Ashbourne Management Services news: our GDPR statement

Ashbourne Latest New Logo

 

The GDPR rules will better protect businesses and organisations from data breaches. The new regulations are designed to ultimately benefit the ‘data subject’ (your members) through improved data management and security. These regulations are not optional and must be complied with by both your club and ourselves. Failure to comply with the Data Protection legislation can mean substantial fines as well as reputational damage.

Ashbourne currently already comply with the Data Protection Act 1998 and are upgrading our systems and processes to comply with the new GDPR regulations.

Here’s your overview to the GDPR and what Ashbourne is doing to make sure our products will be compliant for you, your business, and your members..

 

What does the GDPR do, exactly?

 

The GDPR gives EU persons more rights and protections for their personal data. These include:

 

What is “personal data”?

 

According to Article 4 of the GDPR, personal data is “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

Examples include but are not limited to a name, photo, email address, bank details, social media posts, medical information, or a computer IP address.

The GDPR applies to data processors and controllers. Data processors are people or organizations that “process personal data on behalf of the controller.”

So, for example, if you collect any personal data of your customers in the EU, you are a controller. Ashbourne, which stores that personal data of your customers, is the processor.

The data we process is stored in a secure data centre owned by Rackspace Inc in London and is backed up to Servers within the UK/EU Rackspace infrastructure on a daily basis and is in line with current GDPR rules.

 

What we will do:

 

As a processor, Ashbourne intends to adequately maintain records of processing activities. We will maintain a list of the high-level categories of processing operations we perform on our customers’ behalves.

Only Ashbourne staff who are required to see data have access to allow them to carry out their daily tasks appropriate to their department.

As your data processor, and to comply with the regulations, we will delete all records of completed and expired members after 7 years of inactivity, we will also lock down the software so that only those members of your staff with permissions can access various “non-sensitive” information.

You will start to notice changes with your Ashbourne Club Software and you must update when prompted.

We will automatically add an “opt in” footer to the first email that you send out via the Ashbourne KPI dashboard to expired and completed members.. If they opt in then you will be able to continue to send them marketing information. Unfortunately if they do not opt in or ignore the email you will not be able to send them ongoing communications. Our system will manage this on your behalf. Ashbourne members that are live are unaffected as they have given approval to be contacted about their membership through their contract.

 

Your responsibilities:

 

Your club must have its own robust processes and policies in place to manage your members’ personal data. As a club you must ensure that all of your members of staff are aware and adhere to the new regulations. The data in the Ashbourne System is secure; however you must ensure the personal data you hold about your members is:

Further, you must ensure that;

Having Ashbourne as a reliable online admin system has a wealth of benefits, especially when it comes to data protection and GDPR. We keep all the information about your members in one secure place so, at any one time, you know where your data is and who has access to it.

With GDPR being a continual process a copy of our policy document will be made available in due course.

 

Grant Harrison

UK & Ireland Accounts Manager

Request a free demo
  • This field is for validation purposes and should be left unchanged.