Orpington and District Angling Association Privacy Statement
Who to contact about concerns on exercising any of
your data rights
We are the data controller of the personal data collected and held about you.
Our contact address is ODAA, c/o The Original Cobbler, 79 Cotmandene Crescent, BR5 2RA
Why do we collect your data?
We process personal data for the following purposes: -
a. To provide our services to you
b. Administering our membership records;
c. Maintaining our records;
d. Publicising the work that we do.
Whose data do we process?
We process the data of our own members, individuals who make enquiries with us, as well as individuals from organisations with whom we work, or need to interact with, in pursuit of our core objectives. These organisations include the police, regulatory and government agencies (such as the Environment Agency and Councils). Generally, we collect personal data from our members.
The most applicable criteria of the GDPR which are met in processing this data are that is it done:
· In pursuit of performing a contract between us;
· In pursuit of legitimate interests, taking into account the individual’s civil rights and freedoms;
· With the data subject’s consent.
How we hold your data
We hold information in electronic form and occasionally in hard copy. The Membership Secretary (for example) holds data on the computer and associated hardware necessary to do the job.
How long do we keep your data?
We collect data for a specified purpose and we will retain it for as long as we need it in order to pursue that purpose. If any Member wishes, they can request deletion of his or her data but that may impact upon their Membership of the Association.
Who do we share data with?
We will never sell your personal data to third party organisations, nor share it with them for their benefit. We will only share your personal data with organisations who carry out data processor duties on our behalf (for example, suppliers of office services) or anyone in pursuit of the original purpose for which it was obtained, for example, work party or bailiff organising. We may use third parties to support the provision of our services to members which includes IT support, website hosting and database services.
Your rights in respect of the data we hold about
You have several rights you may exercise in respect of your data. You have:
The right to know what we do with your data. We hope this statement satisfies this, but if there is anything that is not clear, please get in touch and we will seek to address any concerns you have.
The right to a copy of the data we hold about you, subject to some limitations, free of charge in the first instance.
The right to have incomplete data about you completed and the right to correct any errors in your data.
The right, in some circumstances, which applies to erasure of the data we hold about you. This is sometimes known as the “right to be forgotten”, which applies especially where there is no longer a necessity to keep your information.
The right, in some circumstances to restrict the processing of your personal data. The definition of “processing” is very wide.
The right to have your personal data supplied to another data controller, particularly where the data is held electronically.
The right to object to the processing of your data in certain circumstances.
The right to object to any automated decisions made about you (please note that ODAA does not currently – or foreseeably – process decisions about you automatically).
Children’s personal data
Decisions regarding the personal data of anyone under 13 years of age must be taken by the child’s parent, guardian or anyone appointed in law to fulfil that role. If you are over 13, but under 18 and are unclear about anything we have said in this statement, please get in touch with us (as shown at the start of this document) and we can try and make things clearer.
Do we send data outside the EU?
ODAA or anyone processing data on our behalf does not routinely send personal data outside the EU. If we did, for some reason, feel it necessary to do so we would satisfy ourselves thoroughly about the information security aspects of what is proposed and would seek your consent before doing so.
If you have concerns about any aspect of our data protection practices please raise it with us in the first instance. In the unlikely event you remain dissatisfied, the UK regulator of data protection is the Information Commissioner who can be contacted at Wycliff House, Water Lane, Wilmslow Cheshire SK9 5AF (or see: www.ico.org.uk)