1. Your personal data – what is it?
Personal data relates to an identifiable person who can be identified from that data. Identification can be by the information alone or in conjunction with any other information in the data controller’s possession or likely to come into such possession. The processing of personal data is governed by the General Data Protection Regulation (the “GDPR”).
2. Who are we?
The Submarine Family works with and shares data with The Submariners Association, We Remember Submariners, Society of Friends of the RN Submarine Museum (hereafter these four groups are referred to as the Family). The Submarine Family is the overall data controller and each member of the Family has its own Data Controller.
The Data Controllers decide how your personal data is processed and for what purposes. Your data will be processed by the authorised officers of each part of the Family typically Treasurers, Membership Secretaries and Web Admins.
3. How do we process your personal data?
The Family complies with its obligations under the “GDPR” by keeping personal data up to date; by storing and destroying it securely; by not collecting or retaining excessive amounts of data; by protecting personal data from loss, misuse, unauthorised access and disclosure and by ensuring that appropriate technical measures are in place to protect personal data.
We collect contact details, information you volunteer about your service history including your service number, your communications preferences and other data which from time to time may be required in order to issue tickets for events, address queries you raise and manage your membership account.
We use your personal data for the following purposes: -
· To enable us to carry out our objectives specified in our constitution which can be seen on The Submarine Family website.
· To administer membership records;
· To fundraise and promote the interests of the Family;
· To manage our volunteers;
· To maintain our own accounts and records (including the processing of gift aid applications);
· To inform you of relevant news, events, activities and services;
· Processing is necessary for carrying out obligations defined by our constitution or a collective agreement.
· Processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
5. Sharing your personal data
Your personal data will be treated as strictly confidential and will only be shared with other members of the Family in order to carry out a relevant service or for purposes connected with the Family. We will only share your data with third parties outside of the Family with your consent. We will never sell your data. We may also share your data with law enforcement agencies, regulators, courts, public authorities or emergency services when required to do so.
6. How long do we keep your personal data?
The period for which we keep your information depends on the purpose for which your information was collected and the use. We will not keep your personal information for longer than necessary for those purposes or for any other legal requirements. If you would like more details in relation to your personal data, please contact us.
We review all data retention periods every two years. Data collected for accounts purposes are kept for seven years plus an additional period of six months. You can request data relating to donations to be forgotten.
7. Your rights and your personal data
Unless subject to an exemption under the GDPR, you have the following rights with respect to your personal data: -
· Be informed about what data we hold on you, why we hold it and how we process it
· Have access to the personal data we hold about you, free of charge in most cases
· The correction of your personal data when incorrect, out of date or incomplete
· Restrict our processing of your data (either through specific channels or all channels)
· Request that your data be erased completely (where we are able to do so) from our files
· Expect your personal data to be available in a portable electronic format for ease of transfer
· Object to us holding and keeping specific types of personal data
· Expect adherence to best and transparent practice around automated decision making and profiling
· The right to lodge a complaint with the Information Commissioners Office.
8. Further processing
If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will seek your prior consent to the new processing.
9. Data Handling.
This section deals with our websites and email software system (Campaign Monitor).
· Website Visitor Tracking. The websites may use tracking software to monitor their visitors to better understand how they use them. The software will save a cookie to your computer’s hard drive in order to track and monitor your engagement and usage of the website, but will not store, save or collect personal information.
· Downloads & Media Files. Any downloadable documents, files or media made available on the websites are provided to users at their own risk. While all precautions have been undertaken to ensure only genuine downloads are available users are advised to verify their authenticity using third party anti-virus software or similar applications.
We accept no responsibility for third party downloads and downloads provided by external third party websites and advise users to verify their authenticity using third party anti-virus software or similar applications.
· Contact & Communication With Us. Users contacting us through the websites do so at their own discretion and provide any such personal details requested at their own risk. Your personal information is kept private and stored securely until a time it is no longer required or has no use.
· Email Mailing List & Marketing Messages
o We operate an email mailing list program, used to inform subscribers about new, events, updates and so on. Users can subscribe through an online automated process where they have given their explicit permission. Subscribers can unsubscribe at any time as detailed in the footer of sent messages.
o Our EMS (email marketing service) provider is; Campaign Monitor who are GDPR compliant.
· External Website Links & Third Parties. Although we only look to include quality, safe and relevant external links, users are advised to adopt a policy of caution before clicking any external web links mentioned throughout the websites.
10. Data Storage. Your data is stored as follows:
· The Submarine Family main database - a GDPR compliant site database kept on a GDPR compliant UK based server contains current and archived membership records of all members of The Submarine Family and those who are only members of Friends of the RN Submarine Museum.
· A regular offline backup is kept.
· The Submariners Association and We Remember Submariners maintain separate GDP Compliant Databases of their members.
· Data is exchanged securely between the The Submarine Family database and these two databases.
· The Newsletter database – for those who have opted in Name, Email and Membership number and chosen interest areas are stored by the GDPR compliant Campaign Monitor on their servers. No hard copy back up is kept of this as it can be recreated from the main database if need be.
11. Contact Detail
To exercise all relevant rights, queries or complaints please in the first instance contact The Submarine Flotilla Secretary on [email protected]
You can contact the Information Commissioners Office on 0303 123 1113 or via email https://ico.org.uk/global/contact-us/email/ or at the Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire. SK9 5AF.