magazine
40th
Anniversary Year
Society for Disabled Artists privacy statement

Who are we?
We are the Society for Disabled Artists (SODA).  We are a not-for-profit organisation.  Charity number 278870.  

How to contact us
Data requests and any other queries should be sent to




What personal data do we collect?
The types of information we collect about you when you become a member of the Society or assist in its activities might include (but is not limited to):
1) Your contact details such as name, address, telephone number and email address.
2) A record of payments you have made to us (for example membership subscriptions)
3) Your bank details in cases where we have agreed to pay you money.

How do we collect your personal data?
Data would be collected from you, by committee members or group leaders, via emails, paper or telephone. Before providing any sensitive personal data (eg bank details) you should verify that the request has come from us.  We also collect some details via forms on our website and in printed brochures.  

What do we use your personal data for?
Any personal data we collect is used solely to administer the running of the charity and its membership.

For members of SODA (including committee members, group members and lone members) personal data will be used so that we may advise you of meetings or other SODA events, send out the members’ magazine, collect subscriptions and pay you any monies received from sales at the National Exhibition.

For others (eg. carers, volunteers, demonstrators, customers, donors and service providers) only such information as is essential to maintain our relationship with you will be kept and only for so long as it is relevant.

We do not contact people who have previously bought pictures or donated unless they have given their permission.  We do not provide your personal data to anyone outside of SODA except where they are
providing a service for us and then it may be used only for that purpose.

What third parties do we provide your data to?
Before using any third parties to provide a service we are obliged to check that they will operate in a way that is compliant with GDPR.  We currently share your personal data with the following;
1) Other members where your data appears in the magazine contacts section (with your permission) or where you have provided your personal details in an article you have written.
2) On our web site (with your express permission).  This only applies to officers of SODA.
3) Printers to produce the members’ magazine which contains some personal data
4) Mail Green will be used for some mass mailing to all SODA members.  They will see only your name and address plus the contents of the letter which will never contain your personal data.
5) email service providers for the purpose of sending emails and maintaining contact lists
6) Banks, where payments need to be made to you
7) The Charity Commission where we are required to register details of Officers
8) Local authorities (eg Hillingdon Council) so that they can provide transport for you (where available)
9) Activity venues where it is necessary to register visitors details (such as the annual holiday)

What governs how we use and protect your personal data?
All personal data will be obtained, stored and processed in strict accordance with the General Data Protection Regulation (GDPR).  This places an obligation on us to keep your data secure against unauthorised access, accidental loss, disclosure or destruction.  We are required to have a data handling policy document and to ensure everyone involved in handling personal data within SODA is conversant with it.  Further information on the GDPR can be found at www.ico.org.uk.

What is the legal basis for collecting data?
The personal data we hold is deemed to be held for ‘legitimate interests’ (as defined by the GDPR)  i.e. to help run SODA.  As a result we are not required to obtain explicit consent from the data owners to use their data in this way so long as we use it in a way that puts their interests before our own.  

In some special cases we might hold data with the providers ‘consent’ (as defined by the GDPR).  In this case, when you provide the data, you will be asked to sign the form on which the data is collected in order to give your consent.  At the same time you should be given a copy of this privacy statement.

How long will the data be held for?
Data about you will be held for such time as you are connected with SODA either as a member, carer, volunteer, customer, or a service provider.  Once that association ends your data will be deleted within 90 days (subject to any statutory requirements).

Your rights
You have the following rights in relation to your data;
1) To be informed of the information shown above at the time the data is collected and of any proposed changes to those details (In which case any consent previously given  will be re-sought before your data is used in a new way).
2) To request a copy of the data held on you and receive it free of charge within 30 days
3) To require alterations to any inaccurate data held on you
4) To withdraw consent to use any data previously given, in which case we will delete it (but this might restrict the service we can provide to you).
5) To be informed of any security breach for the data relating to you

If you are unhappy with the way we are handling your data please take it up with us first.  However, if you are still not happy, you can contact the Information Commissioner’s Office to make a complaint (www.ico.org.uk).

SODA privacy statement v3 **