The Catholic Union of Great Britain – Data Protection Policy
About this policy
1.1 Everyone has rights with regard to how their personal data is handled.
1.2 The General Data Protection Regulation (the “GDPR“) strengthened and unified data protection for individuals within the European Union. It entitles individuals to access any personal data an organisation holds about them and gives them the right to know what that data is being used for and to whom it has been or will be disclosed.
1.3 The Catholic Union of Great Britain (“CUGB“) collects, stores and processes personal data about individuals, including members of the CUGB.
1.4 This policy (the “Policy“) sets out the basis on which CUGB will process personal data we collect from data subjects or that is provided to us by data subjects or other sources.
General statement of CUGB’s duties
2. CUGB is required to process personal data in accordance with the GDPR and will take all reasonable steps to do so in accordance with the Policy.
Data protection controller
3.1 The Secretary of CUGB is the data protection controller (“DPC“) and will endeavour to ensure that all personal data is processed in compliance with the Policy and the GDPR.
3.2 Any questions about the operation of the Policy or any concerns that the Policy has not been followed should be referred in the first instance to the DPC.
4. Anyone processing personal data must comply with the GDPR. The GDPR forms part of the data protection regime in the UK, together with the Data Protection Act 2018.
5. CUGB needs basic personal data about individuals to carry out our objectives and to provide what individuals may reasonably expect from us as members. That data consists of personal details such as names, addresses, telephone numbers, email addresses and other information to help us understand our members’ interests. We use this data to communicate with members and keep them informed of news, and past and future activities and events.
Processing personal data
6.1 CUGB’s policy is to process personal data in accordance with the requirements of the GDPR.
6.2 CUGB stores and processes members’ personal data because we have a legitimate interest in doing so, enabling us to carry out the work we do and to provide members with information which they expect to receive from us. Accordingly, we have not considered it necessary in light of the requirements of the GDPR to write to members asking them to consent to the CUGB processing their personal data.
6.3 Members have the right to ask us for a copy of information we hold about them. They also have the right to ask for it to be amended or deleted from the CUGB records. The CUGB ensures that members’ data is kept private and only used to carry out our activities.
7.1 CUGB’s communications (such as newsletters, membership briefings and details of forthcoming events) are what individuals would expect to receive when they became a member.
7.2 The CUGB is proceeding on the basis that, by becoming members of the CUGB, individuals agreed to receive materials from us (including electronically where they have supplied us with an email address) about our events and activities. However, if individuals would prefer not to receive communications from us, they can let us know by contacting us.
8. CUGB will not keep personal data longer than is necessary for the purpose or purposes for which they were collected and will take all reasonable steps to destroy or erase from its systems all data which is no longer required.
9. CUGB will ensure that appropriate security measures are taken against unlawful or unauthorised processing of personal data and against the accidental loss of or damage to personal data.
10.1 Data held on computer are protected by user identifiers, passwords, virus and malware protection, back-up systems and internal procedures. Manual data is protected by locking relevant doors and filing cabinets, shredding, and other internal procedures.
10.2 People who process, store or use personal data on behalf of CUGB have a responsibility to ensure that the requirements of the GDPR are observed and they must comply with the Policy.
10.3 Third parties who work for CUGB and who may have access to or process personal data for CUGB must operate in accordance with the Policy Third parties include suppliers or service providers.
Catholic Union Charitable Trust
11. For the purposes of the matters covered by the Policy, we have not distinguished between the CUGB and the Catholic Union Charitable Trust (the “CUCT“). We are proceeding on the basis that personal data held by the CUGB might be shared with and processed by the CUCT. However, if members wish, they can ask that this no longer be done.