This privacy notice tells you what to expect when our organisation collects personal data and how to contact us should you wish to discuss any aspect of how we handle that data.
We are a not-for-profit organisation whose aim is to promote information security across the Channel Islands. If you have any queries about how we deal with personal data, the best way to contact us is by email, at firstname.lastname@example.org.
The data we process
We hold and work with committee and membership data.
Our membership list is managed using MailChimp (www.mailchimp.com). You can see their privacy notice at https://mailchimp.com/legal/privacy/; it is a secure service and the login credentials we use are suitably complex. We retain the name and email address for each of our members and of course if you wish to discontinue your membership you can just drop us an email and we will take you off the list. We carry out an annual purge of old member data; so if you leave u, we will not hold on to your data for more than a year. We use the membership data to communicate with our members: we do not do any profiling or automated processing with it.
If we run an event, one or more of the committee members will have a copy of the attendee list (names and email addresses) and if we use an event management agency then they will have access to the attendee data too. We will use only agencies whose data protection regime we are happy with. We will not keep the personal data for more than a year after the event finishes, though we may use an anonymised version of the data for statistical purposes.
Because committee members email each other directly, each member has the others’ email addresses on their computers or smartphones.
Meeting minutes are retained for no longer than ten years; minutes sometimes contain personal data, but usually nothing more than people’s names.
We do not sell any data to anyone else.
People who email us
Various members of the committee have access to the main email@example.com mailbox. We have an annual purge of the email inbox and we will not keep any messages for more than five years.
Contact for data protection purposes
You have a number of rights under the laws of data protection. As we mentioned earlier, please contact us at firstname.lastname@example.org if you have any queries or concerns. We retain a log of requests that we receive and remove entries when they are a year old.
Right of access
You can contact us to request a copy of any personal data we hold about you on our systems or in our files, along with information about what we use it for. We must respond to you in a reasonable timeframe which will always be within a month. Unless the request is particularly complex or onerous, there is no cost to you for making these requests.
Right to rectification
We must ensure that the data we hold about you is accurate. If you tell us that something is wrong, we will correct it and then confirm to you that we have done so.
Right to erasure
If you ask us to erase your personal data, we must do so unless there is a legitimate reason for us to keep it (which we will discuss with you).
Right to restriction of processing
If there is some dispute between you and us regarding the use of your personal data, you have the right to ask us to restrict the processing of your data. This means we can continue to store it but we cannot do anything else with it until the dispute is resolved. We will inform you prior to beginning processing once the restriction has been removed.
This privacy notice is deliberately short – we do not think you want to wade through War and Peace. If you have any queries at all, you are welcome to contact us at email@example.com.
If you are dissatisfied with the way in which we deal with your queries, you may contact your local data protection supervisory authority or write to our local Information Commissioner:
Office of the Information Commissioner
Data Protection Office
Guernsey Information Centre
Saint Peter Port