Privacy Policy
Posted: 27 Nov 2018 13:25
Riders Branch
The Royal British Legion Scotland SCIO (003323)
New Haig House, Edinburgh
26 May 18
RIDERS BRANCH - GDPR UPDATE (as at 25 May 18)
Under the GDPR, the Riders Branch will be categorised as Data Controllers, rather than a Data Processor, as follows:-
- A Data Controller determines the purposes and means of processing personal data, and
- A Data Processor is responsible for processing personal data on behalf of a Data Controller.
Whether or not a Branch is under the RBLS SCIO umbrella, it remains a separate legal entity. As such, the Branches will process members’ personal data for their own benefit, and be categorised as Data Controllers.
You should also note that there is no exemption from being categorised as a Data Controller under the "small charities exemption".
We the branch will need to register with the ICO and pay the annual fee of £40. Some exemptions to this annual fee may apply and we will be given guidance shortly to carry out a self-assessment to determine if we are exempt.
Should we be writing to all our members now to gather consent?
Some organisations are not obliged to send out such correspondence (as they are not relying on consent as the lawful basis for processing). The Riders Branch, Legion Scotland, as part of the RBLS SCIO is processing member data under a legal obligation, we are required to keep an up to date register of members under the 2011 Regulations. Therefore, we are not relying on the members’ consent to gather and retain the membership information from the 25th May 2018. At present we don’t send direct marketing to all our members, the only and next mailing to the membership is the Legion Scotland Today magazine.
The magazine is a ‘member benefit’ and can be categorised as an administrative mailing keeping members up to date and would likely come under the lawful basis of legitimate interest, this can be interpreted that consent is not required to continue to send the magazine to our members as they receive it as a benefit of their annual membership payment. Members can of course opt out of receiving the magazine at any time and we will reflect that on the database, under their contact preferences.
The definition of the lawful basis for RBLS processing the data it holds is contained within our new Privacy Policy which you will see appearing on newsletters in future and also on other mediums of communication such as the website, social media and on emails.
The key for the Riders Branch as a whole at present is to be mindful of correct data processing procedures and to ensure that we can demonstrate good practices and good governance when it comes to processing and managing the details of our membership.
This is a fantastic opportunity for us all to review how we collect and store information including a review of how secure the information is whether filed in hard copy or electronically. It is also a good time to review what historic data you hold and whether or not all the information really needs to be kept beyond this point. We will provide branches with guidance on this as we go.
I would like to thank everyone for their patience so far whilst waiting for further details and to encourage all to embrace this change in regulation as a new opportunity to review and improve our services for our membership.
Although we wait for further guidance and clarity we as Riders Branch will as part of our Privacy Policy, do the following:
Privacy Policy
Effective Date: 25 May, 2018
Contents
About this Privacy Policy
Information We May Collect
Information You Provide
Information Collected From Other Sources
How We Use Information
How We Share Information
Your Rights and Choices
Accessing, Updating, or Correcting Your Data
Deletion of Your Data
Communication Preferences
Data Retention
Security
Contact Us
About this Privacy Policy
This Privacy Policy describes how and when we may collect, use, and share information collected in connection with our membership and your choices regarding that information. Please read this Privacy Policy carefully. We may update it from time to time by posting a new version on our website and Facebook closed site with an updated Effective Date. If we make material changes, we will notify you through those methods described above or by other means if you’ve provided us additional contact information (e.g., using the email address associated with your Account). Your continued use of the website or Facebook account site after the Effective Date will be an acknowledgement of our updated practices.
Information We May Collect
We may collect various types of information, including information you provide or make available to us directly, or information collected from Facebook in the form of a Messenger grouping.
Information You Provide
You may provide information directly to the Branch when you apply for membership by either completing the application form or sending details directly to Legion Scotland website application page, a branch cttee member or a local district representative. Depending on how you choose to access the membership application, this information may include things like your first and last name, your full postal address, mobile and home phone number, email address.
Information Collected From Other Sources
We may also collect information about you from a single other source, our partner RBLS only.
How We Use Information
We may use the information we collect for a number of purposes, including to:
- Perform internal operations for the purpose of a membership acceptance email and to remind you of your membership renewal when due. To coordinate locally events and opportunities for supporting the Riders Branch.
How We Share Information
We may share the information we collect about you in various ways, including:
- With our partners RBLS for the purpose of the magazine as a benefit of your membership. With Civil Police Force officials, government authorities, or other third parties if we believe your actions are inconsistent with our terms or other policies, and/or are fraudulent or in violation of applicable law. We do not share your personal information with third parties for their direct marketing purposes.
Your Rights and Choices
You can manage your information as described in this Policy, and you may have additional rights related to that information as described below. You are not obliged to provide all information requested in the membership less your full name and address for membership recording.
Accessing, Updating, or Correcting Your Data
You are expected to maintain accurate, complete as given on application, and up-to-date information in connection with your Membership and you can do this through the cttee posts. You can request at anytime details of your information being held on account and this will be provided at the earliest opportunity.
Deletion of Your Data
You have the right to request deletion of your personal information, subject to our Data Retention policy described below. If you would like to have your personal information deleted you should contact either the:
chairman@rblsr.org, secretary@rblsr.org or treasurer@rblsr.org.
Please note that if you delete your personal information, you may no longer receive membership benefits or information pertaining to our events and meetings.
Communication Preferences
Email, phone, and text: We may contact you at the email address(es) or phone number(s) provided in connection with your membership. You may opt out of these messages by following the deletion of data above.
Data Retention
We may retain personal information for the duration of your membership and for a further period of 6 months from your annual renewal date, for the purpose of communication of renewal. When we no longer have a legitimate business need to hold this information all personal data, after this date, will be destroyed by cttee appointments and nominated District representatives approved at the branch AGM.
Security
We follow generally accepted RBLS standards and maintain reasonable safeguards designed to secure and prevent unauthorized access to the information in our possession. If you have reason to believe that your interaction with us is no longer secure, please immediately contact us. We collect personal information from you only where we have your consent to do so, where we need it to perform a contract with you, or where it is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
Contact Us
If you have questions or concerns about this Policy or our data practices, you can contact us by email at chairman@rblsr.org.
The Royal British Legion Scotland SCIO (003323)
New Haig House, Edinburgh
26 May 18
RIDERS BRANCH - GDPR UPDATE (as at 25 May 18)
Under the GDPR, the Riders Branch will be categorised as Data Controllers, rather than a Data Processor, as follows:-
- A Data Controller determines the purposes and means of processing personal data, and
- A Data Processor is responsible for processing personal data on behalf of a Data Controller.
Whether or not a Branch is under the RBLS SCIO umbrella, it remains a separate legal entity. As such, the Branches will process members’ personal data for their own benefit, and be categorised as Data Controllers.
You should also note that there is no exemption from being categorised as a Data Controller under the "small charities exemption".
We the branch will need to register with the ICO and pay the annual fee of £40. Some exemptions to this annual fee may apply and we will be given guidance shortly to carry out a self-assessment to determine if we are exempt.
Should we be writing to all our members now to gather consent?
Some organisations are not obliged to send out such correspondence (as they are not relying on consent as the lawful basis for processing). The Riders Branch, Legion Scotland, as part of the RBLS SCIO is processing member data under a legal obligation, we are required to keep an up to date register of members under the 2011 Regulations. Therefore, we are not relying on the members’ consent to gather and retain the membership information from the 25th May 2018. At present we don’t send direct marketing to all our members, the only and next mailing to the membership is the Legion Scotland Today magazine.
The magazine is a ‘member benefit’ and can be categorised as an administrative mailing keeping members up to date and would likely come under the lawful basis of legitimate interest, this can be interpreted that consent is not required to continue to send the magazine to our members as they receive it as a benefit of their annual membership payment. Members can of course opt out of receiving the magazine at any time and we will reflect that on the database, under their contact preferences.
The definition of the lawful basis for RBLS processing the data it holds is contained within our new Privacy Policy which you will see appearing on newsletters in future and also on other mediums of communication such as the website, social media and on emails.
The key for the Riders Branch as a whole at present is to be mindful of correct data processing procedures and to ensure that we can demonstrate good practices and good governance when it comes to processing and managing the details of our membership.
This is a fantastic opportunity for us all to review how we collect and store information including a review of how secure the information is whether filed in hard copy or electronically. It is also a good time to review what historic data you hold and whether or not all the information really needs to be kept beyond this point. We will provide branches with guidance on this as we go.
I would like to thank everyone for their patience so far whilst waiting for further details and to encourage all to embrace this change in regulation as a new opportunity to review and improve our services for our membership.
Although we wait for further guidance and clarity we as Riders Branch will as part of our Privacy Policy, do the following:
Privacy Policy
Effective Date: 25 May, 2018
Contents
About this Privacy Policy
Information We May Collect
Information You Provide
Information Collected From Other Sources
How We Use Information
How We Share Information
Your Rights and Choices
Accessing, Updating, or Correcting Your Data
Deletion of Your Data
Communication Preferences
Data Retention
Security
Contact Us
About this Privacy Policy
This Privacy Policy describes how and when we may collect, use, and share information collected in connection with our membership and your choices regarding that information. Please read this Privacy Policy carefully. We may update it from time to time by posting a new version on our website and Facebook closed site with an updated Effective Date. If we make material changes, we will notify you through those methods described above or by other means if you’ve provided us additional contact information (e.g., using the email address associated with your Account). Your continued use of the website or Facebook account site after the Effective Date will be an acknowledgement of our updated practices.
Information We May Collect
We may collect various types of information, including information you provide or make available to us directly, or information collected from Facebook in the form of a Messenger grouping.
Information You Provide
You may provide information directly to the Branch when you apply for membership by either completing the application form or sending details directly to Legion Scotland website application page, a branch cttee member or a local district representative. Depending on how you choose to access the membership application, this information may include things like your first and last name, your full postal address, mobile and home phone number, email address.
Information Collected From Other Sources
We may also collect information about you from a single other source, our partner RBLS only.
How We Use Information
We may use the information we collect for a number of purposes, including to:
- Perform internal operations for the purpose of a membership acceptance email and to remind you of your membership renewal when due. To coordinate locally events and opportunities for supporting the Riders Branch.
How We Share Information
We may share the information we collect about you in various ways, including:
- With our partners RBLS for the purpose of the magazine as a benefit of your membership. With Civil Police Force officials, government authorities, or other third parties if we believe your actions are inconsistent with our terms or other policies, and/or are fraudulent or in violation of applicable law. We do not share your personal information with third parties for their direct marketing purposes.
Your Rights and Choices
You can manage your information as described in this Policy, and you may have additional rights related to that information as described below. You are not obliged to provide all information requested in the membership less your full name and address for membership recording.
Accessing, Updating, or Correcting Your Data
You are expected to maintain accurate, complete as given on application, and up-to-date information in connection with your Membership and you can do this through the cttee posts. You can request at anytime details of your information being held on account and this will be provided at the earliest opportunity.
Deletion of Your Data
You have the right to request deletion of your personal information, subject to our Data Retention policy described below. If you would like to have your personal information deleted you should contact either the:
chairman@rblsr.org, secretary@rblsr.org or treasurer@rblsr.org.
Please note that if you delete your personal information, you may no longer receive membership benefits or information pertaining to our events and meetings.
Communication Preferences
Email, phone, and text: We may contact you at the email address(es) or phone number(s) provided in connection with your membership. You may opt out of these messages by following the deletion of data above.
Data Retention
We may retain personal information for the duration of your membership and for a further period of 6 months from your annual renewal date, for the purpose of communication of renewal. When we no longer have a legitimate business need to hold this information all personal data, after this date, will be destroyed by cttee appointments and nominated District representatives approved at the branch AGM.
Security
We follow generally accepted RBLS standards and maintain reasonable safeguards designed to secure and prevent unauthorized access to the information in our possession. If you have reason to believe that your interaction with us is no longer secure, please immediately contact us. We collect personal information from you only where we have your consent to do so, where we need it to perform a contract with you, or where it is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms.
Contact Us
If you have questions or concerns about this Policy or our data practices, you can contact us by email at chairman@rblsr.org.