Kingston upon Thames Society – Privacy Notice (DRAFT).
This notice is to help you understand what information the Society collects, how we use it and what choices you have about it.
It is also to help us explain how we aim to comply with the new EU Data Protection Regulations (GDPR) that come into force on 25 May 2018.
For existing members – we need you to complete the Consend declaration on the membership form and email or post it to us.
For new members – our membership form is updated with the new consent declaration.
1. How we collect information:
a) When you give it to us or give us permission to obtain it
The Society may keep the following personal data about you:
- Your name and title
- Your address
- Your phone number and/or mobile phone number where you have provided one
- Your email address where you have provided one
- Details of membership subscriptions you have paid
- Details of any Gift Aid authorities you may have signed
- Details of any events you may have attended and payments you have made for admission tickets
- In addition, we may have retained emails that you have sent us to book events or ask questions about the Society and its activities.
Personal data is stored on laptops operated by members of the Society’s committee on a need to know basis: that means information is usually only held by the Chairman and Treasurer but may also be accessed by the Vice Chairman and Secretary, and any IT manager we may appoint when the need arises. Membership records are stored securely. They are encrypted and password protected and regularly backed up on hard drives. Some of our records, such as membership forms and Gift Aid authorities, are also retained in paper format and are held under lock and key by the Treasurer.
b) We also get technical information when anyone uses our website
Whenever you use any website, mobile application or other internet service, certain information gets created and logged automatically.
The same is true when you use the Societies website.
Here are some of the types of information we collect:
* Log data. When you use the Societies website, our CMS provider may record information (“log data”), including information that your browser automatically sends whenever you visit a website, or that your mobile app automatically sends when you’re using it. This log data includes your Internet Protocol address, browser type and settings, the date and time of your request, how you used the Societies website, cookie data and device data.
* Device information. In addition to log data, our CMS provider may collect information about the device you’re using the Societies website on, including type of device, operating system, settings, unique device identifiers and crash data that helps us understand when something breaks. Whether we collect some or all of this information often depends on what type of device you’re using and its settings. For example, different types of information are available depending on whether you’re using a Mac or a PC, or an iPhone or Android phone. To learn more about what information your device makes available to us, please also check the policies of your device manufacturer or software provider.
c) Partners and advertisers DO NOT share information with us
We DO NOT advertise on the Societies website so your data is NOT shared in this way.
2. What we do with the info we collect:
We use the information we collect to provide to support the work of the Society, and to inform you of its work and items of interest. When you join the Society, we will confirm your membership and send you a membership pack. After that, we will remind you when your subscription is due in September each year.
However, to get the most out of your membership, we would also like to tell you about our events and activities and we ask you to give us consent to do so by ticking the box on our membership form. We will then send you regular updates and monthly newsletters, unless you ask us to stop.
We would prefer to contact you by email as this helps to keep costs down and means we can send you more information that we can if you only want to hear from us by post. It would also help us if you can give us consent to contact you by telephone. We will only do this exceptionally, for example, if we need to tell you about late changes to our events where an email or letter may not reach you in time.
In addition to your consent, we have a legitimate interest to improve the Society, its website and its interactions, to maintain our relationships, and protect users. We both benefit when we use your information to:
* Conduct analytics on who is using the Societies website and what they are doing.
* Improve the Societies website and activities and offer new features.
3. Transferring your information:
By using the Societies website, you authorize us to transfer and store your information outside your home country for the purposes described in this policy. The privacy protections and the rights of authorities to access your information in these countries may not be the same as in your home country.
Your information is stored in the European Economic Area (EEA).
4. Choices you have about your info:
Our goal is to give you simple and meaningful choices regarding your information. If you are a member of the Society, please contact us to do any of the following:
* Update information about you.
* Update your subscriptions at any time.
* Close your membership.
You also have choices available to you through the device or software you use to access the Societies website. For example:
* The browser you use lets you control cookies or other types of local data storage.
* Your mobile device lets you choose how and whether your data is shared with us.
To learn more about these choices, please see the information provided by your device or software provider.
5. How and when we share information:
Some of the ways we use your information require us to share information with third parties, so we can provide your The Societies website experience, make sure our customization is effective and comply with laws that apply to us. We share your information with:
* Law enforcement agencies or government agencies. We only share information if we believe that disclosure is reasonably necessary to comply with a law, regulation or legal request; to protect the safety, rights, or property of the public, any person, or The Societies website; or to detect, prevent, or otherwise address fraud, security or technical issues.
6. How long we keep your information:
We keep your information only so long as we need it to provide our saervice to you and fulfill the purposes described in this policy. Membership details and Gift Aid authorities will be retained for as long as you are a member. We may also need to keep financial information for a period of six financial years after the end of the financial year in which the transaction occurred so that we can respond to any enquiries from HMRC about our income or applications for Gift Aid. When we no longer need to use your information and there is no need for us to keep it to comply with our legal or regulatory obligations, we’ll either remove it from our systems or depersonalize it so that we can’t identify you.
7. Our policy on children’s information:
Children under 13 are not allowed to join the the Society or use its website. If you are based in the EEA you may only use the Societies website if you are over the age at which you can provide consent to data processing under the laws of your country or if verifiable parental consent for your use of the Societies website has been provided to us.
8. Your options:
You have options in relation to the information that we have about you described below. To exercise these options, please contact us. If you’re an EEA user, you can:
* Access the information we hold about you. We’ll usually share this with you within 30 days of you asking us for it.
* Have your information corrected or deleted.
* Object to us processing your information. You can ask us to stop using your information, including when we use your information to send you emails or post to which you have subscribed. We only send you notifications if you’ve agreed to it, but if you’d rather we don’t, you can ask to be unsubscribed at any time.
* Have the information you provided to us sent to another organization, where we hold this information with your consent or for the performance of a contract with you, where it’s technically feasible.
* Complain to a regulator. If you’re based in the EEA and think that we haven’t complied with data protection laws, you have a right to lodge a complaint with the Data Protection Commission in Ireland or with your local supervisory authority.
9. How to get in touch:
The Society is the data controller. This means it decides how your personal data is processed and for what purposes. To exercise all relevant rights, queries of complaints please in the first instance contact the Societies website here: Contact Us page.
10. Document Version
We update this Privacy Notice from time to time so please do review it regularly.
A finalised version of this document will become effective on or before 25 May 2018.