The Halesworth Narrow Gauge Railway Society are data controllers of this information for the purposes of this policy.
Personal data is defined in Data Protection law and is essentially personal data by which an individual can be identified.
Keeping your personal data safe and secure is one of The Halesworth Narrow Gauge Railway Society’s top priorities and to ensure we give it the respect and security it deserves. This statement makes it easier for you to find out how we use and protect your information
We are extremely concerned to protect your privacy and confidentiality. We understand that our members and users of our services are quite rightly concerned to know that their data will not be used for any purpose unintended by them, and will not fall into the hands of a third party.
If you think our policy falls short of your expectations or that we are filing to abide by our policy, do please tell us.
This policy applies to the personal data that the Society collects and holds about you when you become a member the Society or create a website account and when using its website.
Information we hold about you may include any one or more of the following types of data:
• Account information:
When you register as a member of our Society, the minimum information we will usually ask you to provide is your name, email address, contact mail address, telephone numbers, and year of birth. We may also ask you for additional information if for example you are interested in volunteering to assist the Society in relation to any of its activities or projects.
• Transactional information:
When you purchase event tickets, merchandise and other products from the Society and any other official offline sales channels, we will keep a record of your transaction, including what you purchased and when, and any information you provide to us to fulfil the transaction. This may include your name, billing information, telephone number, and delivery address.
• Information from you: If you contact us (by email, telephone or letter), we may keep a record of that correspondence. Your e-mail address is recorded when you send e-mail to us. We shall use it only to correspond with you or otherwise strictly in accordance with your instructions. We shall not under any circumstances divulge your e-mail address to any other person who is not a member of the Society or our suppliers or contractors and even then only if it is necessary in any particular circumstance that they need to know it.
• Information you provide to us in response to a survey:
We may occasionally contact you to ask for your feedback on the Society’s products, goods and/or services so that we can make them better and more relevant.
All information you provide to us is stored on secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. You must not share a password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot absolutely guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
• Contract performance: the Society may use account information and transactional information data, as necessary, to carry out or perform any contract which you may have entered into with us, including contracts for the purchase of tickets for events, merchandise and other products and when we administer your online accounts. We also use this information to communicate with you and handle your enquiries regarding these contracts. If you order goods, products or services from us on behalf of another person or persons (for example, membership or event tickets for family or friends) we may ask you for their personal information and we will use this to provide the services you have ordered. Please ensure that you have their permission before providing this information to us.
• we retain records of all of our financial transactions with you in order to comply with our legal obligations to maintain adequate accounting records. We may use (and disclose) the information we hold about you in order to comply with any investigative demand, court order, or a request for cooperation from a law enforcement or other government agency.
• Marketing with your consent: If you consent to it, we may contact you with news and offers from any official sponsors and partners which we think may be of interest to you. You have the right to withdraw your consent at any time.
• We may also use online usage information to administer and improve the function and content of the our website including to ensure that content is presented in the most effective manner for you and your device and browser, to allow you to participate in interactive features when you choose to do so and to keep our online services safe and secure.
• Disclosures for legal reasons: we may also disclose the information it holds about you to those persons that have a reasonable need to know such information, if it believes in good faith that this is necessary to: (i) establish, exercise or enforce its legal rights, including contractual rights; (ii) to defend itself against a legal claim; (iii) report a crime or prevent a crime; (iv) prevent harm to any individual or any property (including intellectual property, for example if you misuse images or videos or any other content we make available to you); or (v) to prevent fraud (for example, payment card fraud) or for credit risk reduction.
We will keep your information for as long as necessary for us to fulfil that we describe in this policy.
As a general rule:
• its financial transactions with you for six years in order to comply with its obligations to maintain adequate accounting records;
• its contracts with you for six years so that it has appropriate evidence in place if there is a claim for breach of contract made within the statutory limitation periods;
• your membership account information until you cease to be a member.
• any other information you post online for 3 years if it is on our official website; and
• online usage information for 3 years.
If any information falls into more than one category and that has a longer storage period then that storage period will apply.
You have the right under applicable data protection laws to access information held about you and you can do so by contacting us using the details provided below in this policy. Your right of access can be exercised in accordance with applicable data protection laws.
To better safeguard your information, we will also take reasonable steps to verify your identity before granting access or making corrections to your information.
You have several rights under applicable data protection laws, which we have summarised below. These rights can be exercised by contacting us using the details given below in this policy.
You have the right to:
• Ask us not to process your personal data for direct marketing purposes;
• Request access to personal information held about you and a copy of it;
• Obtain, without undue delay, the rectification of inaccurate or incomplete personal data;
• Obtain, without undue delay, erasure of your personal data in certain circumstances, for example if our processing of your personal data is no longer necessary for the purpose for which we collected it;
• Restrict the processing of your personal data in certain circumstances rather than having it erased;
• Object to the processing of, personal data in certain circumstances, for example, where we process personal data for legitimate purposes but you do not feel that your interests or fundamental rights and freedoms have been protected;
• Receive personal data, which you have provided to us, in a structured, commonly-used and machine-readable format and transmit that personal data to another data controller, or have us do so on your behalf where technically feasible;
• Be informed about any use of your personal data to make automated decisions about you, and to obtain meaningful information about the logic involved, as well as the significance and the envisaged consequences of this processing; and
• Lodge a complaint about the way in which your personal data is being used to a supervisory authority.
We appreciate that many children have access to the Internet, We would therefore ask that parents and guardians supervise their children when they are online and that children under 16 do not submit personal information or content to us, make purchases of our goods, products or services, or take part in our promotions or competitions, without the consent of their parent or guardian.
We encourage children under 16 to consult with their parent or legal guardians before submitting or requesting any content or information to/from us. Any users of our online services who indicate they are under 16 will be asked for a contact details of their parent / legal guardian so we can verify legal consent.
We will not actively market to children nor pass on personal information to third parties for commercial purposes.
Some of the facilities or functions accessible through our online facilities are not intended to be accessible by minors. Parent or legal guardians should supervise children when online are we recommend parental controls be put in place. Any children using our online facilities will be deemed to have confirmed that they have received the consent of their parent or a guardian to do so.
This policy has been compiled to comply with current GDPR legislation as far as we are aware and from directives currently available from the Information Commissioner’s Office (https://ico.org.uk), as at the date stated at the end of this policy.
Should you wish to contact us about this policy or any of the legal rights outlined in it, you can email our Chairman at email@example.com or write to him, James Hewett at Cornfield Mews, 6A Stradbroke Road, Southwold, IP18 6LQ