WPA Privacy Notice GDPR – v02.0 7th March 2021
This Privacy Notice supersedes any previous version
- About this Privacy Notice
This Privacy Notice explains what personal information we collect, why we collect it, how we use it, how we keep it secure, and your rights in relation to it.
We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details regarding the GDPR can be found at the website of the United Kingdom’s Information Commissioner (www.ico.org.uk). For the purposes of the GDPR, we will be the “data controller” for all personal data that we hold about you.
- Who we are
We are the Westcountry Potters Association, an unincorporated Association run by its members. Our contact details are given at the end of this document.
- How we collect data
We collect personal data that you provide to us. This includes information provided when you join the Association, book to attend Association events or otherwise provide data to the Association by email, telephone or similar means.
We do not collect personal data from third parties.
- How the law protects you
Data Protection law says that we are allowed to use personal information only if we have a proper reason to do so. The law says we must have one of the following reasons:
- To fulfil a contract we have with you.
- When it is our legal duty.
- When it is in our legitimate interest.
- When you consent to it.
A legitimate interest is when we have a business reason to use your information including but not limited to internal administrative purposes, preventing fraud, or ensuring network and information security.
- How we protect your personal data
We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction. We use industry-standard security mechanisms to protect your personal data when it is transmitted over the internet.
If you make or receive payments via bank transfer, your banking details are managed by our bankers, Lloyds Banking Group, who are regulated by the Financial Conduct Authority (FCA) and comply with their privacy and data protection standards.
We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
- Sharing your personal data
Other than as noted below we never share your personal data with third parties. The only exception is that we will, upon request, provide a list of members’ names and membership numbers to those companies who offer a member’s discount on purchases. This is done to provide a proof of membership if the member is unable to present their membership card when purchasing.
Those Association members directly involved in Association management (eg the Committee) may be provided with your personal information if there is a clear need to do so.
Your personal information will be published in our members’ directory/handbook, if you have given permission to do so. This document is provided to all members upon joining and upon updating roughly every 18 months. It is not distributed to non-members. You can withdraw this permission by contacting us (see the end of this document).
If you book to attend an event organised by the Association, you will be invited to permit your name and contact details only to be provided to other attendees for the purposes of organising car sharing etc.
Other than as described above, we do not disclose your personal data to third parties, or to other members.
- Retaining your personal data
The Association has to hold the personal information that you provide on the paper membership application form in order to complete the membership application process, and subsequently to provide you with other Association services that are a benefit of membership.
In the absence of any legal requirements, your personal data will be retained for as long as necessary for the purposes for which it was provided. We continually review what information we hold and delete what is no longer required.
If you resign or otherwise leave the Association, or withdraw your agreement to inclusion in the members’ handbook, your details will be removed from the handbook in the next edition and your entry (if any) in the website members’ gallery will be deleted within 28 days.
| 8. Your rights
As well as our obligations, and commitment, to respect the privacy of your information, you also have certain rights relating to the personal information we hold about you. These rights are outlined below. None of these are absolute and are subject to various exceptions and limitations. You can exercise these rights at any time by contacting us using the contact details at the end of this document.
You have rights to:
You may request access to a copy of the personal information we hold about you.
We can refuse to provide information where to do so may reveal another person’s personal data or would otherwise negatively impact another person’s rights.
You may object to us using automated processes, or fully automating decision making, using your personal data, except where used to detect, prevent and investigate fraud and other financial crimes.
Where you gave us the information directly, and it was processed electronically, you can request the data we hold on you in a commonly used machine-readable format.
You can ask us to delete the personal information we hold about you when it is no longer required for a legitimate business need, legal or regulatory obligations, or for the purposes it was collected for.
If you believe that the personal information we hold about you is inaccurate, incorrect or incomplete, please contact us as soon as possible so we can update it.
You may ask us to restrict our processing of your data whilst we resolve any complaints you have about the way your data is used, require it for a legal claim, or if you think our processing is unlawful but you do not want us to delete your data.
At any time, you may withdraw the consent you granted for your personal information to be passed to other Association members in connection with Association activities.
When you withdraw your consent, it will not affect the lawfulness of any past activities we have undertaken based on the previous consent.
How we respond to your rights
You can exercise these rights at any time by contacting us using the contact details at the end of this document.
We may need to validate your identity before we can respond to your request. If we are unable to confirm your identity, or have strong reasons to believe that your request is unreasonably excessive or unfounded, we may deny it.
Once we have validated your identity, we aim to respond to your requests within 30 days and no later than three months from receipt of complex requests. We will let you know if we need additional time to complete.
We will let you know whether we accept, or refuse, your request.
- Contacting the Association
If you wish to contact the Association with regard to the contents of this document please send an email to firstname.lastname@example.org and we will respond promptly to your request.