Nottinghamshire Fungi Group Data Protection Notification
In the UK, data protection law was covered under the Data Protection Act 1998 (DPA 1998). However, a new EU data protection law called the General Data Protection Regulation (GDPR) has applied since 25 May 2018. This new law was deemed necessary to take into account technology changes over the last 20 years and to harmonise data protection law across Europe.
The following information sets out how we use your personal data as a member of the Nottinghamshire Fungi Group (NFG) and what rights the GDPR gives you in respect of your data. Personal data broadly means information that identifies (or which could, with other information that we hold, identify) a living individual.
How we use information about you
We, the NFG, have been required to handle personal information in compliance with the General Data Protection Regulation (GDPR) since 25 May 2018.
The NFG control your personal information for the purposes of applicable data protection legislation. We will only use your personal details in order to carry out the day to day running of the group.
We will only collect and use your personal information where:
• there is a legal obligation for us to do so;
• it is for our legitimate interest as a group;
• you have given us consent to do so
What information do we collect?
The only personal information that we collect from you is:
• your name
• your address
• your telephone number
• your email address
Who the information may be shared with
With your consent
The only other organisation that we would share your details (your name only) with is the Fungus Conservation Trust (FCT), as the name of the collector and the recorder are added to the details of each specimen record that is uploaded to the CATE 2 database. This database can be accessed by other members of the FCT.
Please note that your name could also be included on a foray report that might be uploaded to the NFG website (again, this can be viewed by the general public.
As already stated, your name would only be used in any of the above scenarios with your consent.
Without your consent
• Regulatory authorities
• Legal entities in the event of a criminal investigation
• Insurance purposes if necessary
This is not an exhaustive list but please be aware that for the NFG to share your details, under any circumstances, we must comply with the GDPR.
Retention of Data
One of the key principles of the GDPR is that personal data that we store and process shall be adequate, relevant and limited to what is necessary for the purpose that it was originally collected. Our standard policy is for information or data to be kept for only as long as necessary. We envisage this to be a maximum of two years after a member has left the group but it must be recognised that this might be extended for reasons beyond our control. It will then be disposed of in a managed and secure way.
You have a number of rights under GDPR. These include the right to:
• see the information we hold about you
• request personal data to be amended if it is inaccurate or incomplete
• request the deletion or removal of personal data where there is no compelling reason for its continued use
• block or restrict the processing of your personal data; and
• object to the processing of your personal data
• receive your personal data that we hold in a structured, commonly used format
If you wish to exercise any of your rights or wish to raise any issues in relation to data protection then please email firstname.lastname@example.org with your request.