In meeting its charitable purposes, the Officers’ Association (OA) as a data controller processes the personal data of the following categories of people:

• Trustees, Presidents and Vice-Presidents [view privacy notice]
• Employees
• Job applicants [view privacy policy]
• Self-employed contractors
• Beneficiaries and potential beneficiaries [view privacy notice]
• Grants & Welfare volunteers (Honorary Representatives) [view privacy notice]
• Employment Service users and people seeking those services [view privacy notice]
• Employer and organisation contacts [view privacy notice]
• Network Contact List members [view privacy notice]
• Coaching applicants
• Service provider contacts
• Monthly News recipients [view privacy notice]

The OA undertakes to collect, record, store and use such information in accordance with the General Data Protection Regulation 2016 (GDPR) and any other relevant data protection legislation.

The individual privacy notices noted above give details of how the different categories of data are handled. All staff and volunteers are trained in the principles of data protection and are required to comply with this policy and the data handling policy.

A) DEFINITIONS

“Personal data” is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person’s name, identification number, location, online identifier. It can also include pseudonymised data.

“Special categories of personal data” are data which relates to an individual’s health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. Special categories also include genetic and biometric data (where used for ID purposes).

“Criminal offence data” is data which relates to an individual’s criminal convictions and offences.

“Data processing” is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

B) DATA PROTECTION PRINCIPLES

Under GDPR, all personal data obtained and held by us must be processed according to a set of core principles. In accordance with these principles, we will ensure that:

• Processing will be fair, lawful and transparent.
• Data be collected for specific, explicit, and legitimate purposes, as noted in the individual privacy notices. The OA does not sell, trade or rent personal data to others.
• Data collected will be adequate, relevant and limited to what is necessary for the purposes of processing as specified.
• Data will be kept accurate and up to date. Data which is found to be inaccurate will be rectified or erased without delay.
• Data is not kept for longer than is necessary for its given purpose. More information can be found in the separate privacy notices and in our data retention policy.
• Data will be processed in a manner that ensures appropriate security of personal data including protection against unauthorised or unlawful processing, accidental loss, destruction or damage by using appropriate technical or organisation measures. All staff and volunteers, as appropriate, will receive data protection training and will be required to follow data handling policies. All third parties accessing personal data held by the OA will be required to accept GDPR compliant data processing conditions. More information can be found in our Information Security Policy.
• We will comply with the relevant GDPR procedures for the international transfer of personal data.

C) DATA SUBJECTS’ RIGHTS

As noted in the individual privacy notices, people whose personal data we process have the right:

• To be informed about the data we hold on them and what we do with it; please see the individual privacy notices.
• Of access to the data we hold on them. Please contact the Data Protection Officer, Gary Shipsey on help@protecture.org.uk. This is called a ‘Subject Access Request’ to which we shall respond within a month, unless it is a very complex request when the law allows us up to 3 months to deal with it. We would only make a charge if the request was “manifestly unfounded or excessive.”
• For any inaccuracies in the data we hold on them, however they come to light, to be corrected within one month. This is also known as ‘rectification’. We shall inform any third parties with whom we have shared the data of any such changes.
• To have data deleted in certain circumstances. This is also known as ‘erasure’. We will delete data if it is no longer needed for the purpose for which it was collected; if the data subject objects to our processing the data and we have no over-riding legitimate interest in retaining it; the data has been processed unlawfully or we must erase it to comply with the law. We shall inform any third parties to whom the erasure is relevant.
• To restrict the processing of the data, if they disagree about the accuracy of the data we hold on them or object to our intention to erase data. This may involve reducing the data we hold on the data subject. We shall inform any third parties to whom the restriction is relevant.
• To object to direct marketing.
• To object to our processing of data on the lawful basis of legitimate interest, unless it can be demonstrated that such legitimate interest overrides the data subject’s interests, rights and freedoms.
• To claim compensation for damages caused by a breach of data protection legislation.
• Make a complaint to the Information Commissioner’s Office at: https://ico.org.uk/concerns/ or 0303 123 1113

D) WEBSITE USERS

The OA website uses “cookies”. Here is our cookie policy.

By using the website, you agree to abide by the website terms and conditions.

You can find out more about how we handle your data when you make an online enquiry via the website in the individual privacy notices listed above.

The OA uses HTTPS technology for secure communication between our website and its users to protect your privacy and security. Learn more about HTTPS.

The Website may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.

E) SOCIAL MEDIA

Anyone who follows us on social media can read our social media policy on how we use social media and your data.

F) DATA PROTECTION BREACHES

You can read here how we handle actual or suspected data protection breaches.