This policy relates to the General Data Protection Regulation. It will be monitored and updated regularly, and will be translated into Esperanto in due course.
- The Membership Secretary shall be the Data Controller as defined under GDPR.
- All personal data on members or event participants will be held and kept safe by the Membership Secretary. For facility of data processing, a single password protected spreadsheet or relational database may be used. In order to protect against accidental corruption of the data an identical copy of the file may be held on an external device. All devices holding personal data must be under the direct control of the Membership Secretary. For further insurance against loss or corruption of data, the Membership Secretary may keep a printed copy of the data in a safe place in their home.
- The Membership Secretary must keep the records up to date. If a membership lapses beyond the period of grace or a member requests removal of data under GDPR, then the Membership Secretary must remove, at the earliest opportunity, all the member’s data on all the media in which copies are held.
- The Association must receive explicit permission from members to process (i.e. use) their data. That permission must be positive with the default assumption on our part that permission is NOT given until we receive it.
- Permission must be granular. This means that permission must be received for each specific purpose for which we intend to use it. A single blanket permission is not acceptable under GDPR.
- Permission is time-limited. Data from non-members who join any of our events must be used only for the legitimate purposes of running the event and must be deleted after the official close of the event.
- Data may be shared and used by other members of Council/Association in order to carry out the duties of their office. For example, the digital manager (retejestro) requires a name and email address to create a member’s account on the website. The distributor of the printed version of EeS requires the postal address of members twice yearly. Such information should be supplied in a secure manner (e.g. password protected file) and destroyed by the
recipient once it has been used.
- In addition to the automatic time-related removal of information a member may request removal of granularly specific permissions at any time. We will provide an easily accessible means for doing so, namely:
- a removable form on the printed join up form with tick boxes or a separate slip for the same purpose either supplied with the join up form by post or a separate form downloadable from the website from the same location as the join up form.
- a link on the front page of the website to an online form having the same effect
- by email to the Membership Secretary
Permission must be granular. To this end SEA divides its processing of data into three purposes. These are:
- Use of personal data by officers/post-holders of SEA to carry out their duties, e.g. digital manager, editing team of EeS.
- Sending to the member information and material which comply with the legitimate activities of the Association. These would be: join up form for Congress, Sabatrondo, Zamenhoftago; notification of these events; notification of changes to these events; paper versions of EeS and Bulletin.
- Request to a member for additional participation in Association activities. These would be one or more of the following: to submit an article for EeS; to present a talk at one of our events; to provide entertainment at one of our events; to provide practical assistance in organising one our events.