The Officers’ Association is the data controller of your personal information and we undertake to store and use (‘process’) the information in accordance with the General Data Protection Regulation 2016 and any other relevant UK legislation. We process the information on the basis of the legitimate interest of providing engagement with prospective employees and jobseekers, advising on ex-military programmes, delivering other OA employment services and activities, and your membership of our employers network, where relevant, as agreed by you.
We will hold your name, job details and contact details – e-mail and telephone number. You may have provided these; sometimes we are given some of this information from a third party or obtain it from linkedin, recruitment fairs, websites, linked organisations, networking, introductions and job advertisements. Where you have not provided the information directly, we will always contact you to verify the accuracy.
We will also keep a record of information you provide on the sector you work or have worked in plus notes of any employment programmes or activities you are involved with.
What do we do with it?
We will use e-mail to contact you; we will only use your telephone number with your agreement.
With your consent, we will send you e-mails as specified by you about OA events and activities we think may be of interest to you. Where we organise events in partnership with other organisations, we will share your name, solely to avoid sending duplicate invitations, but we will not share contact details.
How long for?
We will contact you every two years to keep your information up to date, check that you want to stay on our database and update your e-mail preferences.
Where is the data kept?
We send out largescale e-mailings (according to registered preferences) using Dotmailer; See Dotmailers privacy information.
Callidus Cloud, Financial Force, LogMeIn and dotmailer are US companies which have self certified under the EU-US Privacy Shield and introduced standard contractual clauses to comply with the GDPR and to protect your data. Salesforce, Callidus Cloud and dotmailer will store your data in Europe, but, given the global nature of their activities, we cannot guarantee that they will not process your data outside the European Economic Area.
Other data processors used to support the OA’s administrative and technological functions are based in the UK.
The OA will not share your personal data with any other third party without your consent, subject to any statutory or legal obligations.
If you are a member of our Network Contact List, please see our Network Contact privacy notice about we use your data in that context.
You have the right to:
- Receive a copy of the personal data we hold on you.
- Object to processing of your personal data.
- Object to direct marketing.
- Have corrected or deleted any errors in your personal data.
- Ask that your data be erased subject to any statutory or legal requirements placed on the data controller.
- Ask that the processing of your data be restricted, if you disagree about the accuracy of the data the controller holds or you object to the controller’s intention to erase your data.
- Claim compensation for damages caused by a breach of data protection legislation.
- Make a complaint to the Information Commissioner’s Office online or 0303 123 1113.
If you wish to know more about this notice or your rights, please contact the Data Protection Officer, Susie Bamforth at firstname.lastname@example.org or 07783 169718