Understanding the General Data Protection Regulation (GDPR)

The GDPR is the biggest change to data privacy laws in the last 20 years and came into effect on 25 May 2018.

The new regulation focuses on how an individual’s data is used and processed and although most of the principles and terminology have not dramatically changed, the GDPR enhances rights for individuals and introduces greater transparency and accountability.

In the case of Westbury Heritage Society (“the society”), it is essentially about how we collect your data and what we do with it.

How we collect data

  • The society collects personal data about you from your application to join the society as a member.
  • From your interactions with us, whether over the phone, in person, in writing or through our website or emails.

How we use your personal data

The main way in which we may use your personal information is to:

  • Communicate with you and provide information on society events and news using the data processor MailChimp
  • Contact you about ways that you can support the society both financially and with your time

Sharing your personal information

The society will not share your personal information with any other organisations.

How the law protects you

We are only allowed to use personal information if we have a proper reason to do so.The law says we must have one of the following reasons:

  • To fulfil a contract we have with you
  • When it is our legal duty
  • When it is in our legitimate interest
  • When you consent to it

Westbury Heritage Society collects and processes your personal information under the following lawful bases:

  • For contract purposes so that we can contact you in case of a cancellation or in the case of problems with a payment
  • In the legitimate business interests of the society to send you information that we believe is informative and relevant to you and in a way that you might reasonably expect

Retaining your personal information

We will retain your personal information for as long as it is necessary for the purposes stated above.However, we will ensure to maintain the security and protection of any information we hold.

Your rights and how we respond

You may request access to a copy of the personal information we hold about you.

If you believe the personal information we hold about you is inaccurate, incorrect or incomplete, please contact us as soon as possible so we can update it at [email protected]

You may withdraw the consent you granted for your personal information to be held by the society at any time

You can exercise these rights at any time by contacting us using the contact information on our website   Please note, we may need to validate your identity before we can respond to your request.  We aim to respond to your request within 30 days from receipt of request.  We will let you know if we need additional time to complete and will also let you know whether we accept or refuse your request.


We take all reasonable precautions to keep your personal information secure but if you have any concerns about the use of your personal data, or the way we handle your requests relating to your rights, you can raise a complaint directly with us using the contact details on our website

If you have any questions about the way that Westbury Heritage Society collects and uses your personal information, please contact us at [email protected]

If you are not satisfied with the way we handle your complaint, you are entitled to raise a complaint directly with the UK Information Commissioner’s Office via the details available on their website