GDPR Policy

1. Introduction

This policy outlines how the Carillon Society of Britain and Ireland (“we”, “our”, “us”) collects, uses, stores, and protects personal data in compliance with:

  • The UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (for members in the United Kingdom and internationally)
  • The EU General Data Protection Regulation (EU GDPR) and the Irish Data Protection Act 2018 (for members in the Republic of Ireland)

We are committed to protecting the privacy and rights of our members and ensuring transparency in how we handle personal data.

2. Purpose of Data Collection

We collect and process personal data solely for the purpose of:

  • Managing membership records
  • Communicating with members
  • Organising events and activities
  • Fulfilling our community objectives

3. What Data We Collect

We may collect the following personal data:

  • Full name
  • Contact details (postal address, email address, phone number)
  • Affiliation or organisation (if applicable)
  • Region (by residence and/or affiliation)
  • Membership status and participation history

4. Lawful Basis for Processing

Our lawful bases for processing personal data under both UK and EU GDPR include:

  • Consent: Members provide clear consent for us to process their data.
  • Legitimate Interests: To manage our association and communicate with members effectively, in ways they would reasonably expect.

5. How We Use Personal Data

We use personal data to:

  • Maintain an up-to-date membership list
  • Send newsletters, updates, and event invitations
  • Record attendance and participation
  • Respond to queries and feedback

6. Data Sharing

We do not share personal data with third parties unless:

  • Required by law
  • Explicit consent is given
  • Necessary for event management (e.g., venue access lists)

7. Data Storage and Security

Personal data is stored securely in password-protected digital files or locked physical storage. Access is limited to authorised committee members. We take appropriate technical and organisational measures to prevent unauthorised access, disclosure, or loss.

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined above. Data will be reviewed annually and deleted if no longer needed.

9. International Data Transfers

Where data is transferred between the UK and Ireland, we ensure that appropriate safeguards are in place to comply with both UK and EU GDPR requirements.

10. Data Subject Rights

Members have the right to:

  • Access their data
  • Request correction or deletion
  • Withdraw consent at any time
  • Object to processing
  • Lodge a complaint with the Information Commissioner’s Office (ICO) in the UK or the Data Protection Commission (DPC) in Ireland

11. Contact Us

For any data protection queries or to exercise your rights, contact:

The Honorary Secretary (secretary@carillonsbi.org)

12. Policy Review

This policy will be reviewed annually or when significant changes occur in data protection law or our data practices.

Last updated: 12 August 2025