The Institute for Analytical Plant Illustration (IAPI or the Institute) processes data on its members and thus falls under the General Data Protection Regulation (GDPR). The data consist of name, address, telephone number and email address, and are gathered when a member joins the Institute. They are used for communication with members, mainly by email or post, on IAPI business, such as newsletters, notification of meetings, and distribution of the journal Eryngium. Also covered by GDPR are photographs of members. The data are held in electronic form and on paper by members of the committee, and are used mainly by the Secretary, Treasurer and Editor. The Data Controller is the Committee of IAPI. The Data Protection Officer is the Chairman of the Committee.
The Institute recognizes its obligations under the GDPR:
(a) to obtain consent for use of the data;
(b) to keep the data accurate;
(c) to keep the data safe;
(d) to provide access to the data when requested by a member (data subject); and
(e) to delete data no longer required.
To fulfil its obligations, the following actions have been put in place.
(a) Consent. Current members will be asked for consent using the form in Appendix A, sent by post and requesting signature and return by post. The same form will be used by new members when joining, requesting a signature on paper. Consent forms will be retained by the Treasurer. Consent may be restricted or withdrawn by a member at any time by notifying the Treasurer. Members of the Committee will be asked for consent for their contact details to appear routinely in each edition of the Newsletter. Consent will be obtained when joining the Committee and recorded in the minutes of the committee meeting.
(b) Accuracy. Members will be asked to notify to the Treasurer of any changes in their contact details, which will be maintained in a master file.
(c) Safety. Members of the Committee holding data will ensure that it is kept safe and out of sight when not in use. Emails sent to all members will use Bcc so that email addresses are not revealed.
(d) Access. Members can apply at any time to the Treasurer to see and amend the data held by the Institute.
(e) Deletion. Data of members who resign or die will be deleted from the list of current members. Data will remain recorded only in archival material of the Institute.
The Institute will not pass on the data to any other person or body with the following exceptions.
1. When required to do so by lawful authority.
2. For the purpose of insurance, where the insurer concerned has a data policy under GDPR and a similar obligation not to pass on data except as the law requires.
DATA Consent Form
The completed DATA consent form should be sent with your application for membership to the Treasurer. Please click here to go to the DATA consent form