EFHA Privacy Policy

E

The Entwistle Family History Association (EFHA)

The following information constitutes our privacy policy notice. In this document, “we”, “our”, “us”, “the association” or “EFHA” refer to the Entwistle Family History Association.

We are located as a membership organisation and committee in Lancashire, England, UK, though our members, officers and committee members are located across the UK and the world.

You can contact us by e-mail about privacy matters at efhawebsite@gmail.com  – see our Contact page here: http://www.entwistlefamily.org.uk/contact

We take very seriously the protection of your privacy and confidentiality. We understand that you are entitled to know that your personal data will not be used for any purpose unintended by you.

The law requires us to tell you about your rights and our obligations to you regarding the processing and control of personal data. We do this now, by requesting that you read the information provided here www.knowyourprivacyrights.org

Except as set out below, we do not share, or sell, or disclose to any third party, any information collected through our forms, emails, letter post, website or otherwise.

This policy explains when and why we collect personal information about our members, how we use it and how we keep it secure, and spells out your rights in relation to it.

  1. How we Collect, Use and Store your Information

1.1 We may collect, use and store your personal data as described in this Data Privacy Policy and as described when we collect data from you.

1.2 We reserve the right to amend this Privacy Policy Statement from time to time without prior notice. You are advised to check the policy statement on our website www.entwistlefamily.org.uk regularly for any amendments (but amendments will not be applied retrospectively).

1.3 We will always comply with the UK’s Data Protection laws and the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner www.ico.gov.uk

1.4 For the purposes of data protection and the GDPR, we will be the “controller” of all personal data we hold about you.

  1. Who are we?

2.1 We are the Entwistle Family History Association (EFHA).

  1. What information do we collect and why

3.1 Type of information collected: member’s name, address, telephone number, e-mail, address.

3.2 Purposes and Legal basis of processing: managing the member’s records and membership of the family name association. Performing the association’s contract with the member. For the purposes of our legitimate interests in operating the association. See Article 6 of the GDPR

3.3 The member’s name and e-mail address: creating and managing the association’s off-line membership directory and mailing list.

3.4 Financial and payment details: we do not retain members’ financial details in any form as annual membership fees are handled direct by PayPal or GenFair or by Standing Order/Direct Debit. Cheques will be paid directly into our bank account.

3.5 Officers and Committee members: names, e-mail addresses and telephone of association officers and committee members may from time to time and with their consent be published on the association’s website, in the association’s newsletter and other publications, in the association’s marketing materials and made available to other related organisations and associations. In each case this information is held as a point of contact at the association for the purposes of our legitimate interests in operating and promoting the association.

3.6 Some members will provide us and individual offices of the association with detailed and historical records of family histories and family trees for family history research and family matching purposes. This information will be treated in the same way and under the same principles as the rest of this privacy policy sets out.

  1. Consent

4.1 We will seek members’ consent to this policy on their membership application form and at each membership renewal. Members may withdraw their consent at any time by contacting us in writing, by e-mail or letter, to tell us that they no longer wish their details to be retained by the association.

  1. How we protect your personal data

5.1 We may transfer your personal data outside the EU.

5.2 We have implemented generally accepted standards of technology and operational security in order to protect your personal data from loss, misuse, or unauthorised alteration or destruction.

5.3 Please note however, that where you are transmitting information to us over the Internet this can never be guaranteed to be 100% secure.

5.4 Any payments which we take from you online use a recognised third party online secure payment system.

5.5 Should there be a data breach we will notify you promptly of any breach of your personal data which might expose you to serious risk.

  1. Who else has access to the information you provide us?

6.1 We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where we are required to do so by law or as set out above and below.

6.2 We may occasionally pass members’ personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing tasks and providing services to you on our behalf (e.g. to print newsletters and send you mailings). We do this for the purpose of our legitimate interests in operating the association and for performing our contract with you. However, we disclose only the personal data that is necessary for the third party to deliver the service and where we have a contract in place that requires them to keep your information secure and not to use it for their own purposes. It is possible that third parties may themselves engage others (subprocessors) to process data. Where this is the case third parties will be required to have contractual arrangements with their sub-processor(s) that ensure your information is kept secure and not used for their own purposes.

  1. How long do we keep your information?

7.1 We will hold your personal data on our systems for as long as you are a member of the association and for as long afterwards as it is in the association’s legitimate interest to do so, or for as long as is necessary to comply with our legal obligations. We will review your personal data every year to establish whether we are still entitled to process it.

7.2 If we decide that we are not entitled to do so, we will stop processing your personal data except that we may in some circumstances be required to retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. compliance with tax requirements and exemptions, and the establishment, exercise or defence of legal claims.

7.3 We securely destroy all personal information once we have used it and no longer need it.

  1. Communicating with you

8.1 When you contact us, whether by telephone, through our website or by e-mail, we collect the data you have given to us in order to reply with the information you need.

8.2 We record your request and our reply in order to increase the efficiency of our business.

8.3 We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high quality service.

  1. Dealing with complaints

9.1 When we receive a complaint, we record all the information you have given to us.

9.2 We use that information to resolve your complaint.

9.3 If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.

9.4 If the complaint relates to information in correspondence, publications or on our website and we feel it is justified or if we believe the law requires us to do so, we shall remove the content while we investigate.

9.5 If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.

9.6 We may compile statistics from information relating to complaints to assess the level of service we provide, but not in a way that could identify you or any other person.

  1. Your rights

10.1 You have rights under GDPR:

(a) to access your personal data

(b) to be provided with information about how your personal data is processed

(c) to have your personal data corrected

(d) to have your personal data erased in certain circumstances

(e) to object to or restrict how your personal data is processed

(f) to have your personal data transferred to yourself or to another organisation in certain circumstances.

  1. Cookies

11.1 Cookies are small text files that are placed on your computer’s hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience, and the website owner with statistics about the actions you have taken.

11.2 Some cookies may last for a defined period of time, such as one day or until you close your browser. Others last indefinitely.

11.3 Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use.

11.4 Our website uses cookies. They are placed by software that operates on our servers, and by software operated by third parties whose services we use.

11.5 When you first visit our website, we ask you to formally consent to our use of cookies.

11.6 If you choose not to use cookies or you prevent their use through your browser settings, you will not be able to use all the functionality of our website.

  1. We use cookies in the following ways:

12.1.      to track how you use our website

12.2.      to record whether you have seen specific messages we display on our website

12.3.      to provide a consistent personalised experience across our site

12.4.      to record your answers to surveys and questionnaires on our site while you complete them

12.5.      to record the conversation thread during a live chat with our support team

  1. Personal identifiers from your browsing activity

13.1 Requests by your web browser to our servers for web pages and other content on our website are recorded.

13.2 We record information that could identify your location, such as your IP address. We also record information reported by the software you are using to browse our website, such as the type of computer or device and the screen resolution.

13.3 We use this information in aggregate to assess the popularity of the webpages on our website and how we perform in providing content to you.

13.4 If combined with other information we know about you from previous visits, the data possibly could be used to identify you personally, even if you are not signed in to our website. However, our policy is not to use such data for the purpose of personal identification.

  1. Our use of marketing information

14.1 An advertisement you may see for our services may have been shown because we have used a third party to provide us with marketing services. However, we advertise in many places and an advertisement shown for our services may just be coincidental to your visit to our website.

14.2 We may from time to time contact you via email to inform you of important issues, relevant and related products and your use of our member services

14.3 You have the right to take any complaints about how we process your personal data to the Information Commissioner: https://ico.org.uk/concerns/ 0303 123 1113. Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF