British Hernia Society – Privacy Policy (Charity Commission Aligned)
1. Purpose and Scope
This Privacy Policy explains how the British Hernia Society (the “Society”) collects, uses, stores, and protects personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and Charity Commission guidance on Board member responsibilities and accountability.
2. Data Controller
The British Hernia Society is the Data Controller responsible for personal data processed by the Society.
Contact details:
British Hernia Society (UK)
Email: contact@britishherniasociety.org
The BHS Website & Membership manager acts as the designated lead for data protection matters on behalf of the BHS Board.
3. Trustee Responsibility and Oversight
The BHS Board retains collective responsibility for ensuring that personal data is handled lawfully, fairly, and transparently. Day-to-day administration may be delegated, but accountability remains with the BHS Board in line with Charity Commission guidance.
4. Lawful Basis for Processing
The Society processes personal data only where a lawful basis exists under UK GDPR. These include:
– Consent
– Legitimate interests in managing and administering the Society
– Contractual necessity for membership and event services
– Compliance with legal and regulatory obligations
Where special category data is processed, this is done only where necessary and with appropriate safeguards.
5. Personal Data We Collect
The Society collects personal data provided directly by individuals, including contact and professional details, and limited technical data collected automatically when the website is accessed. Data collected is proportionate and limited to what is necessary for the Society’s charitable purposes.
6. How We Use Personal Data
Personal data is used to:
– Administer membership and Society activities
– Respond to enquiries and communications
– Operate and improve the Society’s website
– Communicate information relevant to the Society’s charitable objectives
– Comply with statutory, regulatory, and governance requirements
7. Data Sharing and Use of Third-Party Systems
The Society uses trusted third-party service providers to host and manage membership records, website services, conference registration, email communications, and financial administration. These providers process personal data on behalf of the Society under written data processing agreements. Personal data is never sold and is not used for unrelated commercial purposes.
8. Data Retention
The Society retains personal data only for as long as necessary to fulfil its charitable purposes and legal obligations:
– Website enquiries: up to 12 months
– Membership records: duration of membership plus up to 6 years
– Financial records: 6–7 years in accordance with charity and HMRC regulation
– Correspondence: up to 2 years unless required for governance or legal reasons
– Website analytics: up to 26 months
Data is securely deleted or anonymised once retention periods expire.
9. Individual Rights
Individuals have rights under UK GDPR including access, rectification, erasure, restriction, objection, and data portability. Requests are normally free of charge and will be responded to within one month.
10. Children’s Data
The Society does not knowingly collect personal data from children under the age of 13. Any such data identified will be removed promptly.
11. Policy Review
This Privacy Policy is reviewed periodically by the Board to ensure continued compliance with legal and regulatory requirements.
12. Board Approval and Sign-off
This Privacy Policy was reviewed and approved by the Board of the British Hernia Society and is adopted as the Society’s official Privacy Policy in accordance with UK GDPR, the Data Protection Act 2018, and Charity Commission guidance.
|
Name |
Role |
Signature |
Date |
|
Stella Smith On behalf of the Board |
BHS President |
 |
15 April 2026 Next Review: April 2027 |