Privacy and Data Protection Policy

Please read this policy carefully to understand how we collect, use and store your personal data.

Introduction

The South Georgia Association (the Association) is a not for profit membership organisation created to give a voice to all those with a keen interest in the island of South Georgia. The Association takes your privacy very seriously and is committed to protecting your personal information. This Privacy and Data Protection Policy explains how we, the South Georgia Association, will collect, store, process and protect the information you give us - this means any information that identifies or could identify you. It outlines the type of data that we hold and how we use them to provide services to our members and supporters. The South Georgia Association is a data controller for the purposes of the Data Protection Act 1998 and from May 25 2018, the EU General Data Protection Regulations (GDPR) 2016/679 (Data Protection Law). This means that we are responsible for and control the processing of your personal information. For further information or if you have any concerns regarding our policy, please write to:
The Membership Secretary
South Georgia Association, c/o Scott Polar Research Institute, Lensfield Road, Cambridge, CB2 1ER
Email: membership(at)southgeorgiaassociation.org

This policy includes:

How will we collect your information?

We want to make sure that you receive the communications that are most relevant to you, be it through visiting our website or receiving emails, newsletters or if necessary, phone calls. The South Georgia Association may collect information in the following ways:

What personal information will we collect?

The type and quantity of information we collect and how we use it depends on why you are providing it. If you support us, for example by joining the Association or signing up for an event, we may collect where relevant:

How will we use your personal information?

We will use your personal information in a number of ways, including the following: You can opt out of your data being used for any of the above by emailing: membership(at)southgeorgiaassociation.org.

Use of Facebook

We do not pass on members’ personal data to Facebook. If you have an account with Facebook and follow the South Georgia Association, the personal information Facebook holds on you will depend on your settings. The South Georgia Association does not share any personal information with Facebook or any other social media platform. For more information please see Facebook's Help and their Data Policy.

Our use of cookies

Cookies are small pieces of information sent by a web server to a web browser, which enable the server to collect information from the browser. Essentially, a cookie takes the form of a small text file deposited on your computer's hard drive. The South Georgia Association does not currently use cookies on its website.

How we keep your data safe?

We place great importance on the security of your personal information and will always take necessary precautions to protect it. We ensure that there are appropriate technical, physical and organisational controls in place to protect your personal information, both on and off-line, from improper access, use, alteration, destruction or loss. For example, we use password protection and encryption technology on our membership databases and carry out regular security reviews. No personal data on members is stored or otherwise available through our website. Except in specific circumstances (detailed in the next section below) we will ensure that only authorised personnel (i.e.South Georgia Association Committee members) have access to your information and that they are appropriately trained to manage that information. Despite precautions, no data transmission over the internet can be guaranteed to be 100% secure. While we strive to protect your personal information, we cannot always guarantee the security of any information as you disclose it to us online, and you must understand that you do so at your own risk. However, any payment card details (such as credit or debit cards) or PayPal payments that we receive through our website are passed securely to our payment processing providers who meet the required Payment Card Industry (PCI) Security Standards. Our website may contain links to other sites. While we aim to link only to sites that share our high standards and respect for privacy, we are not responsible for the content or the privacy practices employed by other sites or organisations. Please be aware that advertisers or web sites that may have links on our site may collect personally identifiable information about you. This Privacy and Data Protection Policy does not cover the information practices of those websites or advertisers.

What happens if there is a data breach?

In the event that the Association becomes aware that others may have hacked your data or otherwise altered, obtained or deleted your personal information held by the South Georgia Association without authorisation, the Membership Secretary will inform you of the nature of the breach as soon as possible and take whatever remedial action is necessary to either seek to recover the information or prevent any reoccurrence of the breach. Advice from external experts/IT support may be sought in resolving the incident promptly. If appropriate, we will also notify the Information Commissioner’s Office (ICO), wherever possible within 24 hours of the discovery of the breach and co-operate fully with any subsequent investigation. Guidance on how and when the ICO should be notified can be found on their website.

Will we ever share your personal data?

The South Georgia Association will never share your personal information with other organisations, unless required to do so by the authorities in accordance with relevant legislation and/or potential law enforcement requirements.

How we keep your information up to date?

We will also make our best endeavours to keep your record up to date; primarily through our interaction with you at the time of membership renewal and when you enquire about or register to attend an event. However, we would be grateful if you could let us know of any changes to your contact details at the earliest opportunity.

How long we keep your information for?

We will hold your personal information on our systems only for as long as is necessary, which in terms of membership data would normally be for the term of your membership. If we do not hear from you when a renewal is due, we will retain your information for a further 12 months from the scheduled renewal date to accommodate a late renewal request. If we have not heard from you by a date of 12 months from the renewal falling due, your data will automatically be deleted. Should you tell us when your renewal becomes due that you do not wish to continue your membership, we will delete your details at the point that your membership expires. If at any time you wish to cancel your membership, we will delete your information within one month of such a request. Should you contribute material to us, for example through user-generated content or in response to a particular campaign on Facebook, we will generally only keep your content for as long as is reasonably required for the purpose(s) for which it was submitted, unless otherwise stated at the point of generation. Each year at the time of annual renewals in January, a Data Protection Audit will be carried out by the Membership Secretary to ensure that all personal information that is no longer required for the Association to undertake its day to day operations and/or individual member records that we have kept for a year beyond the last renewal date, are deleted in accordance with this Policy. A report on the Data Protection Audit will be presented annually to the next scheduled committee meeting of the Association.

Our legal basis for processing your information

Our legal basis for processing your information generally rests on the consent given by you for us to do so at the point that you join or renew, or because we need to use it in order to fulfil our obligations to you as a member of the Association. We will process your information in accordance with that consent, i.e. in the interests of your membership of the Association, to inform you of the Association’s activities, news regarding South Georgia and of forthcoming events that may be of interest to you. You are entitled to withdraw that consent at any time. However, there are other lawful reasons that allow us to process your personal information, including ‘legitimate interests’. This means that the reason we are processing information is because there is a legitimate interest for the South Georgia Association in processing that information. Some examples of where we have a legitimate interest in processing your information may be where we may contact you (as a member or prospective member) about our work by email or post, use your information for data analytics to improve our services to members, or where the South Georgia Association may legally be obliged to share data in accordance with relevant legislation and/or potential law enforcement requirements.

Your rights

You retain control of your personal information and how we use it. You have various rights in respect of the information we hold about you, which are set out in detail below. If you wish to exercise any of these rights or make a complaint, you can do so by contacting us at: membership(at)southgeorgiaassociation.org. Please note that some of these rights only apply in certain circumstances and we may not be able to fulfil every request. For more information on these rights please read the relevant guidance issued by the ICO. If you would like to make a complaint about how we process your personal information, please contact the Membership Secretary: membership(at)southgeorgiaassociation.org.

If you make a complaint and are not happy with how your complaint has been dealt with, you can contact the Information Commissioners Office directly. Alternatively, you are entitled to make a complaint to the Information Commissioner’s Office without first referring your complaint to us. For further information please see the Information Commissioner’s guidance.

Changes to this Privacy and Data Protection Policy

This policy may change from time to time. The Policy was last updated in April 2018 to ensure its compliance with GDPR. If we make any significant changes to this policy, we will publicise these changes clearly on our website or contact you directly with more information.