Beneficiary Privacy Notice

The Officers’ Association (OA) as data controller will collect, use and store (‘process’)your information in accordance with the General Data Protection Regulation (GDPR) 2016/679 and any relevant UK legislation. If you have any queries, about any of the information below, please contact the Data Protection Officer Susie Bamforth on 07783 169718, or s.bamforth@officersassociation.org.uk

Legal basis

We will process most of the information you give us on the basis of the legitimate interest of providing the support you are seeking. Some of the information we ask for in the form is considered sensitive and classified as ‘special category.’ This includes:

  • Religion; we ask for this because there are some funds which are only available to people of certain religions.
  • Health information; this helps to give a full picture of your situation and needs.
  • If relevant, criminal convictions; so that we can fully assess your circumstances.

We need your consent to process this type of information; you do not have to give the information but if you do not, it may affect how we can help you. You can withdraw your consent at any time. The information you provide will only be used for purpose of providing assistance to you.

Keeping your data

The OA will retain your data on its own database for up to seven years after our last contact with you. This will include a record of any payments or material help provided to you.

The OA database is held on Salesforce; their terms of service and privacy policy can be found on their website https://www.salesforce.com/company/privacy/.

Any payments made will be recorded in Financial Force; their privacy policy may be found here: https://www.financialforce.com/privacy/privacy-statement/. All data entered into Financial Force is stored with Salesforce. This information will also be retained in hard copy for seven years.

If you complete an enquiry form on our website then you will use a data gathering device called Clicktools; their privacy policy and terms of use can be found on the parent company’s website https://www.calliduscloud.com/privacy-policy/. The data is automatically transferred to Salesforce.

Salesforce, Financial Force and Callidus Cloud are US companies which have self certified under the EU-US Privacy Shield and introduced standard contractual clauses to comply with the GDPR and to protect your data, including storing it in Europe, but, given the global nature of their activities, we cannot guarantee that they will not process your data outside the European Economic Area (EEA). Other data processors used to support the OA’s administrative and technological functions are based in the UK.

Sharing your data

If we think another military charity will be able to help you, we would enter your information on a database, managed by SSAFA on behalf of a range of military charities. SSAFA would then also be a data controller of your data and you may read SSAFA’s privacy policy.
Contact SSAFA.

Your personal data will be held on the SSAFA managed database for up to 7 years. A full list of the charities who have access to this database can be seen on our website, but only the charities chosen as relevant by us will be able to see your data and they will only use it for the purpose of providing assistance to you. Please let us know if there are charities you would not wish us to contact on your behalf. If you would like a hard copy of the list of charities or would like to know which charities we have shared your data with, please contact the OA online or by telephone on 020 7808 4175.

We may also share your data with:

  • Charities outside the SSAFA managed database. You can see a list of charities we work with.
  • Companies and organisations which we engage to deliver goods or services to you.
  • Selected statutory agencies for instance, the Department for Work and Pensions and local authorities.
  • Other statutory bodies as required by law.
  • In order to verify Service in the Armed Forces, an individual’s name, rank and service number may be checked with the relevant department in the Ministry of Defence.
  • Sometimes we will seek further information about your service record from the MOD in order to know whether other military charities are able to help you.

Other charities with whom your data has been shared may have their own data retention policy. For details of these and to see each Data Controller’s Privacy Policy please visit the relevant charity’s website.

Your rights

You have the right to:

  • Receive a copy of the personal data held by any of the data controllers (i.e OA, SSAFA or any of the charities or organisations with whom we share your data).
  • Object to processing of your personal data.
  • Have corrected or deleted any errors in your personal data.
  • Ask that your data be erased subject to any statutory or legal requirements placed on the data controller.
  • Ask that the processing of your data be restricted, if you disagree about the accuracy of the data the controller holds or you object to the controller’s intention to erase your data.
  • Claim compensation for damages caused by a breach of data protection legislation.
  • Make a complaint to the Information Commissioner’s Office at: https://ico.org.uk/concerns/ or 0303 123 1113.