committee members with Membership and IT roles. Physical and electronic copies may only be held by active committee members and either handed over or destroyed on retiring from the committee. Personally identifiable hard data copies must be shredded after 6 years.

Backup

Occasional copies (in electronic form) may be made for archival and data integrity purposes.

Physical security

Normal household security will be sufficient for holding all physical forms of the data.

Retention

Live personal data (i.e. data on the live database) is held for not more than 2 years after the individual has ceased their association with CAMIAM. Non-personally-identifiable data may be held and used indefinitely. Personally identifiable data may be stored indefinitely but may only be used for the Archival Purposes.

Disposal

All physical media, when disposed of, must be rendered unreadable by shredding or similar means. Electronic files must be fully deleted (e.g. shift-delete on a PC).

Access requests

If a member makes a request to see what data we hold on them we should send them the relevant row from our database spreadsheet.

Data deletion at request of a member

If a member requests that their data is deleted this should be performed by the Membership secretary after they have informed the committee of this request


Policy ends.

Comments