Data protection policy
Introduction
The Green Lane Association is committed to protecting the personal data of all that entrust us to use it in compliance with applicable data protection laws and regulations. This policy outlines how we collect, use, store, and protect personal data with regard to this website.
Scope
This policy applies to all humans and non-humans that handle or process personal data on behalf of the Green Lane Association. It covers all personal data collected, processed, stored, or shared by the Green Lane Association, whether in electronic or physical form.
Data Collection and Use
The Green Lane Association collects personal data only for legitimate purposes, including but not limited to member administration, customer service, marketing, and regulatory compliance. Personal data is processed lawfully, fairly, and transparently in accordance with applicable laws. We ensure that the data collected is relevant, accurate, and limited to what is necessary for the intended purpose. The membership signup process includes the collection of relevant personal data which is used by the association and by one or more of our sub-contracted data processors, MemberMojo, PayPal and Stripe. Personal data used in membership fee collection is collected and processed by MemberMojo and shared with their subcontracted data processors, PayPal and Stripe as applicable.
Legal Basis for Processing
The Green Lane Association processes personal data based on one or more of the following legal grounds:
- Consent from the data subject
- Contractual necessity
- Legal obligations
- Legitimate interests
- Protection of vital interests
Data Storage and Retention
Personal data is stored securely using appropriate technical and organisational measures. Data is retained only for as long as necessary to fulfill the purposes for which it was collected, unless otherwise required by law. When data is no longer needed, it is securely deleted or anonymised. Membership data is retained for 12 months after expiry to enable lapsed members to renew with minimal friction during that period. Financial records are retained for six years plus the year of trading to satisfy legal obligation.
Data Security Measures
The Green Lane Association implements appropriate security measures to prevent unauthorised access, disclosure, alteration, or destruction of personal data. Access to personal data is restricted to authorised personnel only. Officers handling personal data receive regular training on data protection practices.
Data Subject Rights
Data subjects have the following rights regarding their personal data:
- Right to access their personal data
- Right to rectification of inaccurate data
- Right to erasure (“right to be forgotten”)
- Right to restrict processing
- Right to data portability
- Right to object to processing
Data Transfers
Personal data may be transferred to third parties or international locations only if adequate data protection safeguards are in place. The Green Lane Association ensures compliance with applicable data transfer regulations, including standard contractual clauses or other approved mechanisms.
Data Breach Management
In the event of a data breach, the Green Lane Association will take immediate action to contain and assess the breach. If required by law, affected individuals and regulatory authorities will be notified within the prescribed timeframe. A detailed incident report will be prepared, and corrective measures will be implemented.
Compliance and Review
The Green Lane Association regularly reviews this Data Protection Policy to ensure compliance with applicable laws and best practices. All officers and relevant stakeholders are required to comply with this policy, and non-compliance may result in disciplinary action.
Contact Information
For any questions regarding this policy or data protection practices, please contact the Data Protection Officer.
