Responsibilities The   SRG   Committee   has   overall   responsibility   for   personal   data   issues.   Day-to-day responsibility has been delegated to the Treasurer, namely understanding and communicating  obligations under the relevant legislation identifying potential problem areas or risks producing clear and effective procedures ensuring   all   committee   members   and   event   organisers   allowed   access   to   personal data on behalf of SRG understand the requirements of them under this policy. All committee members and event organisers who process personal information must ensure they not only understand but also act in line with this policy and the data protection principles. Breach of this policy will result initially in the individual’s being given further advice on his/her responsibilities under the legislation. Repeated breaches will result in being denied access to personal data. Sharing Data Members’ contact details are routinely shared with all SRG office holders for effective communication. They may, at the discretion of an office holder, be shared with an event organiser also for effective communication. SRG has an e-mail list of all members, maintained by the Treasurer. This is used in such a way that no member may see another member’s e-mail address. The club programme, which is used partly to publicise SRG’s activities, contains a telephone number for the walk leader. However this does not give the walk leader’s full surname. SRG has a web site and an open page on Facebook to promote the activities of the group. This includes photographs of members but only where the member has given permission. Wherever possible individual members are not named and where this does happen only the forename is used. SRG also has a closed Facebook page where access is only available to group members; this is used to share photographs as well as for communication. Implementation The   Committee   has   reviewed   the   information   collected   on   the   membership   application and   is   satisfied   that   this   complies   with   the   data   protection   principles   listed   in   Section   2. Data   collected   for   specific   activities   will   either   be   agreed   specifically   by   the   committee   or follow   a   standard   format   for   the   type   of   event   agreed   by   committee.   In   agreeing   this policy   the   committee   has   also   sought   to   ensure   that   data   is   kept   securely   and   for   an appropriate   length   of   time   and   that   there   is   a   proper   basis   for   any   sharing   of   the   data with third-parties. As   part   of   the   implementation   of   this   policy,   all   existing   members   will   be   asked   to resubmit   their   personal   data   and   will   be   asked   to   give   their   permission   for   the   specific uses for explicit permission has been required from May 2018. Retention Periods SRG will retain personal data for the following periods: Details on club membership data-base: for 6 months after membership expires Application forms for specific activities: for 6 months after the activity takes place Summary   sheets   of   those   attending   specific   activities:   a   list   of   names   may   be              retained indefinitely but all other personal details will be deleted within 6 months Walk attendance lists: for 6 years after the walk took place Membership   of   SRG’s   closed   Facebook   page:   any   participants   who   do   not   renew their membership will be removed within 6 months of their membership lapsing. Subject Access Requests Members   may   at   any   time   request   that   the   data   held   on   them   is   changed   and   are encouraged to do so to ensure effective communication with them. All   members   have   the   statutory   right   to   request   details   of   the   data   held   on   them.   Anyone wishing   to   exercise   this   right   should   contact   the   Treasurer   in   writing   or   by   e-mail.   The information   will   be   supplied   to   the   member’s   personal   address   within   40   days.   There   will be no charge for this. Any   other   queries   by   members   on   SRG’s   handling   of   their   personal   data   should   be addressed in writing or by e-mail to the Chair who will ensure a prompt response. Review   This policy will be reviewed as required. Adopted by the committee of Stafford Rambling Group on 4July 2018