Valley Arts and Crafts – Data Protection Policy
Valley Arts and Crafts hold your contact details because you are a member of Valley Arts and Crafts. We use these details to send you information about events at Valley Arts and Crafts, including meetings, social media.

With your permission we use your contact details and photographs of your work for publicity purposes, such as advertising and marketing including social media. This will also include information kept in the Valley Arts and Crafts marketing folder (kept in the shop at Lake Vyrnwy) and on the Valley Arts and Crafts website.

It is in the legitimate interest of our members to publicise Valley Arts and Crafts to members of the public, and ultimately promote your sales and future business.
Your details are stored as securely as possible by the committee and will be deleted if you leave Valley Arts and Crafts. You can ask us to amend or delete your details at any time by contacting Sue Lavender at [email protected]

Valley Arts and Crafts only collect, keep or use personal data to fulfil the purposes which fit into the following lawful bases:
 To serve Valley Arts and Crafts “legitimate interests”;
 Or because Valley Arts and Crafts has been given explicit consent from the person whose data it is.
1. Definitions
 Personal data is information about a person which is identifiable as being about them. It can be stored electronically or on paper, and includes images and recordings as well as written information.
 Data protection is about how we, as a group/organisation, ensure we protect the rights and privacy of individuals, and comply with the law, when collecting, storing, using, amending, sharing, destroying or deleting personal data.
2. Responsibility
 Responsibility for data protection lies with the committee of Valley Arts and Crafts, who are responsible for overseeing activities and ensuring this policy is upheld, AND WITH
 All members, who are responsible for observing this policy, and related procedures, in all areas of their involvement with the group.
3. Overall policy statement
Data Protection Policy for Valley Arts and Crafts/JEG/10.3.19
 Valley Arts and Crafts needs to keep personal data about its members in order to
carry out its activities.
 Valley Arts and Crafts will collect, store, use, amend, share, destroy or delete
personal data only in ways which protect people’s privacy and comply with the
General Data Protection Regulations (GDPR) and other relevant legislation.
 Valley Arts and Crafts will only collect, store and use the minimum amount of
data that is needed for clear purposes, and will not collect, store or use data that is
not needed.
 Valley Arts and Crafts will only collect, store and use data for:
1. purposes for which the individual has given explicit consent, or
2. purposes that are in the group’s legitimate interest, or
3. to comply with legal obligations.
 Valley Arts and Crafts will provide individuals with details of the data that is held
about them when requested by the relevant individual.
 Valley Arts and Crafts will delete data if requested by the relevant individual,
unless we need to keep it for legal reasons.
 Valley Arts and Crafts will endeavour to keep personal data up to date and
 Valley Arts and Crafts will store personal data securely.
 Valley Arts and Crafts will keep clear records of the purposes of collecting and
holding specific data.
 Valley Arts and Crafts will not share personal data with third parties without the
explicit consent of the relevant individual, unless legally required to do so.
 Valley Arts and Crafts will endeavour not to have data breaches. In the event of a
data breach, Valley Arts and Crafts will endeavour to rectify the breach and will
evaluate our processes and endeavour to avoid it happening again.
 To uphold this policy, Valley Arts and Crafts will maintain a set of data
protection procedures for the members to follow.
4. Data protection procedures
All members of Valley Arts and Crafts that keeps personal data on computers must have a
computer that is password protected. They must have up to date software to protect them
from malware and viruses. If information is stored on paper, it should be filed securely and
only displayed with members explicit consent.