Privacy Policy

1. Data Protection Policy

The Military Historical Society takes its responsibilities with regard to the management of the personal data and the requirements of relevant legislation very seriously. This document provides the policy framework through which effective management of Data Protection matters can be achieved.

2. Relevant Legislation

The General Data Protection Regulation 2018; the Data Protection Act 2018; and all other applicable legislation concerning the storage and use of personal data.

The Society will adhere to the eight principles of data protection as laid down by the Act. In accordance with those principles personal data shall be:

3. Scope of the Policy

The purpose of this policy is to ensure that the Society complies with the provisions of the relevant legislation when processing personal data. This policy applies regardless of where the data is held, including the Society website and personally-owned computer equipment.

The Society will only hold data on Officers, Members and ex-Members of the Society and members of the public who have contacted the Society voluntarily (collectively known as Users). It will not hold data on members of the public for the purpose of direct marketing.

4. Source and Content of Data Held

Personal data held about individuals will only be supplied by the individuals themselves and will comprise some or all of Title, Name, Initials, Forename(s), Post-nominals, Surname, Address, Telephone number(s), Email address, Interests and any other contact details supplied by the individual or their personal representatives. Further administrative data will be added by the Society and will comprise some or all of Membership number; Date of joining; Dates of agreeing to and withdrawing from Gift Aid; Subscription level; Subscription payment history; Gift Aid history; Method of subscription payment; Membership status; Notes on administrative actions and contacts with the individual; and Similar administrative records.

5. Consent, Use of Data & Disclosure

Consent for the Society, and local Branches of the Society where appropriate, to contact Members will be sought at the time of joining the Society. Provision will also be made for Members to opt out of any specific means of communication or contact with local Branch organisations. Parental consent must be given before the Society processes any personal information for children under the age of 13.

The names of new Members, lost Members and the resignation, deletion, death or obituary of ex-Members may be published in Society publications.

Personal data will only be used for the purpose of circulating Society publications to Members and for other contacts relevant to membership or the business of the Society.

Relevant name and address data of Members who have agreed to Gift Aid will be disclosed to HMRC in the standard form specified for Gift Aid claims.

Personal data will not be disclosed to third parties for direct marketing or any other reason not associated with the business of the Society.

6. Access to Data

Members and ex-Members will be able to access and amend their own personal data through a password controlled restricted area of the Society website. Users will also be able to request access to their own data at any time and also to request that any or all of their personal data is removed from Society records. The Society reserves the right to require requests for access to be in writing and a charge may be made for such requests.

The Society aims to comply with requests for access to personal information as quickly as possible, but will always ensure that it is provided within the time limits prescribed in the relevant legislation set out in the Data Protection Act 1998. Individuals will not be entitled to access information to which any of the exemptions in the relevant legislation apply.

7. Deletion of Data

The Society will not retain the personal data of any user in any electronic or searchable filing system for more than six years after they have ceased to have any active contact with the Society.

8. Responsibilities

Society responsibilities

Data Protection Officer

Members’ responsibilities

9. Data Protection Breaches

Any Member of the Society who becomes aware of a Data Protection breach, must report it immediately to the Data Protection Officer. The report should include full and accurate details of the incident, including who is reporting the incident and what data is involved.

10. Website Privacy Policy Statement

Information concerning the treatment of personal data of Members and visitors to the Society website, including a synopsis of relevant parts of the above Privacy Policy, shall be published on the website as follows:

This Privacy Notice tells you about our use of information and your rights in respect of certain information that The Military Historical Society (the “Society”) and our branches may hold about you, whether or not you are a Member of the Society.

The Society, as data controller, will only collect, use and store your personal information in accordance with the General Data Protection Regulation 2018, the Data Protection Act 2018, and all other applicable UK legislation concerning the storage and use of personal data. If you have any queries about this Privacy Policy, please contact the Data Protection Officer: Dr J A Murdoch (email : dataprotection@mhsorg.uk)

This notice tells you about how we collect, use and protect your personal information.

10.1 Members of the Society

On joining the Society, you will provide information on:

You may also provide some or all of the following voluntary information:

10.2 Non-Members of the Society

On registering on the website, you will provide:

On purchasing items from the Society shop you will also provide:

On contacting the Society by post, email, telephone, or in person, you may provide:

10.3 Persons 16 years of age and under

If you are aged under 13, you must get your parent or guardian’s permission before you provide any personal information to us.

10.4 Use of Personal Information

The society will only use your personal data for the purposes for which it was provided.

Members' information will only be used for servicing the membership, including distribution of Society publications, notices of meetings and branch activities, personal communications regarding subscriptions and other membership issues and, where appropriate, processing payments.

Non-Members’ information will only be used for the purposes of servicing their use of the website and/or for the servicing and delivery of items from the Society shop including, where appropriate, the processing of payments.

Contact details may also be used to provide you with a response and/or resolution if you contacted us with a query, request or complaint, or if you request not to receive further information from us.

Relevant parts of your personal information will be shared, as appropriate, with our payment card processor for financial transactions and with the printer/mailing house for the distribution of Society publications.

Personal information will not be disclosed to any other third party without first obtaining the express permission of each individual involved or unless we are legally obliged by law.

We do not collect or store any sensitive or special category information.

Your personal information is stored on servers in the United Kingdom.

We use technical and other prudent security safeguards to ensure that your personal information is secure. We take appropriate measures to ensure that people with access to your personal information are aware that such information is only to be used in accordance with this Privacy Policy.

We undertake regular reviews of who has access to the information that we hold to ensure that your information is only accessed appropriately.

Payment card processing will only be undertaken on our behalf by a member of the international banking settlement system.

10.5 How long we keep your information

Personal information will automatically be deleted four years after leaving membership of the society or conducting business with the Society. The Society reserves the right to delete personal information at any earlier time after the conclusion of the purpose for which it was collected, consistent with any legal requirements for the retention of data. In no circumstances will data be retained for longer than six years after you have ceased to have any active contact with the Society.

10.6 Your rights to your personal information

You have the right to request access to any personal information about you which is held by the Society or its Branches and to have any inaccuracies corrected.

You also have the right to request us: to erase your personal information; or to restrict our use of your personal information; or to object to any processing which is causing or is likely to cause damage or distress.

To exercise these rights, please contact the Society`s Data Protection Officer whose contact details are given in the second paragraph of this Policy and in the contact section of the website.

If you are not happy with the response you receive, you can raise your concern with the relevant statutory body which is the Information Commissioner’s Office at Wycliffe House, Lane, Wilmslow, Cheshire, SK9 5AF, or via their website at https://ico.org.uk/.