1. Data Protection Policy
The Military Historical Society takes its responsibilities with regard to the management of the personal data and the requirements of relevant legislation very seriously. This document provides the policy framework through which effective management of Data Protection matters can be achieved.
2. Relevant Legislation
The General Data Protection Regulation 2018; the Data Protection Act 2018; and all other applicable legislation concerning the storage and use of personal data.
The Society will adhere to the eight principles of data protection as laid down by the Act. In accordance with those principles personal data shall be:
- Processed for specified purposes only
- Adequate, relevant and not excessive
- Accurate and up to date
- Not kept longer than necessary
- Processed in accordance with data subjects’ rights
- Processed and held securely
- Not transferred outside the countries of the European Economic Area without adequate protection.
3. Scope of the Policy
The purpose of this policy is to ensure that the Society complies with the provisions of the relevant legislation when processing personal data. This policy applies regardless of where the data is held, including the Society website and personally-owned computer equipment.
The Society will only hold data on Officers, Members and ex-Members of the Society and members of the public who have contacted the Society voluntarily (collectively known as Users). It will not hold data on members of the public for the purpose of direct marketing.
4. Source and Content of Data Held
Personal data held about individuals will only be supplied by the individuals themselves and will comprise some or all of Title, Name, Initials, Forename(s), Post-nominals, Surname, Address, Telephone number(s), Email address, Interests and any other contact details supplied by the individual or their personal representatives. Further administrative data will be added by the Society and will comprise some or all of Membership number; Date of joining; Dates of agreeing to and withdrawing from Gift Aid; Subscription level; Subscription payment history; Gift Aid history; Method of subscription payment; Membership status; Notes on administrative actions and contacts with the individual; and Similar administrative records.
5. Consent, Use of Data & Disclosure
Consent for the Society, and local Branches of the Society where appropriate, to contact Members will be sought at the time of joining the Society. Provision will also be made for Members to opt out of any specific means of communication or contact with local Branch organisations. Parental consent must be given before the Society processes any personal information for children under the age of 13.
The names of new Members, lost Members and the resignation, deletion, death or obituary of ex-Members may be published in Society publications.
Personal data will only be used for the purpose of circulating Society publications to Members and for other contacts relevant to membership or the business of the Society.
Relevant name and address data of Members who have agreed to Gift Aid will be disclosed to HMRC in the standard form specified for Gift Aid claims.
Personal data will not be disclosed to third parties for direct marketing or any other reason not associated with the business of the Society.
6. Access to Data
Members and ex-Members will be able to access and amend their own personal data through a password controlled restricted area of the Society website. Users will also be able to request access to their own data at any time and also to request that any or all of their personal data is removed from Society records. The Society reserves the right to require requests for access to be in writing and a charge may be made for such requests.
The Society aims to comply with requests for access to personal information as quickly as possible, but will always ensure that it is provided within the time limits prescribed in the relevant legislation set out in the Data Protection Act 1998. Individuals will not be entitled to access information to which any of the exemptions in the relevant legislation apply.
7. Deletion of Data
The Society will not retain the personal data of any user in any electronic or searchable filing system for more than six years after they have ceased to have any active contact with the Society.
- As the Data Controller, the Society is responsible for establishing policies and procedures in order to comply with the requirements of the relevant legislation. The Society has delegated this responsibility to the elected Committee.
Data Protection Officer
- The Committee will appoint a Data Protection Officer with responsibility for:
- ensuring compliance with the requirements of the relevant legislation;
- ensuring compliance with subject access rights;
- ensuring that any data protection breaches are resolved and reported in a swift manner according to the guidance from the Information Commissioner’s Office;
- investigating and responding to complaints regarding data protection including requests to cease processing personal data.
- Any Member of the Society who stores or processes personal data on behalf of the Society or its Branches must comply with the requirements of this policy.
9. Data Protection Breaches
Any Member of the Society who becomes aware of a Data Protection breach, must report it immediately to the Data Protection Officer. The report should include full and accurate details of the incident, including who is reporting the incident and what data is involved.
This Privacy Notice tells you about our use of information and your rights in respect of certain information that The Military Historical Society (the “Society”) and our branches may hold about you, whether or not you are a Member of the Society.
This notice tells you about how we collect, use and protect your personal information.
10.1 Members of the Society
On joining the Society, you will provide information on:
- Your name and address (this is essential in order to receive Society publications)
- Your chosen method of paying subscriptions
You may also provide some or all of the following voluntary information:
- Your email address
- Your telephone numbers
- A Gift Aid declaration
- An option for your details to be passed to an appropriate local branch
- Other voluntary information about your interests and background
- Information for processing payments
10.2 Non-Members of the Society
On registering on the website, you will provide:
- Your email address
- A password to log-in
On purchasing items from the Society shop you will also provide:
- An address for delivery of the items
- A telephone contact number
- Information for processing payments
On contacting the Society by post, email, telephone, or in person, you may provide:
- Relevant contact details such as name, address, telephone number and email address.
10.3 Persons 16 years of age and under
If you are aged under 13, you must get your parent or guardian’s permission before you provide any personal information to us.
10.4 Use of Personal Information
The society will only use your personal data for the purposes for which it was provided.
Members' information will only be used for servicing the membership, including distribution of Society publications, notices of meetings and branch activities, personal communications regarding subscriptions and other membership issues and, where appropriate, processing payments.
Non-Members’ information will only be used for the purposes of servicing their use of the website and/or for the servicing and delivery of items from the Society shop including, where appropriate, the processing of payments.
Contact details may also be used to provide you with a response and/or resolution if you contacted us with a query, request or complaint, or if you request not to receive further information from us.
Relevant parts of your personal information will be shared, as appropriate, with our payment card processor for financial transactions and with the printer/mailing house for the distribution of Society publications.
Personal information will not be disclosed to any other third party without first obtaining the express permission of each individual involved or unless we are legally obliged by law.
We do not collect or store any sensitive or special category information.
Your personal information is stored on servers in the United Kingdom.
We undertake regular reviews of who has access to the information that we hold to ensure that your information is only accessed appropriately.
Payment card processing will only be undertaken on our behalf by a member of the international banking settlement system.
10.5 How long we keep your information
Personal information will automatically be deleted four years after leaving membership of the society or conducting business with the Society. The Society reserves the right to delete personal information at any earlier time after the conclusion of the purpose for which it was collected, consistent with any legal requirements for the retention of data. In no circumstances will data be retained for longer than six years after you have ceased to have any active contact with the Society.
10.6 Your rights to your personal information
You have the right to request access to any personal information about you which is held by the Society or its Branches and to have any inaccuracies corrected.
You also have the right to request us: to erase your personal information; or to restrict our use of your personal information; or to object to any processing which is causing or is likely to cause damage or distress.
To exercise these rights, please contact the Society`s Data Protection Officer whose contact details are given in the second paragraph of this Policy and in the contact section of the website.
If you are not happy with the response you receive, you can raise your concern with the relevant statutory body which is the Information Commissioner’s Office at Wycliffe House, Lane, Wilmslow, Cheshire, SK9 5AF, or via their website at https://ico.org.uk/.