The Officers’ Association (OA), as data controller, undertakes to collect, handle and store (‘process’) your personal data in accordance with the General Data Protection Regulation (GDPR) 2016 and any other relevant data protection legislation.
We process the information on the basis of the legitimate interest of providing engagement with prospective employees and jobseekers, advising on ex-military programmes, delivering other OA employment services and activities, and, where relevant, your membership of our employers network, as agreed by you.
We will hold your name, job title, organisation, sector, business location, areas of expertise, e-mail address and, where provided, LinkedIn URL. You may have provided these; sometimes we are given some of this information from a third party or obtain it from LinkedIn, recruitment fairs, websites, linked organisations, networking, introductions and job advertisements. Where you have not provided the information directly, we will always contact you to verify the accuracy.
We will also keep a record of information you provide on the sector you work or have worked in plus notes of any employment programmes or activities you are involved with.
What do we do with it?
The Officers’ Association will only process the data you give us, with your consent, as part of and to administer the network contact list, to assist jobseekers. The list will be available via the portal on the OA website and via the OA app only to those who have registered for OA employment services.
Your contact details do not appear on the contact list; when a job-seeker clicks on your entry in the list, you will receive their e-mail address. Only when you respond directly to the job-seeker will your contact details be made available to them. However, if you have provided a LinkedIn Profile URL, this will appear once the job-seeker has clicked on the link in the network contact list, making your details available to job-seekers.
We will use e-mail to contact you and inform you of anything relating to the administration of the network contact service and your role.
With your consent, we will send you e-mails as specified by you about events and activities we think may be of interest to you. Where we organise events in partnership with other organisations, we will share your name, solely to avoid sending duplicate invitations, but we will not share contact details.
How long for?
We will contact you every two years to keep your information up to date, check that you want to stay on our database as a Network Contact and update your e-mail preferences. You may, however, ask to be removed from the list at any time and for us to stop processing your data. You should be aware that users of the list might have kept your contact details and might try to contact you after you have requested to leave the list. You may inform them that you are no longer on the list or you may ask us to do so on your behalf. Please inform us if you spot any inaccuracies in the data we hold on you or if anything needs updating.
Where is the data kept?
We send out largescale e-mailings (according to registered preferences) using dotmailer; their privacy information can be found at https://www.dotmailer.com/about-us/trust/.
Callidus Cloud, Financial Force, LogMeIn and dotmailer are US companies which have self certified under the EU-US Privacy Shield and introduced standard contractual clauses to comply with the GDPR and to protect your data. Salesforce, Callidus Cloud and dotmailer will store your data in Europe, but, given the global nature of their activities, we cannot guarantee that they will not process your data outside the European Economic Area.
Other data processors used to support the OA’s administrative and technological functions are based in the UK.
The OA will not share your personal data with any other third party without your consent, subject to any statutory or legal obligations.
You have the right to:
- Receive a copy of the personal data we hold on you.
- Object to processing of your personal data.
- Object to direct marketing.
- Have corrected or deleted any errors in your personal data.
- Ask that your data be erased subject to any statutory or legal requirements placed on the data controller.
- Ask that the processing of your data be restricted, if you disagree about the accuracy of the data the controller holds or you object to the controller’s intention to erase your data.
- Claim compensation for damages caused by a breach of data protection legislation.
- Make a complaint to the Information Commissioner’s Office at: https://ico.org.uk/concerns/ or 0303 123 1113.
If you wish to make any changes to your data or to be removed from the list, please contact Megan Varley at email@example.com.
If you wish to know more about this notice or your rights, please contact the Data Protection Officer, Susie Bamforth firstname.lastname@example.org tel 07783 169718.