GDPR

General Data Protection Regulations

From 25th May 2018, any organisation holding personal data will have to comply with new requirements known as GDPR. Our understanding is that by paying your Cyclox membership fee you give your consent for us to hold necessary personally identifiable data about your contact details, your membership and subscription status and your specific membership interests. Cyclox has to keep the data secure and accurate. Our membership list is held by Membermojo,  a commercial company, who use MailChimp for email distribution; both have strong data security.

There is a clear requirement to delete information when it is no longer required. Unless asked to cancel a membership, Cyclox will keep the contact details of members for up to two years after their last subscription in case we think it appropriate to contact them with reminders to subscribe. Those ex-members will continue to receive the email newsletter while on the database so they will be aware that they are still on the database. If a members asks us we will delete all information held about them. If they tell us they are not renewing then their information is archived and will  be available for 2 years after that.

You are able to see and edit the information we hold about you by going to the Membermojo website. You don’t need a password for this – click on the access link which is sent to your email address, then go to ‘Your membership’. We will continue to review how this information is displayed, and if you have any questions, email membership@cyclox.org

GDPR Privacy Policy

What personal data do we collect?

We only collect the information you provide when registering with Cyclox. This includes contact details (phone numbers, postal and email address); information about your campaigning interests and how you may help Cyclox; information about your payment method. If you have household members we record their name and email address if supplied.
Separately we ask attendees at meetings and stalls to give us email addresses if they want to hear more from Cyclox. However this information is not entered on our membership database and is only used to ask if you want to continue to hear from Cyclox. If you agree, we will add your email address a separate list of supporters’ emails. There is no other information in this list.

What is this personal data used for?

We use the data to enable us to renew your membership annually, and the email address is used for those who want to receive the newsletter and other communications about events. We don’t share your information with anyone.

Where does the information come from?

We have no other source of information apart from what members tell us.

How is the data stored?

We use Membermojo for the membership database.  The membership secretary copies paper lists of email addresses of non-members who want to receive information from Cyclox (obtained at meetings, stalls and events as described above) onto a spreadsheet held on their personal computer.

Who is responsible for ensuring compliance with the relevant laws and regulations?

Under the GDPR (General Data Protection Regulation) we do not have a statutory requirement to have a Data Protection Officer. The person who is responsible for ensuring Cyclox discharges its obligations under the GDPR is the Membership Secretary, currently Andy Chivers membership@cyclox.org

Who has access to your data?

At present only 3-4 committee members can download the membership database as a .csv file. Only one committee member (the membership secretary) can edit the information.

What is the legal basis for collecting this data?

Cyclox collects personal data that is necessary for the purposes of its legitimate interests as a membership organisation. Although we are neither a charity nor a registered company, we aim to manage our finances to the standards of a charity, and the database helps us to produce accurate accounts.