The Officers’ Association, as data controller, will hold certain information on you in relation to your role as Trustee, President or Vice-President. This document sets out how and on what grounds we will process that personal data and for how long we will retain it. If have any queries, please contact the Data Protection Officer, Susie Bamforth, on 07783 169718, or via e-mail firstname.lastname@example.org.
In applying for the post of Trustee or being put forward for the role of President, you will normally be asked for a CV or biographical information. If your candidature is not taken forward, this information will be destroyed after one year. If you become a Trustee or President, the information (including the biographical entry on the OA website) will be deleted at the end of your period of office.
You will be asked to provide contact details of address, telephone number and e-mail address. With your consent, the e-mail address and telephone number will be on an OA telephone list which is accessible to all employees of the OA and is shared with your fellow trustees, presidents and vice-presidents. The postal address is only accessible to certain members of the OA. Your contact details will not be shared with anyone else without your specific consent. These contact details will be deleted from the telephone list at the end of your period of office, but will be retained electronically for one year, with restricted access, to allow us to keep in touch. Please be aware that although your details will be deleted from all contact lists, they may still exist within e-mails which have not yet been deleted from our system. The OA is continuing to develop its e-mail policy to ensure e-mails are kept for a limited period for a required purpose only.
Trustees will be asked to sign an acceptance of office on being elected and will be required to maintain a register of interests held by the OA which may include information about your family. These documents will be retained for 7 years after the end of your term of office.
Certain trustees will be asked to act as directors of the OA’s trading subsidiary, OA Advance Ltd. Any personal data collected in this role will be retained in accordance with Company Law and you will be advised accordingly if invited to take on this role.
Certain trustees will be asked for date of birth and identity documents to verify identity in our own governance procedures and to meet the requirements of our bank, Handelsbanken, or other financial institutions involved in OA business. The date of birth will be retained for your period of office and any copies of ID documents will be destroyed once the third party is satisfied.
Minutes recording your name and comments you have made in Committee and Council meetings will be kept in perpetuity.
Certain trustees, in performance of their functions, will have direct access to Salesforce and so their name, e-mail address and IP address will be held by Salesforce.
All other electronic data is stored on a remote computer hosted by a UK based company, Wanstor.
Other than where we have stated the need for consent, we shall process this information on the basis of our legitimate interest of the fulfilment of the role for which you have volunteered. We will not share any of your personal data with anyone else, other than as stated above, or use it for any purpose other than your role with the OA and will not pass it outside the EEA, without your consent, other than as stated above.
You have the right to:
- Receive a copy of the personal data we hold on you.
- Object to processing of your personal data.
- Have corrected any errors or omissions in the personal data held.
- Ask that your personal data be erased subject to any statutory or legal requirements placed on the data controller.
- Where you have given consent, you may withdraw it at any time. If you withdrew consent for the sharing of your contact information, certain OA employees would need to retain contact details to allow you to perform your role.
- Ask that the processing of your data be restricted, if you disagree about the accuracy of the data the controller holds or you object to the controller’s intention to erase your data.
- Claim compensation for damages caused by a breach of data protection legislation.
- Make a complaint to the Information Commissioner’s Office at: https://ico.org.uk/concerns/ or 0303 123 1113.