The Information Commissioners Office advice on sharing data is that:
"If you are sharing personal data with other
organisations you should consider whether you need to actively
inform the data subjects about this."
WebCollect will only use the personal data for the purposes outlined in our Privacy Policy. That Policy includes the details of the third party providers that we may share the data with. This sharing is strictly limited to what is necessary to provide payment processing services that are required.
The ethos of the GDPR is very much about considering what is good practice, and treating people fairly. So, you should consider, in the context of what type of organisation you are, and what type of information that you process, what would be good practice in terms of notifying your members.
If the lawful basis on which you are relying is consent, then you should ensure that the members have consented to you sharing the data before you upload.
Our recommendation is that you should actively inform the members, which you will almost certainly want to do anyway if you want them to use WebCollect to renew their subscriptions etc.
If you are going to import data which falls into one of the special categories of data, then you should obtain the member's consent before you upload.
If you are going to import your members' details into
WebCollect, or add personal data about your members via the
administration panel, then you could consider notifying the
members that you are going to/have imported their data.
That might be a good time to explain some/all of the
following:
- that you have/are intending to share information with WebCollect
- what you are using WebCollect for
- send them a link to your Privacy Policy, or provide them with information on how you process information, what their rights are etc.
- provide them with information about what to do if they don't want their information to be processed by you, or stored on WebCollect.
You may also want to send them a link to WebCollect's Privacy Policy.