Ambleside Community Christmas Lights Ltd
The directors of Ambleside Community Christmas Lights Ltd. (“the directors”) have adopted the following guidelines to ensure that we are fully compliant with the new General Data Protection Regulations (“GDPR”) which come into force on May 25 th 2018.
Committee members . The directors and committee members will ensure that the names, addresses, email addresses and telephone numbers will be kept secure and ensure that each person grants permission for that data to be kept as long as they are members of the committee or board of directors.
When emailing a single named person, the email address will be placed in the “TO” section of the email heading.
When emailing more than one person , the author of the email message will place their own email address in the “TO” section and place all other email addresses in the “BCC” (blind carbon copy) section to ensure that all the recipients cannot see the email addresses of the others. (Placing your own email address in the “To” section prevents many email systems from assuming that the email message is spam or junk email.)
Names and addresses will only be sent to members with a password attached to that list and the password will only be provided in person to committee members. Committee members are asked NOT to print out the list but to keep it on their computer with the password protection and only open the file when required.
Whenever a person ceases to be a committee member they will be required to confirm in writing that they have deleted all email address lists for the committee from any devices which they own.
Use of non-personal email addresses . Committee and board members will be encouraged to use an email address used solely for business to do with the lights and NOT their own personal email address.
Communication with members of the public . When a member of the public completes a booking form for the purchase of Father Christmas Cruise tickets, they will be expected to provide their full name, address and post code. That information will be kept securely until the cruise has taken place and will then be securely destroyed . The booking form will explain that this data is solely used to verify that they have bought tickets IF they subsequently lose those tickets or forget them on the day of the cruise.
The data will NEVER be passed to any other person for any reason whatsoever.
Communication with local businesses. When members of the committee or directors communicate with local businesses, they will adopt the same policy as in 1a or 1b (above). When a local business provides their web address for that business it will only be used on the lights own website to provide acknowledgement of their donation and to provide a means of advertising for the local business. No other details about the business including proprietors' names or email addresses will be provided for any third party.
Communication with the press. When members of the committee or directors communicate with the local press or their correspondents, they will adopt the same policy as in 1a or 1b (above).
Communication with other providers . When members of the committee or directors communicate with other providers, they will adopt the same policy as in 1a or 1b (above).
The only data relating to board members available on the website will be an email address which they have authorised. No telephone numbers will be included.
The only details provided on the website for the purchase of cruise tickets will be an address provided by the outlet for that purpose. If an outlet no longer provides the service, the outlet's details will immediately be removed from the website and booking form
This policy will be reviewed on an annual basis as part of the board meeting preceding the AGM and also at the AGM itself.
This version uploaded May 1018