Introduction & Purpose
This Policy sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it. In certain circumstances additional fair processing notices may apply to the processing of your data, where this is the case we refer to them below.
For the purpose of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 (DPA 2018), the data Controller is Broadwater Action Group: 190 Broadwater Road, East Malling, Kent (the “Group”).
What is Personal Data?
Your personal data is information relating to you that can identify you as a living individual. It may be information that can identify you by itself or when combined with other information held or likely to be held by a person or organisation in possession of your personal data. Sensitive personal data is specific types of personal information which is more sensitive and therefore needs more protection. In the UK the Data Protection Act governs the processing of personal data.
What are the lawful reasons for processing your personal information?
Broadwater Action Group (the “Group") needs to be able to process your personal data as a membership organisation, as a society governed by laws and to help further our objectives as stated in our Consitution. Therefore the processing of your personal data is lawful because it is necessary:
Essential uses of your personal information
The Group processes members’ information in order to manage our membership records and to send you formal and informal notices. We also use it to establish that you are a local resident, as this is a condition of our membership. If you come to any of our events you will either be asked to sign in or give your name. This may be for health and safety and/or insurance reasons. If you attend a formal Group meeting the attendance list also forms, and is retained as, part of the official minutes.
Sensitive Personal Data
We will only ever process sensitive personal data in relation to volunteer ‘Emergency Contact’ forms where you give us your ‘Emergency Contact’ information. You can ask us to stop holding your ‘Emergency Contact’ information at any time.
Futher uses of your personal information
We will also use your personal information in the legitimate interests of the Group
What happens if we want to process your information for other reasons?
Though there are some legal exceptions, if we wish to process your personal data for any other unrelated purpose than those we have informed you about we will notify you.
Security of your data
We have put in place appropriate security measures to protect your personal data from being accidentally lost, misused or accessed in an unauthorised way, altered or disclosed. These include technical, administrative and physical security measures to ensure that any data we collect is stored and processed securely.
We have procedures to deal with any suspected personal data breach and we will promptly notify you and any applicable regulator of a breach in accordance with our legal obligations.
We cannot guarantee that the security measures we implement in connection with the operation of the site will absolutely prevent others from accessing or acquiring any information that you provide while using the site.
Cookies and Information Collected by Technology
Will we share your information with anyone else?
Generally, we will not disclose or share your personal data (including your email address) with anyone outside our organisation without your permission. However we may need to use or share your information with third parties to allow us to make our Site available to you and/to provide you with the Service(s). We may share your information:
We take steps to safeguard your information and we will have contractual provisions requiring all third party service providers to respect the security of your personal data and to treat it in accordance with our data protection policies and all applicable laws. We will not allow third party service providers to use your personal data for their own purposes and they will only be allowed to process your personal data in accordance with our instructions.
How long will we keep your data?
We will not keep your information for longer than it is necessary – usually while you are a member and up to around 12 months after you have left to help us resolve any issues that may subsequently arise. Any ‘Emergency Contact’ forms are kept as long as you want us to or until it becomes evident that you are no longer volunteering at our events. Any personal information that forms part of the official records of the Society will be retained indefinitely. We also keep photographs and other material for publicity and historical records of the Group.
If you are located in the EEA and the GDPR and/or DPA 2018 applies to you, the applicable legislation allows you some or all of the following rights with respect to your personal data, subject to that legislation:
(a) Editing and updating personal data.
If you find that your personal data needs to be edited or updated, you can request that we consider this by emailing firstname.lastname@example.org .
(b) Accessing personal data.
You can request details of your personal data we hold. We will confirm whether we are processing your personal data and provide additional details including what kind of information we have about you, where we collected it, how we use it (including the legal basis for our processing), how long we expect to keep it, details of any automated decision making or profiling and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations.
If you ask us, we will provide you with a copy of your personal data free of charge. We may charge you a fee to cover our administrative costs if you request multiple copies of the same information or if the requests are manifestly unfounded or excessive.
(c) Deletion of personal data.
You can request that you data is deleted by emailing email@example.com we will consider the reasons that we hold your information and will process your request in accordance with the GDPR and Data Protection Act 2018.
(d) Restriction of processing of personal data.
You have the right to request us to limit the processing of your personal data if:
To the extent needed, we may still keep some of your data to ensure we comply with your request to limit processing, or for other legal purposes.
(e) Objecting to certain types of processing including automated decision making.
Where we process your personal data based upon our legitimate interests, you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms.
Where we process your personal data based upon our legitimate interests and where decisions are made by automated processing which has a legal or other significant effect on you, you may also object to such automated decision making, however, doing so may affect the delivery of our Service or Site(s).
(f) Portability of personal data.
You can request us to send you your personal data in a structured, commonly used, machine-readable format so that it can easily be transferred and used by a third party if:
(g) Withdrawing consent.
To the extent we use consent to process your data, you have the right to withdraw any consent you may have given us at any time. We will comply with your request promptly.
At any point, you have the right to object to processing of your personal data for direct marketing purposes and we will promptly comply with your request.
(h) Filing a complaint with a data protection authority.
We will try to resolve any problems that you have but you are always able to contact your local data protection authority for assistance or to make a complaint. In the UK this is the Information Commissioners Office whose website is accessible via www.ico.org or by writing to them at Information Commissioner's Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF.
If you wish to exercise any of these rights, please email firstname.lastname@example.org We will respond to your request within 30 days of accepting it. Before accepting your request we may need to ask for some identity documentation from you, to make sure we don’t inadvertently provide your personal data to someone else. If you are not in the EEA, you can still apply for one of these rights, and we will comply where the request is reasonable in our discretion.
What we ask from you
Please help us to keep your personal information up to date by letting us know of any changes to that personal information. You may ask us to update your information at any time and we will action your requests promptly.
How to get in contact