Data Protection and Privacy Policy

1. Introduction

YACWAG is committed to protecting the personal data of its members, volunteers, and contacts. We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

YACWAG acts as a Data Controller for the personal data it holds.

2. Types of Data We Collect

2.1 Personal Data

We may collect and store the following personal data:

Name
Address
Telephone number(s)
Email address
Wildlife and conservation interests
Membership and volunteering records

This data is typically collected via:

Membership applications (via Membermojo)
Volunteer records and the volunteer handbook
Direct communication with individuals

2.2 Non-Personal Data

We also collect non-personal data via our WhatsApp groups, contact form on the website and email such as:

Records of species observed
Locations and dates of sightings

3. Lawful Basis for Processing

We process personal data under the following lawful bases:

Consent – e.g. for email communications and newsletters
Legitimate interests – e.g. administering membership and running activities
Legal obligation – e.g. Gift Aid claims

Individuals may withdraw consent at any time.

4. How We Use Personal Data

We use personal data for the following purposes:

Advising the Charity Commission of the date of birth and date of any individual becoming a Trustee
Confirming personal details of authorised personnel (Trustees) to various financial institutions
Managing memberships and subscriptions (via Membermojo)
Communicating newsletters, events and updates
Organising and administering activities and volunteering
Maintaining attendance and participation records
Claiming Gift Aid where applicable
Contacting individuals regarding YACWAG activities

We will only use personal data for the purposes for which it was collected.

5. Data Storage and Systems

Personal data is stored securely using:

Membermojo (membership management system)
Secure email systems
Volunteer records (including handbook-related information)
Restricted-access digital or paper records

Some personal data (e.g. phone numbers) may be shared within WhatsApp groups used for coordinating activities.

Individuals are added only with their consent
Members should be aware that phone numbers are visible to other group participants

6. Data Sharing

We do not sell or share personal data with third parties for marketing purposes.

Personal data may be shared only where necessary:

With committee members and authorised volunteers for administration
With activity leaders for organising events
With HMRC for Gift Aid claims

All individuals with access to personal data are expected to handle it responsibly and securely.

7. Data Retention

We retain personal data only for as long as necessary:

Membership data: while membership is active and for a limited period afterwards
Gift Aid records: in line with HMRC requirements
Volunteer data: while actively involved and for a reasonable period thereafter

Data no longer required will be securely deleted or destroyed.

8. Data Subject Rights

Individuals have the following rights under UK GDPR:

The right to access their data (Subject Access Request)
The right to rectification (correct inaccurate data)
The right to erasure (“right to be forgotten”)
The right to restrict processing
The right to object to processing
The right to data portability (where applicable)

Requests should be made to the YACWAG Secretary who is the designated Data Protection Lead.
We aim to respond within one month.

9. Consent and Communications

Where we rely on consent:

It will be clearly requested (e.g. during signup via Membermojo)
It can be withdrawn at any time

All communications will include a way to opt out.

10. Data Security

We take appropriate measures to protect personal data, including:

Password-protected systems
Limiting access to authorised individuals
Using secure platforms (e.g. Membermojo)
Basic IT security practices (e.g. antivirus software)

Volunteers handling data are expected to:

Keep data confidential
Not share data without permission
Use data only for agreed purposes

Policy Review

This policy will be reviewed regularly to ensure compliance with current legislation and best practice.

PERSONAL DATA & THE GENERAL DATA PROTECTION REGULATIONS 2018

All personal data is subject to the provisions of the General Data Protection Regulations 2018
Because we process such data YACWAG is a Data Manager as defined under the regulations
Not for profit organisations are exempt from registering with the Information Controller provided they fulfil certain criteria
YACWAG meets those criteria and is exempt from registration
However, we must still comply with the terms of the Act

Our policy, on use of personal data is as follows:-

NON-PERSONAL DATA

Non-Personal data is subject to the Environmental Information Regulations 2004.

Policy

Unless otherwise stated by the provider, where an individual or organisation provides YACWAG with a copy of data which they have collected, or collated, then the copy of such data shall be the property of YACWAG. The original data shall remain the property of the provider.
Such data shall form part of the YACWAG central database.
We may make data from our central database available to such members of the Group, or to such external agencies as the Management Team or their delegates think appropriate, provided that the reason it is required is in line with our Group Objects and provided it is to be used for legitimate purposes that will benefit wildlife.
Where YACWAG makes such data available to external agencies we will exclude any personal data in order to comply with the General Data Protection Regulations.
Where YACWAG makes data available to external agencies we will advise them that the data has joint copyright with the original recorder and the agreement of both will be needed if they intend to publish the data.

Date Approved: April 2026

Next Review: April 2028