RAF Historical Society

RAF Historical SocietyRAF Historical SocietyRAF Historical Society

RAF Historical Society

RAF Historical SocietyRAF Historical SocietyRAF Historical Society
  • Home
  • How to Join
  • What We Do
  • Who We Are
  • Latest News
  • More
    • Home
    • How to Join
    • What We Do
    • Who We Are
    • Latest News
  • Home
  • How to Join
  • What We Do
  • Who We Are
  • Latest News

Privacy Policy

  

This privacy policy sets out how we use and protect any personal information that you give to us. It is being issued in accordance with the GDPR, or European General Data Protection Regulation.

We are committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified, then it will only be used in accordance with this privacy statement and within our GDPR policy.

This privacy policy is effective from 1 April 2024.

How we use cookies on our website

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. 

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system. 

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us. 

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.


The data that we may collect (across all our communication and services)

We may collect the following information:
• name, title, and job title, place of work or study
• contact information including email address
• demographic information such as postcode, preferences and interests

• your past experience, or special interests, if provided when applying for membership of the RAFHS
• other information relevant to customer surveys and/or offers

• details of Society or partnership events you may have attended and payments you have made for admission 

• details of membership subscriptions and voluntary donations you have paid
• bank details for processing payments
• IP addresses
• access and dietary requirements or health information
• date of birth, gender, sexual orientation, ethnicity, disability and other information for monitoring diversity

Why we require this information:
 

1. Website users
For internal record keeping in order to monitor the number of users our website receives and the demographics of users, and to inform you about the MA’s activities.
For marketing, market research, and to use the information to improve our products and services. 

Legal basis for processing website users data

We process the following data under our legitimate business interests in order for us register you as a website user, to keep you informed and provide the best products and services we can.
• Name and job title, place of work or study.
• Contact information including email address.
• Demographic information such as salary band, postcode, preferences and interests.
• Other information relevant to customer surveys and/or offers.
• IP address.

With your prior consent we will:
• periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided and;
• contact you from time to time, for market research purposes. We may contact you by email, phone, or mail. 


2. Society Membership
For internal record keeping including membership processing, and in order to deliver benefits such as the Society’s Journal. 

For marketing, market research, and to use the information to improve our products and services. 

Legal basis for processing members’ data

We process the following data under contractual obligation as part of the information required in order for us to process your membership and deliver your benefits.
• Name.
• Contact information including email address.
• Bank and payment details for processing.
• IP address.

We process the following types of data under our legitimate business interest, which is to keep the Society members informed and to maintain and improve the Society’s benefits to members.
• Name.
• Contact information including email address.
• Job title, place of work or study.
• Demographic information such as postcode, preferences and interests.

• Your past experience, or special interests, if provided when applying for membership of the RAFHS
• Other information relevant to customer surveys and/or offers.

With your prior consent we will:
• periodically send promotional emails about events, information or other news which we think you may find interesting using the email address which you have provided and;
• contact you from time to time, for market research purposes. We may contact you by email, phone, or mail. 


3. Newsletter Subscribers
For internal record keeping including processing of your newsletter in order to ensure these are delivered to you correctly and to inform you about the Society’s activities.

For marketing, market research, and to use the information to improve our products and services.

Legal basis for processing Newsletter subscribers data

We process the following data under contractual obligation as part of the information required in order for us to process your subscriptions.
• Name.
• Contact information including email address.
• IP address.

We process the following types of data under our legitimate business interest, which is to keep you informed and provide the best events, publications, products and Society services we can.
• Name.
• Contact information including email address.
• Job title, place of work or study.
• Contact information including email address.
• Demographic information such as postcode, preferences and interests.
• Other information relevant to customer surveys and/or offers.

With your prior consent we will:
• periodically send promotional emails about new events, publications, products, Society membership or other information which we think you may find interesting using the email address which you have provided and;
• contact you from time to time, for market research purposes. We may contact you by email, phone, or mail. 


4. Events attendees

For internal record keeping including processing of your order; in order to ensure that you are correctly booked on your chosen event/s and that any preferences e.g. around access and dietary requirements are correctly recorded, and to inform you about our activities.
For marketing, market research, and to use the information to improve our products and services. 

Legal basis for processing event attendees’ data

We process the following data under contractual obligation as part of the information required in order for us to process your events attendance.
• Name.
• Contact information including email address.
• Bank details for payment processing.
• IP address.

We process the following types of data under our legitimate business interest, which is to keep you informed and provide the best products and services we can.
• Name.
• Contact information including email address.
• Job title, place of work or study.
• Demographic information such as postcode, preferences and interests.
• Other information relevant to customer surveys and/or offers.

With your prior consent we will:
• periodically send promotional emails about new products, special offers or other information which we think you may find interesting using the email address which you have provided and;
• contact you from time to time, for market research purposes. We may contact you by email, phone, or mail. 

Sensitive data with consent and under the special condition of explicit consent:
• dietary requirements, access requirements, health information where relevant.

 

Processing of sensitive personal data


Sensitive personal data includes information relating to the following matters:
· your racial or ethnic origin
· your political opinions
· your religious or similar beliefs
· your trade union membership
· your physical or mental health or condition
· your sex life, or
· the commission or alleged commission of any offence by you.

The Society only collects and processes sensitive data where it is necessary to enable the Society to meet its legal obligations, and in particular to ensure adherence to health and safety and vulnerable groups protection legislation or for equal opportunities monitoring purposes. 

Currently we may collect sensitive data for the following purposes.

Events attendance where we may collect:
• dietary requirements, access requirements, health information where relevant, with consent and under the special condition of explicit consent

Equality, Diversity and Inclusion surveys where we may collect:
• date of birth, gender, sexual orientation, ethnicity, disability with consent, and also under the special condition of explicit consent

In most cases the Society will not process sensitive personal data without your consent.


Who we share your data with

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law. 

We will share relevant data with external organisations, e.g. journal distribution, in order to process the mailing of the Society Journal and other publications, host venues of events, e.g. the RAF Museum, payment processing companies, e.g. in the event of a direct debit system.


Your rights around your personal data

1. Withdrawing your consent
When you register you can set your user preferences as to how and about what we may contact you. 

We will require at least one method of contact to communicate with you in order to administer your membership or other products and services.  

If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by writing to us at the address below, or emailing us at <info@rafhistoricalsociety.org.uk>

The RAF Historical Society, C/O Research Department, RAF Museum, Grahame Park Way, London, NW9 5LL.


2. How you may request the information we hold about you
You may request details of personal information which we hold about you under the GDPR 2018. 

If you would like a copy of the information which we hold about you, please contact us using the details above. We will send this information to you within the time frame stipulated by the Act.


3. Data portability 

The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.

For example, this could apply if you wanted to transfer your data to another pension provider.

The right to data portability only applies:
• to personal data an individual has provided to a controller;
• where the processing is based on the individual’s consent or for the performance of a contract; and
• when processing is carried out by automated means.

If required we will provide the personal data in a structured, commonly used and machine-readable form, free of charge. 

You can make a request verbally or in writing. We will respond to your request within the time frame stipulated by the Act. Please contact us using the details above.


4. Disclosure of information 

We will ensure that your information will not be disclosed to government institutions or authorities except if required by law or when requested to by regulatory bodies or law enforcement organisations.


5. Right to rectification and erasure 

The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete. 

You can make a request for rectification verbally or in writing. We will respond to your request within the timeframe stipulated by the Act.

The GDPR also introduces a right for individuals to have personal data erased. The right to erasure is also known as ‘the right to be forgotten’. You can make a request for erasure verbally or in writing. However, there may be a legal basis for us to refuse the request, e.g. where we are required to hold the data, for example in relation to financial transactions.

You can make a request for erasure verbally or in writing. We will respond to your request within the timeframe stipulated by the Act. Please contact us using the details above.


6. Right to object 

The GDPR gives individuals the right to object to the processing of their personal data in certain circumstances, for example you have an absolute right to stop your data being used for direct marketing.

You can make a request verbally or in writing. We will respond to your request within the timeframe stipulated by the Act. Please contact us using the details above.


7. Complaints procedure 

If you have a concern about the way we are handling your personal information – perhaps we hold information about you that is incorrect, we have held it for too long, or we are not keeping it securely, you can make a complaint verbally or in writing. We will respond to your request within the timeframe stipulated by the Act. Please contact us using the details above.

You may also wish to raise your concerns with the ICO (the Information Commissioner’s Office), particularly if you do not feel that MA’s response has not been adequate.

If the ICO think the organisation has not complied with its obligations it can give the organisation advice and ask it to solve the problem. They do not award compensation. Their main aim is to improve the information rights practices of organisations. You can raise a complaint with the ICO through the following link: https://ico.org.uk/make-a-complaint/ 


What information security we have in place

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

Any Committee Member and data processors that have access to and are associated with the processing of your personal information are obliged to respect the confidentiality of your information.

We regularly review policies, data management processes and procedures to ensure they are compliant with the new GDPR. All Committee Members who process your data will be required to familiarise themselves with these policies and agree to abide by them.

Please be aware that communications over the internet, such as emails and web messages, are not secure unless they have been encrypted. Your communications may route through a number of countries before being delivered – this is the nature of the world wide web/internet. The Society cannot accept responsibility for any unauthorised access or loss of personal information that is beyond our control.


What we will do in the event of a data breach

The Society ensures that sufficient policies, processes and procedures are in place to detect, report and investigate a personal data breach.

We will notify the ICO (and where required individuals or organisations, including the Charity Commission) of a breach where it is likely to result in a risk to the rights and freedoms of individuals – if, for example, it could result in discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage.


How we will update our contracts or agreements with data controllers and data processors 


Data controllers and data processors are other organisations (or individuals) which control and/or process information on our behalf. 

Under the GDPR, our contracts or agreements with data controllers and data processors need to contain certain minimum provisions, such as a description of the scope, nature and purpose of processing. 

Should we enter any agreements and contracts with third parties we will ensure they have appropriate policies and security measures in place to comply with the GDPR and safeguard the personal data we hold. 

When we appoint new third parties to act as data controllers and data processors on our behalf, we will ensure that there are appropriate provisions in relation to their own compliance with the GDPR and other relevant matters such as compliance, monitoring and reporting.


Links to other websites

Our website may contain links to enable you to easily visit other websites of interest in relation to the historiography of the Royal Air Force. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. 

Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy policy. You should exercise caution and look at the privacy policy applicable to the website in question.


How long we will retain data

Data will only be processed in accordance with the purpose or purposes that it was originally collected for and will only be kept for as long as necessary. We will review at regular intervals the length of time we keep personal data.

We will consider the purpose or purposes we hold the information for in deciding whether (and for how long) to retain it.

We will securely delete information that is no longer needed for this purpose or these purposes; and update, archive or securely delete information if it goes out of date.


Transfer of data to outside the EU

The GDPR imposes restrictions on the transfer of personal data outside the European Union, to third countries or international organisations. These restrictions are in place to ensure that the level of protection of individuals afforded by the GDPR is not undermined.

Personal data may only be transferred outside of the EU in compliance with the conditions for transfer set out in Chapter V of the GDPR.

There are no current circumstances where the Society will transfer your data outside the EU.

Copyright 2024 RAF Historical Society - All Rights Reserved.

Powered by GoDaddy

  • Home
  • GDPR
  • Privacy Policy
  • Constitution
  • Committee Members
  • Grants and Bursaries
  • Journals

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept