GDPR and TOGA

Data Privacy Notice

Our Privacy and Fair Processing Notice describes the categories of personal data we process and for what purposes. We are committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR).

Updated June 2018

Who are we?

The Tiffin Old Girls’ Association (TOGA) is a volunteer-run organisation of alumnae of The Tiffin Girls’ School, Kingston upon Thames. The role of the organisation is to keep together past students of the school and to promote social and other interests of past members of the school. The committee is formed of volunteers and anyone is free to join or leave as they wish. The chair is voted in by the committee members as required. Alumnae can join the organisation officially by signing up via the membership link.

Generally, for the purpose of the Data Protection Legislation and this Notice, we are the ‘data controller’. This means that we are responsible for deciding how we hold and use personal data about you. We are required under the Data Protection Legislation to notify you of the information contained in this Privacy Notice.

Your personal data – what is it?

Personal data is related to a living individual who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in our association’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulations (the ‘GDPR’).

What is GDPR?

The GDPR 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and replaces the Data Protection Act 1998. It came into effect on the 25^th May 2018.

Please visit www.ico.org.uk for more detailed information.

Why does TOGA need a GDPR Policy?

The policy explains that TOGA will:

· Only collect information that is needed for a specific purpose;

· Keep this information secure;

· Ensure the information is relevant and up to date and

· Only hold as much as is needed and only for as long as it is needed.

What long term information will TOGA request and why?

Our newsletter and other communications are sent out via mailchimp and google mail systems which are protected with secure passwords and access rights at multiple levels. The committee has full access but all other volunteers and members only have access as required. There are exceptions to this, which are detailed below.

Apart from those without e-mail access (see below) the long term information we retain is restricted to:

Name including maiden name

E-mail address

Age/Date started at Tiffin Girls School

Wufoo

Before moving to mailchimp, alumnae could join TOGA via a wufoo form. This account has been cleared and deactivated.

Those without e-mail access:

We have a very small number of people who do not have e-mail access, for whatever reason. These members will have their postal address stored until notice is otherwise given to TOGA, in order to send out paper copies of the newsletters and any other forms of communication. These are kept securely on a computer protected by secure password.

Facebook:

TOGA use a closed Facebook group for communication with alumnae, irrespective of whether the alumna has registered with us or not. It is clear on the joining page, in the about us section, what will be communicated, so the act of joining the group is presumed as consent. TOGA will not reuse any personal data posted on its group without consent. Data gathered from Polls or conversations will not be stored anywhere other than the direct page in such a way that individuals can be identified. All committee members are administrators of the group and have the ability to add or remove users.

Twitter:

TOGA has a Twitter account. By following this account, the user is choosing to give consent via Twitter to receive updates according to their preferences. TOGA does not store any of the information from Twitter beyond the media platform itself.

What short term information will TOGA request throughout the year and why?

Reunions:

TOGA host a reunion for alumnae every two years. For the duration between announcing the reunion and until six months later to enable the committee to gather for a debrief, the following extra data will be stored for each attendee:

Emergency Contact Telephone number

Food Preferences

This will be stored on Google Drive with a secure password and restricted access to the relevant members of the TOGA committee as required.

Information and third parties

TOGA will never give any information to third parties without prior consent.

What if someone else sends you information about me?

If we are passed any personal information by a third party which was unauthorised, we will immediately get in touch with you to let you know what we have, who from and why. If you inform us that we are not allowed to hold this information, it will be deleted or securely disposed of immediately.

What if there is a Data Breach?

Any committee member who suspects a data breach has occurred is required to report the matter immediately to our Chair, as the person responsible for data protection matters within the association. She will then determine whether a breach has occurred, and take the necessary steps to address it, and if required, notify the relevant individuals and the ICO within the required timescales.

Will there be any information sharing between TOGA and the school?

The organisation is run separately from the school but aims to work closely with the school. We will not give the school any data that can be used to identify and contact individuals without prior permission. At times, a collation of data results may be presented to the school without any identifiable datum.

What will not change?

• TOGA will continue to post all our event information to our closed Facebook group and advertise events via e-mail (or post if requested). If you are already a member of these, this means you have already opted in. You may opt out of these at any time.

We will never post personal contact information to the group or on the page.

We will never give out your data to another person. In case of friend searches, we will act as the go between and enable you to approach the seeker.

You can still contact us through Facebook, via the TOGA email address and via the postal address.

What do I need to do?

If you haven’t updated your GDPR preferences already, please do so by following the link sent out by e-mail, or contact us via the TOGA e-mail account.

It is your duty to inform us of changes. It is important that the personal data we hold about you is accurate and up to date. Should your personal information change, ie name, email address please contact us

What if I have questions?

If you have any questions regarding TOGA’s GDPR policy, please contact the TOGA Chair via email: tiffinoldgirls@gmail.com

Access of information

You have the right to access, edit and delete information held about you and may access this information by contacting us at TiffinOldGirls@mail.com. Any access request will be answered within two weeks and details of the relevant information we hold about you will be provided electronically.