In May 2018 a new law – the General Data Protection Regulation (GDPR) – came into effect to govern the way that organisations such as The Society for the Study of Childhood in the Past (SSCIP) managed information regarding their members.
This document will outline the protocol in place within the SSCIP committee to ensure that we comply with GDPR regulations, and take great care when storing and managing your personal information. As such it will explain what information we hold about you, what this information is used for, how it is securely stored, how you can access your personal data, and how you can withdraw consent for us to store your personal data if you so wish.
Primary contacts for enquiries concerning personal data within the SSCIP committee are:
- Committee Secretary – Data Protection Officer – firstname.lastname@example.org
- President of SSCIP – email@example.com
- Membership Secretary – firstname.lastname@example.org
The first point of contact for any enquiries should be made to the Data Protection Officer. Their role within the committee is to ensure that a sufficient procedure for the protection of your data is in place, and that all committee members adhere to GDPR regulations.
There will be an annual review of the policies in place to ensure that we continue to provide the best protection and practice when managing your personal data.
What information do we hold about you?
The only personal data that we hold about you is the information that you provided on
the membership application form when you joined SSCIP. This includes:
- Preferred title
- E-mail address
- Membership type (e.g. waged, unwaged, retired, student, qualifying country)
- Payment records (e.g. date of payment, amount paid, and payment method)
For student members additional data is held regarding:
- University affiliation
- Proof of student status
Please note: If any of these details change during your membership (e.g. e-mail address, address, membership type, student status) please inform the Membership Secretary and submit an updated membership form as soon as possible to ensure that the data we currently store is as accurate as possible.
What is this data used for?
The data we store helps us to maintain up to date records regarding the SSCIP membership. We will primarily contact you be email with key information regarding SSCIP opportunities and activities (although please regularly visit our Twitter, Facebook, and Instagram accounts for updates on new research and events relating to childhood in the past).
It is necessary for us to store this data to:
- Ensure that records are maintained of current members of SSCIP so that they can receive membership benefits
- Inclusion on the SSCIP mailing list for regular updates (see below)
- Reduced fees for the annual international conference
- A copy of the Childhood in the Past publication (bi-annual)
- Access to the members’ area of the SSCIP webpage
- Opportunity to apply for small grants to run events
- Opportunity to engage with public outreach activities
- Presentation prizes for student members
- Check that all those wishing to remain members of SSCIP have paid the appropriate membership fee for the current membership year (running 1st January-31st December)
- Monitor the composition of the SSCIP membership to ensure that we are meeting the needs of our members
- Your e-mail address is added to our mailing list so that we can keep you updated with information relating to the Society, such as:
- Upcoming conferences, seminars, and workshops
- Information regarding our bi-annual lecture series
- Small grant opportunities
The mailing list will only ever be sent out as blind carbon copy (Bcc) so that your e-mail address will not be visible to any other members. Your address is forwarded on to Taylor & Francis so that they can distribute the bi-annual copies of the Childhood in the Past journal to fully paid up members of the current year. Taylor & Francis have their own protocol to ensure that they comply with GDPR regulations once this information is sent to them.
Your data may also be processed for the following purposes:
- Compiling data regarding overall number of members, and numbers of members in different categories, for Membership Secretary reports for committee meetings and the AGM. The data is entirely anonymised for this purpose.
- Checking that those applying for small grants are fully paid up members for that year.
- Checking that those paying membership rates for the annual conference are fully paid up members for that year.
- Establishing who is eligible to compete for student prizes.
Who has access to this data?
Only a limited number of individuals within the SSCIP committee will have access to
your personal data. Who has access, and how they use this data, is outlined below.
Committee Secretary (Data Protection Officer)
The Committee Secretary only has access to e-mail addresses of the current members
for the purposes of:
- Sending regular update emails to SSCIP members reminding them of ways in which they can get involved in the Society, and small grant opportunities.
- Circulating a bi-annual newsletter of past and upcoming events and other relevant news.
- Informing SSCIP members of location, date, and time of the AGM, inviting opportunity for any concerns/suggestions to be raised regarding the Society.
The Membership Secretary is the only member of the committee who will have access to all of the personal data identified in the section ‘What information do we hold about you?’ Your membership forms containing all of the personal information provided are sent to the Membership Secretary.
Electronic copies of these forms will be kept in a password protected file, retained for the duration of the membership, and deleted once the membership has expired. If you send your form as a hard copy, this will be scanned and stored, and the hard copy shredded and disposed of in confidential waste bins.
The data provided on these forms will be inputted onto an excel spreadsheet that documents the current membership. This is only accessible by the Membership Secretary.
The Membership Secretary will use the following personal data for only the following reasons:
- Title, name, and e-mail address – allows us to maintain contact with the members.
- Date and year joined – to ensure that payments are made on time, and to monitor how and when we are attracting new members, and how long we are retaining members for.
- Membership category – used to check that members are paying the correct subscription fee.
- Proof of student status – requested to verify that the individual is a student. The expiry date is logged so that we can follow up any individuals who continue to pay the concessionary rate after that date.
- Payment records – record the date of payment, membership year the payment is for, amount paid, and how the payment was made. This information is necessary to ensure that only individuals who are fully paid-up members have access to membership benefits. The date of payment and method of payment is essential to check/track payments in PayPal and in SSCIP bank account. The Membership Secretary will liaise with the Treasurer in order to do this. The date of payment is also used to verify whether people are eligible to apply for the small grants, and whether they are eligible for the conference discount, or to compete for the student prizes.
- A note is made of any special circumstances associated with the payment – e.g. if the payment is made from a bank account with a different name to the member, or a friend or family member pays for the member via PayPal; or whether an invoice or receipt may be required.
- This information is kept for the current membership year, and then deleted at the end of the membership (see ‘How long do we retain this data for?’).
The Treasurer uses a restricted amount of members’ data to ensure payment of money owed to the organisation, to make refunds of money incorrectly paid to the organisation, and to pay financial awards relating to small grants.
The Treasurer does not have direct access to any database of information about members, but will request certain information only when necessary. This information will not be retained or stored by the treasurer.
The Treasurer has password-protected access to files containing personal information regarding name, membership type, and membership status, and they can request special access to members’ addresses when necessary to ensure that:
- Membership fees are paid correctly and in a timely manner.
- Refunds of incorrectly paid membership fees can be issued.
- Unpaid fees can be requested (via the Membership Secretary) once identified.
- Cheques are issued to the correct person when necessary (e.g. for small grants)
- Members’ details requested by the Treasurer from the Members Secretary for the above purposes will not be copied, stored or retained by the Treasurer. All email correspondence containing personal information will be deleted once the relevant business has been concluded.
- Bank details will only be requested by the Treasurer in cases where payment/refund via PayPal or cheque is not possible, or where the member requests and agrees that transactions be undertaken using bank transfer as opposed to PayPal or cheque.
- Members’ bank details for the above purposes will not be copied, stored or retained by the Treasurer. All email correspondence containing bank details will be deleted once the relevant business has been concluded.
- Members’ bank details handled by the Treasurer will not be shared with any external organisation, or other members of the SSCIP committee.
- Where transactions have been made via bank transfer, members’ bank details will be stored with Barclays as part of their payment transaction history for SSCIP’s bank accounts.
- The Treasurer may also hold documentation with personal information about members or committee members where it is included on hard copy receipts and other supporting documentation provided to evidence financial transactions to be reimbursed. These will be stored in a secure document folder at the Treasurer’s home address for at least seven years to comply with financial audit requirements.
Other members of the SSCIP committee
Personal data of SSCIP members will not be accessible by any other SSCIP committee members, unless by special request (e.g. if the Outreach and Student Officer requires information regarding student status of a member, this can be verified by the Membership Secretary).
In these instances personal data will not be copied or stored by the committee member, and all email correspondence containing personal details will be deleted once the relevant business has been concluded.
Who do we share your personal information with?
Your personal information will only be shared with Taylor & Francis (only the names and addresses of fully paid up members for each year) to enable them to send the Childhood in the Past journal to SSCIP members. Taylor & Francis have their own protocol to ensure that they comply with GDPR regulations once this information is sent to them.
Limited personal data may also be shared with organisers of the annual international
conferences to confirm names and membership status. These individuals/suppliers will only use personal data within the bounds of the purposes laid out in this document.
How is this data stored?
At present the membership database is kept in a password protected folder on the University of Sheffield’s Google Drive system. This is a secure cloud storage service that has been verified by the University of Sheffield for an assessment report of the data security and privacy controls associated with using this system.
The Membership Secretary is the only individual who has access to this folder. The Membership Secretary should be contacted as soon as possible if any personal details change so that this database can remain as accurate as possible. This enables us to conform to GDPR regulations, and also ensure that members continue to have full access to all of the membership benefits.
Password protected files containing select membership data will also be created, but access restricted to only the Membership Secretary, and the committee member requiring access to that data (e.g. an up to date e-mail list for the membership for the Committee Secretary, or names and membership type for the Treasurer).
If other committee members require temporary access to membership data, only data required for the purposes of that access (e.g. number of student members for the Outreach and Student Officer) will be shared via a password protected file on the Google Drive system. The files will then be deleted once they are no longer needed for that purpose. Data will not be used for any other reason, other than that specified at the time of request from the Membership Secretary, and will not be stored by any other committee member.
There is no need to complete a Data Protection Impact Assessment because our data processing is unlikely to result in a high risk to individuals.
How long do we retain this data for?
Information about members is updated annually in January when membership fees are
due for renewal. We will keep information for as long as that individual continues to be
a member of SSCIP.
Once an individual stops paying membership fees, it will be assumed that they no longer wish to continue their SSCIP membership. All personal data of those who have not renewed their membership fees by March of the current membership year will be deleted (this is to ensure that those wishing to renew their membership, but who have missed the 31st January deadline, can still do so). Hard copies of information will be shredded and securely disposed of in confidential waste bags and electronic records will be deleted.
Data regarding overall membership numbers, and numbers of members within each category (e.g. waged, student, etc) is used to monitor the composition of the membership over time to enable us to continue to provide the best experience and opportunities associated with continued SSCIP membership. This data will be fully anonymised at the end of each year, so that membership numbers can continue to be presented at committee meetings and the AGM without association without being able to associate it with any past members.
What happens in the event of a security breach?
If there is a security breach this should be reported immediately to the Data Protection Officer (Committee Secretary). They will put mechanisms in place to investigate and implement recovery plans if possible. Affected individuals will be contacted to inform them about the breach, and if necessary the event will be reported to the ICO (Information Commissioner’s Office), the independent regulator which exists to protect people’s information rights.
All data breaches will be documented by the Data Protection Officer, even if they do not need to be reported to the ICO.
How can you access your personal data?
Members wishing to amend or update any information, must complete the membership form again and send it to the Membership Secretary making clear that it is an update to existing information.
How can you withdraw consent?
Members wishing to delete, restrict or object to the processing of their personal data, are encouraged to contact the Membership Secretary and the Data Protection Officer on the email addresses provided above. It is necessary for us to hold certain information about members in order to run the organisation, but we will be happy to discuss any concerns, and remove unnecessarily stored information. For example you have the right to opt out of the SSCIP mailing list. To do this, please contact the Membership Secretary and copy in the Data Protection Officer.
If we are approached by any member who is unhappy about us holding specific information, the request will be considered in the first instance by the Membership Secretary and the Data Protection Officer and the outcome of the request will be documented.
If after correspondence a member is still unhappy, they have the right to complain to the ICO. If any other committee members receive a request about personal data, they will forward the information to the Membership Secretary and the Data Protection Officer.
How can I make a complaint about how my personal information is
If you are unhappy about the way we are managing and using your personal information, please email the Data Protection Officer.
If after correspondence you are still unhappy, you can complain to the Information Commissioner’s Office, the independent regulator which exists to protect people’s information rights.
The Society for the Study of Childhood in the Past (SSCIP) holds a limited amount of personal information regarding its current members. This relates to title, name, e-mail addresses, addresses, membership type, payment records, and proof of student status (where applicable).
This data is stored on an excel database on a password protected folder, accessible only by the Membership Secretary. Only select committee members can access parts of the personal data stored by SSCIP when they have a legitimate purpose to do so, and this data is deleted appropriately once this purpose has been fulfilled.
Membership data is only shared externally with Taylor & Francis (distributors of the Childhood in the Past journal), and with organisers of the annual international conferences when appropriate, and only in a restricted form. Members reserve the right to access their personal data at any time, and to opt out of SSCIP storing their personal data (contacting both the Membership Secretary and the Data Protection Officer when they wish to do so).