Orpington and District Angling Association
Privacy Statement
Who to contact about concerns on exercising any of
your data rights
We are the data controller of the personal data collected and held about you.
Our contact address is ODAA, PO Box 853 Orpington Kent BR6 1JA
Why do we collect your data?
We process personal data for the following purposes: -
a. To provide our services to you
b. Administering our membership records;
c. Maintaining our records;
d. Publicising the work that we do.
Whose data do we process?
We process the data of our own members, individuals who make enquiries with us,
as well as individuals from organisations with whom we work, or need to
interact with, in pursuit of our core objectives. These organisations include
the police, regulatory and government agencies (such as the Environment Agency
and Councils). Generally, we collect personal data from our members.
The most applicable criteria of the GDPR which are
met in processing this data are that is it done:
· In
pursuit of performing a contract between us;
· In
pursuit of legitimate interests, taking into account the individual’s civil
rights and freedoms;
· With
the data subject’s consent.
How we hold your data
We hold information in electronic form and occasionally in hard copy. The
Membership Secretary (for example) holds data on the computer and associated
hardware necessary to do the job.
How long do we keep your data?
We collect data for a specified purpose and we will retain it for as long as we
need it in order to pursue that purpose. If any Member wishes, they can request
deletion of his or her data but that may impact upon their Membership of the
Association.
Who do we share data with?
We will never sell your personal data to third party organisations, nor share
it with them for their benefit. We will only share your personal data with
organisations who carry out data processor duties on our behalf (for example,
suppliers of office services) or anyone in pursuit of the original purpose for
which it was obtained, for example, work party or bailiff organising. We may use
third parties to support the provision of our services to members which
includes IT support, website hosting and database services.
Your rights in respect of the data we hold about
you
You have several rights you may exercise in respect of your data. You have:
The
right to know what we do with your data. We hope this statement satisfies this,
but if there is anything that is not clear, please get in touch and we will
seek to address any concerns you have.
The
right to a copy of the data we hold about you, subject to some limitations,
free of charge in the first instance.
The
right to have incomplete data about you completed and the right to correct any
errors in your data.
The
right, in some circumstances, which applies to erasure of the data we hold
about you. This is sometimes known as the “right to be forgotten”, which
applies especially where there is no longer a necessity to keep your
information.
The
right, in some circumstances to restrict the processing of your personal data.
The definition of “processing” is very wide.
The
right to have your personal data supplied to another data controller,
particularly where the data is held electronically.
The
right to object to the processing of your data in certain circumstances.
The
right to object to any automated decisions made about you (please note that
ODAA does not currently – or foreseeably – process decisions about you
automatically).
Children’s personal data
Decisions regarding the personal data of anyone under 13 years of age must be
taken by the child’s parent, guardian or anyone appointed in law to fulfil that
role. If you are over 13, but under 18 and are unclear about anything we have
said in this statement, please get in touch with us (as shown at the start of
this document) and we can try and make things clearer.
Do we send data outside the EU?
ODAA or anyone processing data on our behalf does not routinely send personal
data outside the EU. If we did, for some reason, feel it necessary to do so we
would satisfy ourselves thoroughly about the information security aspects of
what is proposed and would seek your consent before doing so.
Further concerns?
If you have concerns about any aspect of our data protection practices please
raise it with us in the first instance. In the unlikely event you remain
dissatisfied, the UK regulator of data protection is the Information
Commissioner who can be contacted at Wycliff House, Water Lane, Wilmslow
Cheshire SK9 5AF (or see: www.ico.org.uk)