GDPR POLICY

GDPR Background

The General Data Protection Regulations (GDPR) came into effect on 25th May 2018, and the Board implemented the policy below to comply and “legalise” all personal data held in our records. Although many of the concepts and principles in this legislation are in line with those contained in the Data Protection Act (DPA), there are elements and significant enhancements to consider. For example, the GDPR states that organisations must determine and document the lawful basis for holding personal data, explaining why it is required, how it is used and the consequence of it not being available.

GDPR Policy

The Company would submit that our lawful basis for holding personal data is to allow us to provide essential information. Without such data we are unable to carry out our remit.  In the past that information flow was achieved via post. However, nowadays it is often collected and stored electronically.

The data being held is:

Names

Addresses

Landline and/or mobile telephone numbers

Email addresses

The Administration Director acts as the Company Data Protection Officer (DPO) and is responsible for holding and maintaining shareholder data and for obtaining consent.  All Directors will have access to the data which will be stored either in a locked filing cabinet or secure IT system. Data will only be shared with 3rd parties where absolutely necessary and where the 3rd party has a robust GDPR  Policy of their own. Circulation lists on emails will be BCC (blind carbon copies) so that shareholders cannot access each other’s details. Residents are required to positively opt-in through a consent form or via email. Those who do not wish to opt-in will continue to receive information by post.

In the event any shareholder wishes to inspect their personal information or withdraw consent, they need only contact the Administration Director who will remove any relevant personal details from our files, except of course for name and address which relates to a shareholding. If a shareholder resigns or sadly passes away, all personal details will be destroyed within a reasonable period of time.

January 2025