The Moseleians Association
General Data Protection Regulation (GDPR)
This privacy notice is in line with the new data protection legislation (known as General Data Protection Regulation - GDPR) which comes into force on 25th May 2018.
- The data that we hold
- How we use it
- Why we need it
- Who has access to it
- What your rights are
- New details of who to contact with any queries
Your privacy is protected by law. This section explains how this works.
Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. This includes sometimes sharing it outside the association.
The law says we must have one or more of these reasons:
- To fulfil a contract we have with you, or
- When it is our legal duty, or
- When it is in our legitimate interest, or
- When you consent to it
A legitimate interest is when we have a business or commercial reason to use your information such as to a carrier to deliver items purchased from our online shop although even then it must not unfairly go against what is right and best for you.
We may collect personal data about you, including for example your name, any name that you may have had at school, the school you attended, your years at school, your home address and if you have supplied it to us your phone numbers and email address.
If we are running an event that you are personally attending, then we may collect more sensitive data such as dietary requirements or access needs if applicable.
Examples of the sources of data we collect about you:
- Membership application form
- Other application forms for events
- When you talk to us on the telephone, personally or communicate with us via social media or website
- In emails and letters
- When you use our website
- Payment and transactional data
GDPR law says that we can only use your personal information if we have a proper reason to do so. This includes sharing your data with third parties.
We may process your personal data for the following purposes, if relevant;
- Administer your membership with the Moseleians Association
- Responding to your enquiries
- Provide you with information about memorabilia we are offering as an association
- Notify you about changes to our terms and conditions
- Communicate with you about events, updates to your membership and other activities we are involved in as an alumni association and believe you would be interested in
- Tailor your experience on our website
- Communicate with you via social media
- Respond to complaints and seek to resolve them
We process this data on the basis of our legitimate interest to run the Moseleians Association in an efficient and proper way for the benefit of our members. This includes managing our financial position, planning, audit, communications and business capability. We also process your personal data where required to comply with laws and regulations that apply to us.
Data is stored on a secure server to prevent unauthorised access. No data held by the Moseleians Association will be supplied outside the European Economic Area (EEA) other than to companies that are signed up to the Privacy Shield. https://www.privacyshield.gov
There are various lengths of time that data is kept for depending on need and other laws that we adhere to. You have the right to be forgotten within our database as long as there isn't an over-riding legitimate need.
Unless we explain otherwise to you, we'll hold your personal information based on the following retention periods for personal data:
- Membership records - for as long as we have reasonable membership needs
- Events - for as long as we have reasonable membership needs
- When you place an order, we’ll keep the personal data you give us for as long as we have reasonable business needs so we can comply with our legal and contractual obligations.
We will treat your personal information as private and confidential, but may disclose it outside of the Moseleians Association if:
- You consent
- Needed by third parties to help manage your records (such as our IT suppliers who run our website).
- HM Revenue and Customs or other statutory authorities who require it
- The Law or the public interest permits and requires it
- Required by us or others to investigate or prevent crime
We sometimes share your personal data with trusted third parties. For example, payment handling and delivery couriers.
Here’s the policy we apply to those organisations to keep your data safe and protect your privacy:
- We provide only the information they need to perform their specific services.
- They may only use your data for the exact purposes we specify in our contract with them.
Examples of the kind of third parties we work with are:
- IT companies who support our website and other business systems.
- PayPal for handling website payments
- Operational companies such as delivery couriers who deliver our Gazette magazine and memorabilia items purchased online.
- Direct marketing companies such as Mail Chimp who help us manage our electronic communications with you.
We do not share data with third parties for their own purposes.
You have the right to ask us to provide you with access to and rectification or erasure of your personal data. Providing you with this information is free of charge, but charges may apply for excessive requests. You have the right to ask us to provide you or a third party with the personal data you have provided to us in an electronic format.
You have the right to object to certain purposes for processing, in particular general information email messages.
If you wish to raise a complaint on how we have handled your personal data, you can contact our Data Compliance Officer who will investigate the matter further.
If you wish to stop us from providing you with information via email then you can opt out at any time by ticking the appropriate unsubscribe box within an email or contacting our membership secretary directly.
Should you be unhappy with our processing of your personal data, you have a right to complain to the Information Commissioner's Office, which is the regulator for data protection.
Any changes we make to this policy in the future will be communicated to you via email, letter, The Moseleian Gazette or Moseleians Association website. The full notice (as it currently stands) is available on our website (www.moseleians.co.uk) as well as available on request by contacting the Membership Secretary or Data Compliance Officer.
In the event that we believe there is a serious breach to our systems or data we will inform the Information Commissioner's Office within 72 hours and will inform the affected members as soon as practically possible there afterwards.
This notice was last updated on 09/05/2018