GDPR & Cookies

What is GDPR?

Basically, the GDPR (which comes into effect on 25 May 2018) was created to unify the personal data protection rules across the EU, and must be followed by all companies, businesses or other entities that collect personal data in some way. For these entities, the GDPR will introduce many additional rules that will affect many areas of the data management process, such as the collection and storage of data processing documentation, monitoring of potential personal data breaches, and involving a supervisory authority in matters such as, for example, the aforementioned data breaches.

The GDPR's main purpose is to enhance the protections that EU citizens have when their data is used and collected, and afford them new rights such as the right to transfer their personal data, or to be forgotten; that is, to have their personal data removed from a system when the law no longer requires its retention. With all of these new regulations comes enforcement, and in order for companies to protect themselves potential multi-million euro fines , it is important that they ensure that they protect any collected personal data as effectively as they can.

Does GDPR affect you and your webpage?

Whether you are operating a large online store, news portal or just a small personal blog, if you process any kind of data taken from the users who visit your site, then you will be subject to the new regulations. This also applies if you do not collect personal data yourself, but utilise third-party services for this purpose. If you have or use any of the following items on your website, then it will be worth double-checking that you meet the requirements of the GDPR before the May deadline:

• 1 Your website collects data on visitors, such as via Google analytics.

• 2 Your site has a registration form.

• 3 You have e-commerce functionality on your site; that is, you collect information to process payments, orders etc...

• 4 You have a newsletter sign-up form.

• 5 You include social media links on your pages e.g. Facebook, Twitter etc...

• 6 You use a comments system for your articles, such as Disqus.

• 7 Your site has scripts that use cookies.

• 8 You have a contact form for users to get in touch.

Website Compliance Audit

In order to ensure that the Letham WI Website complies with the GDPR, an audit was conducted of the website and the booking system. The following areas were identified as falling within the scope of the GDPR:

• 1. A cookie is used to display the last time a user visited the website.

• 2. Google Analytics is used to collect data to monitor the website usage and improve its functionality.

• 3. Details of events and groups are displayed on the public facing calendar.

• 4. The site has a Contact Us form which collects data from a user wishing to send a message to the Webmaster.

Website Compliance

In order to make the website compliant, a new banner or pop up message will be added to the Homepage of the site. This will explicitly ask if a visitor consents to the website policy on GDPR matters before they can enter the site and will also tell them where to find the GDPR Policy on the site. Google Analytics is used by the webmaster to provide website stats to the WI committee on a bi-annual basis. The data collected is also used to improve the visitors experience by identifying trends and modifying the site to respond to these trends. The data is processed by Google who are listed as GDPR compliant. The public facing calendar which shows existing events and on occasions shows the details of groups and individuals. Incorrect data or data that is no longer required for the function of booking the hall will be removed from the system. The user also has the right to have their data removed at any time. Google provides the Calendar used to show the bookings and again Google are listed as GDPR compliant. The ‘Contact Us’ enquiry form uses Google Gmail to power the email system to process this email. Again Google are listed as GDPR complaint. The Website also has a link to the Letham WI Facebook site. The link allows the user to move to the Facebook site only. Facebook is classed as a ‘third party data processor’ and has stated they will ensure that their services align with the GDPR. The GDPR policy for Facebook is outside the scope of this document. The right to be forgotten a user may, on request, demand that any and all information regarding them, stored on the website, calendar or booking system be removed. Data may not be deactivated or hidden and must be deleted entirely.

Privacy Policy

In order to update and maintain the website, the site webmaster has access to all the data contained on and

processed by the website. The Calendar data is processed by the Webmaster who can be contacted via the website The data is stored on a single Google Sheet which can only be accessed by the Secretary or Webmaster using a password protected Google account. Any other correspondence is also stored within this account. All email is processed by the Gmail system, again with only the webmaster having access to this account. Data is not passed to any third parties for any reason. Any information that we collect about you is stored electronically. It may also be printed and stored in our filing system. Personal details collected for the purpose of processing bookings are retained for one year. After this, all personal information is deleted. We will keep your personal information confidential except to the extent that we are compelled to disclose it by law (for example where fraud or other crime is involved) or to comply with an instruction of a regulatory body of competent jurisdiction. To comply with the Data Protection Act 1998 we adhere to strict technical and organisational security procedures. The personal information that we hold will be held securely to ensure no unauthorised disclosure or access takes place.

Terms and Conditions for using the Letham SWI Website

The Letham SWI Website (hereafter known as the website) has made every effort to ensure the accuracy and suitability of the information contained in the documents and related graphics published on this website. Your use of this website is subject to your acceptance of the following terms and conditions of use: We will not be responsible for any loss from the use of, or reliance on this information. In no event will we be liable for any special, indirect or consequential damages of any kind, that may result from use of the website as a consequence of any inaccuracies in, or any omissions from, the information which it may contain. All documents and related graphics are provided 'as is' without any warranty of any kind, either expressed or implied. We hereby disclaim all warranties and conditions with regard to this information. You should not assume that the information displayed is error-free or that it will be suitable for the particular purpose that you have in mind when using it. It is our policy to obtain permission to link to other websites. We are not responsible for the content or reliability of the linked websites, and we do not necessarily endorse the views expressed within them. Listing should not be taken as an endorsement of any kind. We cannot guarantee that these links will work all of the time and we have no control over the availability of linked pages. We give no warranty regarding the ownership of any intellectual property either in the contents of this website or in any other sites with which we may be linked. We make every effort to check and test material at all stages of production. We cannot accept any responsibility for any loss, disruption or damage to your data or your computer system which may occur whilst using material derived from this website.