The CVI Society’s General Data Protection Regulation (GDPR) Policy
The CVI Society’s General Data Protection Regulation (GDPR) policy is the responsibility of the Data Protection Lead as appointed by the CVI Society trustees.
Personal information means any information that relates to an individual that may be used either directly or indirectly to identify them.
The CVI Society’s GDPR policy statement describing how the CVI Society protects personal information is published on the CVI Society website.
There are two types of information that the CVI Society may store about individuals that it is in contact with.
The CVI Society
Stores general contact information if provided by individuals including: name, email address and telephone number
Stores additional personal information if provided by individuals including: address, email address, occupation, bank details and medical information
Storage of Contact and Personal Information
General contact information provided by individuals is used to communicate with them about CVI Society activities.
A person’s name, address, date of birth, gender, ethnicity, telephone number, email address, bank details (if payment method requires it) and medical information may be collected by the CVI Society to undertake CVI Society activities. These activities include running the annual CVI Society conference and providing support to individuals or their families.
This personal information may be stored either electronically or on paper.
The CVI Society will only keep contact or personal information while the individual is a supporter of The CVI Society or as long as necessary to provide services or support requested by the individual.
The only people that may have access to personal information are the trustees of The CVI Society or individuals appointed by the CVI Society trustees to support the CVI Society activities.
No personal information is passed on to any other individuals or organisations unless:
at the request of the individual
we are legally required to
to preserve the health and safety of any individual
The CVI Society makes use of cloud storage services which includes an email service.
Member’s medical, bank or home address information will not be stored in a cloud service.
If an individual has emailed this information to the CVI Society it will be stored on servers outside of CVI Society control and therefore its responsibility.
Any information stored electronically will be secured by password protection or by restricted physical access to the storage device.
Any information stored on paper will be protected by restricted physical access.
If a data breach means that any contact or personal information has been passed to others without consent, the individual and the CVI Society Data Protection Lead will be informed. The CVI Society Data Protection Lead will determine what further action may be required. Individuals whose data has been compromised will be informed.
Group emails will not reveal an individual’s email address to other members of the email group unless with the individual’s permission or the email address is already known to the other group members.
If photographs are taken at CVI Society events or if the CVI Society wishes to use an individual’s image for publicity and marketing, including on social media, then prior consent will be obtained from the individual. Photographic images will be kept for as long as the individual is a supporter of The CVI Society and the images may continue to be used in future publicity activities. The CVI Society will delete and stop using an individual’s image if a request is made by the individual.
The CVI Society uses several products to analyse traffic to it’s web site in order to understand our visitor’s needs and to continually improve the site for them. The CVI Society only collects anonymous, aggregate statistics.
If an individual joins the CVI Society mailing list, a CVI Society forum, or one of The CVI Society social media groups or provides contact or personal information to us then The CVI Society assumes that the individual consents to the storage, as described in this policy, of the information that they have provided.
If an individual requests to see their contact or personal information held by the CVI Society it will be provided.
The CVI Society will destroy contact or personal information about an individual if requested by them but this might mean that we can no longer provide certain services to them.
The CVI Society will update any contact or personal information that we know to be incorrect.
If you have any questions or concerns about our collection, use or disclosure of your personal information, please get in touch to discuss further.