MSR Data Protection Policy
The officers of MSR who keep personal information about members understand that it has to be kept secure, must be updated when members advise of new details, and deleted securely, e.g. shredded if on paper.
MSR regards the lawful and correct treatment of personal information as essential. To this end, the Officers fully endorse and adhere to the principles of the Data Protection Legislation, namely that data:
- Must be processed fairly, lawfully and in a transparent manner;
- Must be obtained lawfully for specified, explicit and legitimate purposes;
- Must be adequate, relevant, and limited to what is necessary for the purposes for which it's processed;
- Must be accurate and up to date;
- Must be maintained in a form which permits identification of data subjects not being kept for longer than necessary;
- Must be processed in a manner which maintains integrity and confidentiality of personal data, and which ensures appropriate security of the personal data, including protection against unauthorised or unlawful organisational measures.
Members have the following rights under the General Data Protection Regulations (GDPR) and Data Protection Act 2018 (DPA18) with regard to their personal data:
Use of Email Addresses:
- Right to be Informed - you have a right to be informed about the collection and use of your personal data;
- Right of Access - you can request to see your personal data and supplementary information;
- Right to Rectification - You can make a request of rectification verbally or in writing;
- Right to be Forgotten - You can request erasure of personal data relating to you when the data no longer has purpose; this is known as the "right to be forgotten". The right is not absolute and only applies in certain circumstances;
- Right to Restrict Processing - You can ask to restrict the processing of your personal data where you have a particular reason for wanting the restriction, or withdraw your consent to processing at any time;
- Right to Data Transfer/Portability - You can obtain and reuse your personal data for your own purposes across different services;
- Right to Object - You have the right to object to:
- Processing based on legitimate interests, or the performance of a task in the public interest or interest of official authority (including profiling);
- Direct marketing (including profiling); and
- Processing for purposes of scientific/historical research and statistics.
- Rights related to Automated Decision Making including Profiling - You have the right not to be subjected to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you.
- Right to Complain - You have the right to lodge a complaint with the Information Commissioner Officer's office if you believe we have not complied with the requirements of the GDPR or DPA18 with regard to your personal data.
When emailing a number of members, all email addresses MUST go in the 'bcc' box so recipients do not see other members' email addresses. Emails must NOT go out purporting to be someone else, without that member's permission each time this happens.