The Fan Circle International – GDPR COMPLIANCE
European Data protection legislation was strengthened with the enactment in May 2018 of the General Data Protection Regulations (GDPR), that affect how personal data is collected, used and retained. The Fan Circle International aims to comply in all its activities with the provisions of the GDPR; this sets out specifically the way Membership data is collected and used.
The GDPR sets out the following Principles:
Personal data shall be:
(a) processed lawfully, fairly and in a transparent manner in relation to individuals;
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals;
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
A. Membership Data collected through the FCI Website or manually is processed and retained:
- Through a published secure website that offers the same open interface to any Member that confirms acceptance of these data provisions;
- Collects only that information required for Membership administration;
- Retains the information electronically under the ownership and control of the FCI Secretary as Data Owner and the Webmaster as Data Processor;
- Members can request copies or correction of their records by email;
- Retains Member information in the online system for a maximum of 3 months, and in the offline database for a maximum of 6 months after termination of membership;
- Removes Member information immediately on specific request by the Member – but note that by doing so the FCI will be unable to provide member services thereafter.
- Website Member Services provided through the password-protected area of the FCI website use only the member name, email address and unique password to authorise access; no personal data is collected except when transactions are conducted such as online membership renewal as covered above.
B. Financial Data
- Financial information such as Credit or Debit card details submitted to pay the FCI subscription is processed within that transaction only and not retained on completion.
- The FCI uses Third Party payment processors, specifically PayPal, which are governed by their own robust GDPR and Financial security policies outside FCI control.
C. GDPR OPT-IN by Members
All FCI Members will be required to read and acknowledge by specific agreement the provisions of this Compliance Policy at the point of their next Membership Renewal.
Should any aspect of submitted data be subsequently found to be in error or the member wishes to withdraw all or part, the FCI permits and confirms corrections by email.