The Officers’ Association (OA) as data controller will collect, use and store (‘process’)your information in accordance with the General Data Protection Regulation (GDPR) 2016/679 and any relevant UK legislation. If you have any queries, about any of the information below, please contact the Data Protection Officer Susie Bamforth on 0207 808 4181, or firstname.lastname@example.org
We will process most of the information you give us on the basis of the legitimate interest of providing the support you are seeking. Some of the information we ask for is considered sensitive and classified as ‘special category.’ This includes:
• Religion; we ask for this because there are some funds which are only available to people of certain religions.
• Health information; this helps to give a full picture of your situation and needs.
• If relevant, criminal convictions; so that we can fully assess your circumstances.
We need your consent to process this type of information; you do not have to give the information but if you do not, it may affect how we can help you. You can withdraw your consent at any time. The information you provide will only be used for the purpose of providing assistance to you.
Keeping your data
The OA will retain your full data on its own database for up to seven years after our last contact with you. This will include a record of any payments or material help provided to you. After that, only your name and date of birth will be retained as evidence of whom we have helped.
If you are acting under power of attorney we will retain your name and contact details as above.
We will also retain for up to seven years minimal data of any dependants and of the qualifying person if you yourself are not a former officer.
Salesforce, Financial Force and Callidus Cloud are US companies which have self certified under the EU-US Privacy Shield and introduced standard contractual clauses to comply with the GDPR and to protect your data, including storing it in Europe, but, given the global nature of their activities, we cannot guarantee that they will not process your data outside the European Economic Area (EEA). Other data processors used to support the OA’s administrative and technological functions are based in the UK.
Sharing your data
Your personal data will be held on the SSAFA managed database for up to 7 years. A full list of the charities who have access to this database can be seen on our website, but only the charities chosen as relevant by us will be able to see your data and they will only use it for the purpose of providing assistance to you. Please let us know if there are charities you would not wish us to contact on your behalf. If you would like a hard copy of the list of charities or would like to know which charities we have shared your data with, please contact us via: https://www.officersassociation.org.uk/benevolence/contact-benevolence/
or by Telephone No 0207 808 4175
We may also share your data with:
• Charities outside the SSAFA managed database. A list of the charities we dealt with in 2017-18 can be found on our website at https://www.officersassociation.org.uk/
• Companies and organisations which we engage to deliver goods or services to you.
• Selected statutory agencies for instance, the Department for Work and Pensions and local authorities.
• Other statutory bodies as required by law.
• In order to verify Service in the Armed Forces, an individual’s name, rank and service number may be checked with the relevant department in the Ministry of Defence.
• Sometimes we will seek further information about your service record (or that of the qualifying person) from the MOD in order to know whether other military charities are able to help you.
You have the right to:
• Receive a copy of the personal data held by any of the data controllers (i.e OA, SSAFA or any of the charities or organisations with whom we share your data).
• Object to processing of your personal data
• Have corrected or deleted any errors in your personal data.
• Ask that your data be erased subject to any statutory or legal requirements placed on the data controller.
• Ask that the processing of your data be restricted, if you disagree about the accuracy of the data the controller holds or you object to the controller’s intention to erase your data.
• Claim compensation for damages caused by a breach of data protection legislation.
• Make a complaint to the Information Commissioner’s Office at: https://ico.org.uk/concerns/ or 0303 123 1113.