We may change this policy from time to time by updating this page. This policy is effective from 20th September 2018.
Processing on the legal basis of 'legitimate interests' (Article 6.1(f) of the GDPR)
In simple terms the legal basis of 'legitimate interests' means that the processing is necessary to provide the benefits and services the Association provides, be it application to become a member of the Association, administration of your ongoing membership or a general enquiry.
In order to do this we may collect and keep a record of personal data about you from or via our website, membership form, telephone conversations, emails and written communications. When you contact us via our website, you may be required to provide certain information such as your name, address, email address and telephone number. We may also ask you for additional information such as mobile phone number, fax, credit card details, as required under the circumstances. Please let us know if any of your personal data changes or is inaccurate so that we may keep our records up-to-date.
We may use the personal data we collect from you in various ways, including:
- to process any orders placed by you;
- to process and administer your membership;
- to communicate with you;
- for maintaining our internal records;
- to improve the quality of our service; and
- to protect our website and systems against unauthorised access.
Your personal data may be circulated to officers of the Association for purposes such as informing the Association’s committee of new members, and so that they can communicate with you in accordance with the Association’s activities. However, we do not share your personal data with any third parties for marketing purposes.
Processing on the legal basis of 'consent' (Article 6.1(a) of the GDPR)
In certain circumstances we may ask for your specific permission ('consent') before processing your personal data. In these circumstances we will provide notice of the exact nature of the processing and give you a genuine choice to accept or refuse.
Should you choose to accept ('consent') to such processing you then have the right to withdraw your 'consent' by informing us that you no longer give permission for your personal data to be used in this way.
Retention of personal data
Unless there are overriding legal requirements, we retain your personal data only for as long as necessary to:
- complete the service requested, and
- if you are a member, for no more than 36 months after you terminate your membership of the Association.
Keeping your personal data secure
We are committed to ensuring that your information is kept secure. In order to prevent unauthorised access or disclosure we have put in place appropriate technical and organisational measures to safeguard personal data from loss, misuse, unauthorised access, disclosure, alteration, damage or destruction.
In respect of data collected from our website, we use standard technology called 'cookies'. Cookies are small pieces of information that are stored by your browser on your computer's hard drive. We need this information to identify you and to store information about the products you select between visits. This helps us to improve our service to you. Although most browsers automatically accept cookies you can usually change your browser to prevent cookies being stored. If you do turn cookies off, however, this may limit the service that we are able to provide to you.
Personal data transfers
The Association does not transfer the personal data it collects to any other entity outside of the European Economic Area (EEA).
Your data protection rights
Under GDPR you have certain rights with regards to the processing of your personal data. If you would like to exercise any of these rights or need further information please contact the Association at firstname.lastname@example.org
These rights are summarised below.
Right of access
You may request details of personal data that we hold about you including:
- A description of the personal data, the purposes for which it is being processed, whom it may be shared with and how long it is kept for.
- Information on your rights of rectification, erasure, restriction and objection as described below.
- Existence of automated decision making where relevant,
- Please note that the Association does not use automated decision making.
- Transfer safeguards where relevant,
- Please note that the Association does not transfer the personal data it collects to any other entity outside of the EEA
Right of rectification
You have the right to have inaccurate personal data rectified without delay.
Right to erasure
Under some circumstances you have the right to request the erasure of your personal data without undue delay.
Examples of such circumstances would be:
- Withdrawal of consent where consent was basis of collection.
- No longer necessary for purposes collected.
- No overriding 'legitimate interest' grounds.
Right of restriction
You have the right to ask us to restrict the processing of your personal information under the following circumstances
- Accuracy is contested.
- Processing is unlawful but you oppose deletion and request restriction instead.
- Your personal information is no longer needed by the Association but you require it to be kept for establishment, exercise or defence of legal claims.
- Pending a right to object action (see below).
Right to object
You have the right to object to processing of your personal information on grounds relating to your particular situation or circumstances.
You have the right to object to direct marketing.
Right to portability
You have the right to have your personal data that we have collected on the legal basis of 'consent' transferred to another entity in a machine-readable format.
Right to lodge a complaint with a Supervisory Authority
You have a right to lodge a complaint with the Supervisory Authority in the country of your place of residence or work. The Supervisory Authority in the UK is the Information Commissioner's Office (ICO).