The Mid Cheshire Barn Owl Conservation Group – Data Protection Policy
The Mid Cheshire Barn Owl Conservation Group, which incorporates the north, south, east and north-east Cheshire Barn Owl Conservation Groups (Group), is a ‘not for profit’ voluntary group and is committed to protecting the privacy of all the personal information or data provided by those that are either members or otherwise use our services. Personal information and data is described as “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address”. This policy explains how we collect, use and store the personal information provided to us.
The Group commits to abide by the Data Protection Act 2018 (DPA) and the General Data Protection Regulation 2016 (GDPR) in all areas of its operation. This policy applies to everyone who works on its behalf and they are expected to work within the legislation. This policy sets out in detail the procedures in place to ensure that personal data relating to our members, users and those that enquire about our services are treated in the appropriate way.
The Group acknowledge that individuals have the right to expect that appropriate and reasonable safeguards will be operated by the Group to protect the confidentiality, integrity and security of their personal and sensitive personal data.
The DPA and the GDPR require that organisations process personal data in accordance with the eight Data Protection Principles and the Group has adopted those principles, which are:
- Fair and lawful
- Specific to purpose
- Adequate, relevant and not excessive
- Accurate and up to date
- Kept for no longer than necessary
- Processed in accordance with data subjects rights
- Kept secure
- Not transferred overseas without suitable safeguards
The Group will never share or sell your data to other third party organisations for their marketing purposes, unless required by law (for example by public bodies in respect of the prevention and detection of crime).
We may allow our members to access and use your information for the purposes for which it is intended (for example for forwarding Group Newsletters, advising of events, online analytics or processing payments).
Regarding our website
Cookies are small files that a site or its service provider transfers to your computer’s hard drive through your Web browser (if you allow), that enables the site’s or service provider’s systems to recognize your browser and capture and remember certain information. You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser settings. Since every browser is a little different you will need to look at your browser’s Help Menu to learn the correct way to modify your cookie settings.
The only cookies set by our wesbsite are those necessary to keep it secure. These are part of the WordPress Content Management System (CMS) on which this site is built. WordPress provides information on these cookies at https://codex.wordpress.org/WordPress_Cookies
- If you disable cookies in your browser
If you turn cookies off some of the features that allow you use the site as you intended may not function properly, for example you will not be able to stay logged in and post comments.
Personal information we collect if you register on our website
If you register on our site you will be asked to enter your name, email address and other optional details you may wish to enter to enhance your profile. You can correct, alter or delete this information at your convenience.
- How do we use your information?
We use the information we collect from you when you register to verify your log in details, to personalise your visit and send you any coomunications you have requested.
- Third-party links
The Group has adopted this policy. The core requirements relate to the collection, storage, processing, records, confidentiality, security, incident management, retention and deletion, management, availability, integrity, and secure disposal of personal and sensitive data.
We will only collect and process personal and sensitive data that has been obtained fairly and lawfully and for a specific set of purposes connected with the Group’s activities or where we have a legitimate purpose under law to do so. Data will be adequate and relevant and only used for the purposes collected. It will be maintained, kept accurate, and not retained for any longer than is necessary. We will before collecting any information consider:
- What details are necessary for our purposes
- How long we are likely to need this information
- What the information will be used for
The Group may use your personal information for a number of reasons. These include:
- All and any correspondence regarding the work of the Group restricted for the purposes above
- Administrative purposes – to include all internal record keeping and auditing
- Data collection providing such data does not disclose the personal details of the users, but gives a broad idea of users so we can adapt our services to suit our users.
We will endeavour to contact you insofar as you are happy for us to do so, and in the event you change your preferences we shall act swiftly to ensure that our contact and information is adjusted as appropriate.
We will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. The following measures will be taken:
- Password protection on personal systems
- Regularly back up data on computers
- Password protected attachments for sensitive personal information sent by email or stored on computers/laptops/phones
We will ensure that anyone whose personal information we process has the right to know:
- What information we hold and process on them
- What we are doing to comply with the regulations
They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block, or erase information regarded as wrong or if consent is withdrawn.
Individuals have the right under the DPA and the GDPR to access certain personal data being kept about them on computer and certain files. Any person wishing to exercise this right should apply in writing to the Data Compliance Officer, John Mycock, by email at firstname.lastname@example.org
The following information will be required before access is granted:
- Full name and contact details of the person making the request
- Their relationship with the Group
- Any other relevant information eg timescales
- We may also require proof of identity before access is granted
Queries about handling personal information will be dealt with swiftly and politely. The Data Compliance Officer will aim to comply with requests for access to personal information as soon as possible, but will ensure it is provided within the 40 days required by the DPA and the GDPR.