Privacy Notice – Membership
The British Association for Shooting and Conservation
About this document
This Privacy Notice will help you understand how we collect, use and protect your personal information. You should also show this notice to anyone who may be also included in your membership package for example if you hold a joint or family membership. If you have any queries about this Privacy Notice or how we process your personal information, please contact the Data Protection Officer by email: firstname.lastname@example.org or by post: Data Protection Officer, BASC, Marford Mill, Rossett, Wrexham, LL21 0HL.
Who we are
The organisation responsible for the processing of your personal information is The British Association for Shooting and Conservation (BASC) of Marford Mill, Rossett, Wrexham, LL12 0HL. This means that we are a ‘data controller’ under the Data Protection Act 1998 (and, once in force, to the General Data Protection Regulation (also known as the GDPR)). Our registration number with the Information Commissioner’s Office is Z5528828.
What information we collect about you
The personal data you have provided, we have collected from you:
- name, address and address history, date of birth and gender
- contact details, including telephone numbers and email address
- financial information, including bank details and credit/debit card details (although we do not retain complete payment card information)
- details about your family and dependents
- information about your living circumstances (e.g. receipt of any government benefits)
- identifiers assigned to your computer or other devices, including your Internet Protocol (IP) address
- criminal convictions, health details and medical history
- attendance of events and training courses
How we collect information about you
The personal information we hold about you is that which we collect directly from you, for example:
- when you apply for membership
- when you renew your membership
- when you purchase our products or services
- when you register to receive information from us
- each time you interact with us, respond to communications or surveys, or enter competitions
- when you make enquiries or raise concerns with any of our teams
What we use your information for and the legal bases for processing
We may store and use your personal information for the purposes of:
- administering your membership and shareholder rights contained within The Associations constitution (as is necessary for performance of a contract between you and us and/or as is necessary for our legitimate interests);
- providing you with insurance cover and related services (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
- using your payment details to process payments relating to your membership, including fees, premiums, renewals of membership and refunds (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
- sending you information about how to renew your membership (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
- communicating with you about your membership, policies, and claims, including responding to your enquiries (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
- undertaking market research and statistical analysis, including analysing your use of our website. This allows us to develop new, or improve existing, products and services (as is necessary for our legitimate interests); and
- fulfilling our obligations owed to a relevant regulator, tax authority or revenue service (as is necessary for compliance with our legal obligations and/or as is necessary for our legitimate interests)
Our “legitimate interests” as referred to above (and below) include our legitimate business purposes, upholding the roles and objectives of The Associations contained in the constitution and commercial interests in operating our business in a customer-focused, efficient and sustainable manner, in accordance with all applicable legal and regulatory requirements.
Using your personal data for promoting and protecting shooting
We will communicate to you on matters relating to shooting or conservation which we feel are of importance or are detrimental to shooting or conservation by email, SMS and social media
We consider this to be our duty in upholding the roles and objectives in line with the constitution that all members are bound when becoming a member of The Association
You can object to receiving these communications us at any time. By following the unsubscribe link in our emails or SMS; or send us your name, address and date of birth via email to email@example.com or by post to: Data Protection Officer, BASC, Marford Mill, Rossett, Wrexham, LL21 0HL.
Who we share your data with
Where relevant given the nature of the products and services provided to you, we may also share your information with the following categories of third parties:
- third party service providers who we instruct for the purposes of handling insurance claims, including the claims team, solicitors, medical agencies and Police (explicit consent you have given us to act on your behalf);
- third party service providers who support the operation of our business, such as IT and financial service providers, mailing house (as is necessary for the performance of a contract between you and us and/or as is necessary for our legitimate interests);
- regulators and law enforcement agencies, including the police, the Financial Conduct Authority, HM Revenue and Customs or any other relevant authority who may have jurisdiction (as is necessary for compliance with our legal obligations)
Processing outside of the European Economic Area (EEA)
The personal information that we collect from you may be transferred to and processed in a destination outside of the EEA. It may also be processed by staff operating outside the EEA who work for one of our suppliers. In these circumstances, your personal information will only be transferred on one of the following bases:
- the country that we send the data is approved by the European Commission as providing an adequate level of protection for personal information; or
- the recipient has agreed with us standard contractual clauses approved by the European Commission, obliging the recipient to safeguard the personal information (in particular, our transfer of personal information to suppliers in India and the United States for IT development and IT testing purposes are protected in each case by the use of appropriate model clauses); or
- there exists another situation where the transfer is permitted under applicable data protection legislation (for example, where a third party recipient of personal data in the United States has registered for the EU-US Privacy Shield).
To find out more about how your personal information is protected when it is transferred outside the EEA (and if you wish to obtain a copy of the appropriate and suitable safeguards), please contact our Data Protection Officer using the details above.
How long your information is kept
We will retain your personal information for a number of purposes, as necessary to allow us to carry out our business. Your information will be kept for up to 7 years on our main systems after which time it will be archived, deleted or anonymised. Some of the archived information may be retained for up to 50 years for the purposes of processing of your existing or future claims. Any retention of personal data will be done in compliance with legal and regulatory obligations and with industry standards. These data retention periods are subject to change without further notice as a result of changes to associated law or regulations. If you have any questions in relation to the retention of your personal data, please contact our Data Protection Officer at the details provided above.
Under the Data Protection Act 1998 you have the following rights:
- to obtain access to, and copies of, the personal information that we hold about you;
- to require that we cease processing your personal information if the processing is causing you damage or distress; and
- to require us not to send you marketing communications
- to require us to correct the personal information we hold about you if it is incorrect
Once the GDPR comes into force on 25 May 2018, you will also have the following rights:
- withdraw consent, if consent was the lawful basis for processing
- to require us to erase your personal information;
- to require us to restrict or object to our data processing activities;
- to receive from us the personal information we hold about you which you have provided to us, in a reasonable format specified by you, including for the purpose of you transmitting that personal information to another data controller; and
If you withdraw consent we may not be able to assist in any insurance claims and could affect the efficiency in which your membership is processed
Please note that these rights may be limited by data protection legislation, and we may be entitled to refuse requests where exemptions apply.
If you are not satisfied with how we are processing your personal information, you can make a complaint to the Information Commissioner.
You can find out more about your rights under data protection legislation from the Information Commissioner’s Office website: www.ico.org.uk.
Do we use ‘cookies’?
Yes we do – click here to learn more