OBA UK GDPR and DPA 2018 (as amended) Policy

OBA UK GDPR and DPA 2018 (as amended) Policy


We hold Membership data for each living Member of the Old Bordenian Association who has consented to join the Association, that would allow them to be identified individually, for the purposes of:


  • contacting Members with news (such as developments at the School, news of Members and Obituaries)

  • providing information relevant to the Association (such as articles and memoirs by Members)

  • sending invitations for events (such as the Annual Reunion Dinner, the Annual Service of Remembrance and other special events)

  • Appeals for assistance (for example helping with the School or Committee, and appeals for donations)


We hold named data for deceased Members (such as Obituaries and dates) for the purpose of maintaining the social history artefact.


These data are held by a third-party professional organisation that we believe takes proper precautions to ensure that the data are kept secure, encrypted and protected by two-factor authentication.


Data are added and maintained online by “self-service” by individual Members. Members may only access and/or change their own Membership information. Only the controller of the Member’s registered email address may access personal data and this access is protected by a time-limited two-stage validation process.


In line with UK GDPR and the DPA 2018 (as amended), we are required to take reasonable steps to ensure that the personal membership information that the OBA holds is kept up-to-date and accurate.


Once a year, we will write to Members to ask them to check that their details are correct.



Subject Access Requests (SARs) – Self service


Members can access their own Membership details, without notice and at any time, to check that their own Membership details are correct, and update details if they choose, by clicking on the Maroon button (or accompanying link) in any letterheaded email that we have sent to them. Only the controller of the Member’s registered email address may access personal data and this access is protected by a time-limited two-stage validation process.