If you have any requests concerning your personal information or any queries with regard to our processing, please contact VFF@starandgarter.org You may also contact us by writing to The Data Protection Officer (VFF) c/o Royal Star & Garter, 15 Castle Mews, Hampton TW12 2NP.
- Information about us
- Collection of information about you
- Other people’s data
- What we do with your information
- Legal basis for processing your information
- Sharing of your information
- International transfers
- Security of personal information
- Retention of personal information
- Your rights
Information about us
Collection of information about you
We may collect and process the following data about you:
- Information you give us. You may give us information about you asking for information about the VFF or by applying for accreditation, submitting an application to work, or by corresponding with us by phone, e-mail or otherwise. The information you give us may include your name, address, e-mail address and phone number. You may also give us information through our website and social media pages.
- Sensitive personal data. We sometimes collect and use “sensitive personal data”. This is defined as information about racial or ethnic origin, political opinions, religious or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions. We collect sensitive personal data to help us monitor equal opportunities and for safeguarding purposes.
- Technical information when you visit our website, including the Internet Protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, geographical location, browser plug-in types and versions, operating system and platform.
- We use Google Analytics and Google Signal to measure how you use our website.
Other people’s data
You may provide the personal data of other people (e.g. colleagues you work with). Before providing anyone else’s data please ensure they are happy for you to do so and under no circumstances must you make public another person’s home address, email address or phone number without their permission.
What we do with your information
For organisations, we will use the information you provide to:
- fulfil your requests – such as provision of information
- record any contact we have with you;
- assess your application to join the VFF;
- to carry out our obligations arising from any contracts entered into between you and us;
- prevent or detect fraud or abuses of our website and enable third parties to carry out technical, logistical or other functions on our behalf.
Legal basis for processing your information
We rely on one or more of the following processing conditions in order to process your personal information:
- our legitimate interests in the effective delivery of information and services to you (provided these do not interfere with your rights);
- to satisfy any legal and regulatory obligations to which we are subject;
- to perform our obligations under any contracts that we have agreed with you; or
- where no other condition for processing is available, if you have agreed to us processing your personal information for the relevant purpose.
Sharing of your information
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
We never sell or share your information to other organisations to use for their own purposes other than as explained above.
Transfers outside the UK will be only:
- to a recipient located in a country which provides an adequate level of protection for your personal information; and/or
- under an agreement or mechanism which satisfies UK requirements for the transfer of personal data to data processors or data controllers outside the UK, such as standard contractual clauses approved by the European Commission or the US Privacy Shield Framework in relation to transfers of personal data from the UK to the USA.
Security of your personal information
We have implemented generally accepted standards of technology and operational security in order to protect personal information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal information collected via the website; these individuals have agreed to maintain the confidentiality of this information. We use secure server software (SSL) to encrypt financial and personal information you input via our website before it is sent to us.
Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e-mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us.
Where you or we have provided a password enabling you to access parts of our websites or use our services, it is your responsibility to keep this password confidential. Please do not share your password with anyone.
Retention of personal information
We will retain your personal information only for as long it is required for the purposes for which it was collected, or as required to do so by law. When we no longer need information, we will dispose of it securely, using specialist companies if necessary to do this work for us.
You have certain rights in relation to the personal information we hold about you. In particular, you have a right to:
- request a copy of personal information we hold about you (commonly referred to as a subject access request);
- ask that we update the personal information we hold about you, or correct such personal information that you think is incorrect or incomplete;
- ask that we delete personal information that we hold about you, or restrict the way in which we use such personal information;
- object to our processing of your personal information;
- withdraw your consent to our processing of your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing); and/or
- request portability of your personal information.
If you would like to exercise these rights, please contact us in writing (which can be an email). You may be asked to provide the following details:
- The personal information you want to access
- Where it is likely to be held
- The date range of the information you wish to access.
We will need to ask you to confirm your identity. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it. We will aim to respond to any requests for information promptly, and in any event within the legally required time limits (30 days). This timeframe may be extended by up to two months if your request is particularly complex.
We may charge for a request to access your information, if permitted by applicable law. For example, we may charge a reasonable fee based on administrative costs for providing further copies of your information.
We are not a ‘public authority’ as defined under the Freedom of Information Act 2000. We will not use our funds to respond to requests for information made under this Act.
For more information about your rights under the GDPR, please visit the website of the Information Commissioner’s Office at https://ico.org.uk/
Post: The Data Protection Officer (VFF) c/o Royal Star & Garter, 15 Castle Mews, Hampton, TW12 2NP.
You may also have the right to lodge a complaint with the UK’s data protection regulator, the Information Commissioner’s Office. For further information on your rights and how to complain to the ICO please refer to the ICO website: https://ico.org.uk/
AUTHOR AND REVIEW DETAILS
Author: Caroline Speller, Charity Secretary Royal Star & Garter
Date: December 2023
Review date: December 2024