Privacy Policy

Introduction

This privacy policy explains how The Halesworth Narrow Gauge Railway Society uses personal data.

The Halesworth Narrow Gauge Railway Society are data controllers of this information for the purposes of this policy.

Personal data is defined in Data Protection law and is essentially personal data by which an individual can be identified.

Keeping your personal data safe and secure is one of The Halesworth Narrow Gauge Railway Society’s top priorities and to ensure we give it the respect and security it deserves. This statement makes it easier for you to find out how we use and protect your information

We are extremely concerned to protect your privacy and confidentiality. We understand that our members and users of our services are quite rightly concerned to know that their data will not be used for any purpose unintended by them, and will not fall into the hands of a third party.

If you think our policy falls short of your expectations or that we are filing to abide by our policy, do please tell us.

Any changes we make to this privacy policy in the future will be managed through an updated version of this document and, where appropriate, notified to you by e-mail.

Please contact us to see any updates or changes to this privacy policy.

When does this policy apply?

This policy applies to the personal data that the Society collects and holds about you when you become a member the Society or create a website account and when using its website.

What types of personal data do we hold?

Information we hold about you may include any one or more of the following types of data:

• Account information:

When you register as a member of our Society, the minimum information we will usually ask you to provide is your name, email address, contact mail address, telephone numbers, and year of birth. We may also ask you for additional information if for example you are interested in volunteering to assist the Society in relation to any of its activities or projects.

• Transactional information:

When you purchase event tickets, merchandise and other products from the Society and any other official offline sales channels, we will keep a record of your transaction, including what you purchased and when, and any information you provide to us to fulfil the transaction. This may include your name, billing information, telephone number, and delivery address.

• Information from you: If you contact us (by email, telephone or letter), we may keep a record of that correspondence. Your e-mail address is recorded when you send e-mail to us. We shall use it only to correspond with you or otherwise strictly in accordance with your instructions. We shall not under any circumstances divulge your e-mail address to any other person who is not a member of the Society or our suppliers or contractors and even then only if it is necessary in any particular circumstance that they need to know it.

• Information you provide to us in response to a survey:

We may occasionally contact you to ask for your feedback on the Society’s products, goods and/or services so that we can make them better and more relevant.

Your browser software provides help on how to manage and disable cookies. We recommend that you allow the use of cookies in order to take advantage of the features of our website that rely on their use. If you prevent their use, you may not be able to use all the functionality of our website.

Where we hold your information

The data that we collect from you is stored in the UK by members of the Society. They may be engaged in, among other things, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this storing or processing. We will take all reasonable steps to ensure that your data is treated securely and in accordance with this privacy policy.

All information you provide to us is stored on secure servers. Any payment transactions will be encrypted. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. You must not share a password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot absolutely guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

The purposes for which we use your information

• Contract performance: the Society may use account information and transactional information data, as necessary, to carry out or perform any contract which you may have entered into with us, including contracts for the purchase of tickets for events, merchandise and other products and when we administer your online accounts. We also use this information to communicate with you and handle your enquiries regarding these contracts. If you order goods, products or services from us on behalf of another person or persons (for example, membership or event tickets for family or friends) we may ask you for their personal information and we will use this to provide the services you have ordered. Please ensure that you have their permission before providing this information to us.

• we retain records of all of our financial transactions with you in order to comply with our legal obligations to maintain adequate accounting records. We may use (and disclose) the information we hold about you in order to comply with any investigative demand, court order, or a request for cooperation from a law enforcement or other government agency.

• Marketing with your consent: If you consent to it, we may contact you with news and offers from any official sponsors and partners which we think may be of interest to you. You have the right to withdraw your consent at any time.

• We may also use online usage information to administer and improve the function and content of the our website including to ensure that content is presented in the most effective manner for you and your device and browser, to allow you to participate in interactive features when you choose to do so and to keep our online services safe and secure.

Disclosure of your information

• Our suppliers and contractors: we may share your information with appointed suppliers and sub-contractors from time-to-time in order that they can process it on our behalf for the purposes set out in this privacy policy. For example payment processing, mailing services and hosting service providers. However, where we do so we will put in place suitable measures in order to protect your information. These third parties may include: (i) direct debit providers; (ii) IT service providers (such as hosting providers); (ii) delivery services; (v) analytics and search engine providers; (vi) credit reference agencies; and/or (vii) payment processing companies.

• Disclosures for legal reasons: we may also disclose the information it holds about you to those persons that have a reasonable need to know such information, if it believes in good faith that this is necessary to: (i) establish, exercise or enforce its legal rights, including contractual rights; (ii) to defend itself against a legal claim; (iii) report a crime or prevent a crime; (iv) prevent harm to any individual or any property (including intellectual property, for example if you misuse images or videos or any other content we make available to you); or (v) to prevent fraud (for example, payment card fraud) or for credit risk reduction.

How long do we keep your information?

We will keep your information for as long as necessary for us to fulfil that we describe in this policy.

As a general rule:

• its financial transactions with you for six years in order to comply with its obligations to maintain adequate accounting records;
• its contracts with you for six years so that it has appropriate evidence in place if there is a claim for breach of contract made within the statutory limitation periods;
• your membership account information until you cease to be a member.
• any other information you post online for 3 years if it is on our official website; and
• online usage information for 3 years.

If any information falls into more than one category and that has a longer storage period then that storage period will apply.

Your rights

You have the right under applicable data protection laws to access information held about you and you can do so by contacting us using the details provided below in this policy. Your right of access can be exercised in accordance with applicable data protection laws.

To better safeguard your information, we will also take reasonable steps to verify your identity before granting access or making corrections to your information.

You have several rights under applicable data protection laws, which we have summarised below. These rights can be exercised by contacting us using the details given below in this policy.

You have the right to:

• Ask us not to process your personal data for direct marketing purposes;
• Request access to personal information held about you and a copy of it;
• Obtain, without undue delay, the rectification of inaccurate or incomplete personal data;
• Obtain, without undue delay, erasure of your personal data in certain circumstances, for example if our processing of your personal data is no longer necessary for the purpose for which we collected it;
• Restrict the processing of your personal data in certain circumstances rather than having it erased;
• Object to the processing of, personal data in certain circumstances, for example, where we process personal data for legitimate purposes but you do not feel that your interests or fundamental rights and freedoms have been protected;
• Receive personal data, which you have provided to us, in a structured, commonly-used and machine-readable format and transmit that personal data to another data controller, or have us do so on your behalf where technically feasible;
• Be informed about any use of your personal data to make automated decisions about you, and to obtain meaningful information about the logic involved, as well as the significance and the envisaged consequences of this processing; and
• Lodge a complaint about the way in which your personal data is being used to a supervisory authority.

Children

We appreciate that many children have access to the Internet, We would therefore ask that parents and guardians supervise their children when they are online and that children under 16 do not submit personal information or content to us, make purchases of our goods, products or services, or take part in our promotions or competitions, without the consent of their parent or guardian.

We encourage children under 16 to consult with their parent or legal guardians before submitting or requesting any content or information to/from us. Any users of our online services who indicate they are under 16 will be asked for a contact details of their parent / legal guardian so we can verify legal consent.

We will not actively market to children nor pass on personal information to third parties for commercial purposes.

Some of the facilities or functions accessible through our online facilities are not intended to be accessible by minors. Parent or legal guardians should supervise children when online are we recommend parental controls be put in place. Any children using our online facilities will be deemed to have confirmed that they have received the consent of their parent or a guardian to do so.

How you can contact us

This policy has been compiled to comply with current GDPR legislation as far as we are aware and from directives currently available from the Information Commissioner’s Office (https://ico.org.uk), as at the date stated at the end of this policy.

Should you wish to contact us about this policy or any of the legal rights outlined in it, you can email our Chairman at james.hewett1950@yahoo.co.uk or write to him, James Hewett at Cornfield Mews, 6A Stradbroke Road, Southwold, IP18 6LQ

This privacy policy was last updated 1 June 2018