Why we use your personal information
We will only collect and use your personal information where we have a legal basis to do so and will always respect your rights.
Where we use your information, it may be because you have consented to us doing so or because we consider we have a legitimate interest to do so. Where we do rely on a legitimate interest to use your information, we promise never to do it in an intrusive way or to cause distress, and to always respect your rights. Other reasons may include using information because we have a legal obligation to do so or because we have to fulfil contractual obligations.
Examples of why we use your personal information include:
- You have given us your explicit consent to use the information for a specified purpose, for example to receive our e-newsletter, or in our list of member interests.
- You have expressed interest in BPOS by a positive action, for example by completing a registration form to take part in an event and to hear updates about our events programme.
- We have a legal obligation to use your information.
We also reserve the right to apply our legitimate interest wherever we believe it is appropriate but we promise that we will never do this in an intrusive way and will always respect your rights and freedoms when doing so. Some examples of when we would rely on our legitimate interest include:
- To pursue our organisational aims and objectives.
- To remind you about your membership renewal
- To ensure we meet our regulatory requirements as a charity.
- To manage our ongoing relationship with our supporters and anyone we work with.
- To manage our financial transactions and prevent fraud.
What personal information we collect
The personal information we collect about you will depend on how and why you are engaging with us. It could include (but is not limited to):
- Your name, address, telephone number, e-mail address, motivation for joining BPOS and your contact preferences.
- Debit or credit card information (we won’t store your debit or credit card details; this information will be deleted as soon as your membership dues are processed).
- Other information you provide to us from time to time which is relevant and necessary for us to collect and process. For example, the events you have participated in.
If you shared with us any sensitive information, the information you have provided will be kept by BPOS and will be treated with the strictest of confidence. It will not be shared with a third party without your consent unless we have a statutory obligation to do so, or there are concerns for your safety which BPOS has a duty to report to the relevant authority in order for appropriate action to be taken.
How we use your personal information
We use your personal information for the following purposes:
- To respond to or fulfil any requests, complaints or queries we receive from you.
- To confirm that your membership due or donation has been processed correctly.
- To provide you with information and support for any events, activities or other opportunities in line with our aims and objectives.
- To promote the aims and objectives of the charity.
- To pursue our organisational goals, including providing newsletters and other information updates.
- To manage your contact preferences. If you ever want to change the way we keep in touch, just let us know by emailing email@example.com
- To manage our executive committee recruitment.
- For our internal purposes such as management, research, analytics, organisational reporting, and ways that will improve efficiencies.
- To create anonymous and aggregated reports about our members to ensure our organisation is communicating with and delivering the best possible information and services and to inform any drives to increase membership.
- To make better decisions, communicate more efficiently and develop a better understanding of our supporters.
- To prevent and detect criminal activity and fraud.
- To comply with applicable laws and regulations.
Who we share your personal information with
We never give or sell any personal information to other charities or organisations. However, there are some circumstances where we would share your data with third parties. For instance:
- If we are legally required to do so.
- If we believe it necessary to protect or defend our rights or personal safety.
- When we work with carefully selected partners, e.g. our internet domain providers, or banks to ensure we can provide services to you. These partners (called ‘data processors’) will only have access to your information when the necessary contractual arrangements have been agreed and signed and they will always be obliged to follow the strict General Data Protection Regulation (GDPR) regulations.
- When information has to be sent to HMRC as part of the declaration process for Gift Aid so that we can reclaim the Gift Aid on your donation(s).
International transfers of your personal information
The General Data Protection Regulation (GDPR) states that we must let you know if we send your information outside of the European Economic Area (the EEA, i.e. the 28 European Union Member States, as well as Iceland, Norway and Liechtenstein), which do not always provide the same level of data protection as the UK, for the purposes of achieving our aims and objectives as a charitable organisation. When we do make such transfers, we have provision in place with our providers, including suitable security measures, to ensure that your personal information is protected in accordance with EU GDPR standards. We do not however envisage any such transfers.
Keeping your personal information up to date
We will use publicly available sources to ensure that the information we hold is accurate and up to date. We may use these services to cross-check the accuracy of the contact details we hold for you, for example if e-mails to you bounce.
How long we keep your personal information
The periods for which we keep your information depend on the purpose for which your information was collected. We will not keep your personal information for longer than necessary for the organisation’s purposes or for legal requirements.
If you would like to know how long we will hold any specific information, then please contact firstname.lastname@example.org and they will provide you with further details.
Access and control over your personal information
As you are a current member of BPOS we have assumed that you are content to be contacted by email regarding information about the society, its activities and its newsletters. When you renew membership, it will include an opt in form that allows you to select which of these communications you wish to opt in to. For the remainder of the current year, every time we send you a type of information we will invite you to opt out of receiving it in future.
We have taken this approach, because we do not routinely hold or share sensitive data about you and we do not want members to lose the benefits of membership that these emails provide. However, if you wish you can contact us at any time to opt out of any or all communications by emailing email@example.com.
You have a right to know what personal information we hold about you. If you’d like a copy of this information, please contact firstname.lastname@example.org. We will not charge you for processing your request and supplying your information to you and we are legally bound to deliver this information in a format of your choice within ONE month.
You have the right to request that we correct inaccurate and/or incomplete personal information we hold about you. If our records are incorrect or incomplete, please let us know by emailing email@example.com.
If you have given us your consent to process your information, you can withdraw or restrict it whenever you wish by emailing firstname.lastname@example.org. You will be offered the right to withdraw your consent (opt out) to every type of communication we send you or if you wish you can opt out of some communication but not others.
In certain circumstances you may request that we erase your personal information we hold about you (‘the right to be forgotten’). This will mean we may not recognise you should you decide to contact us in the future. For further information and to understand your options please contact email@example.com.
How we protect your personal Information
We will maintain the highest standards of data privacy and security to protect your personal details and other information about you because we want you to feel completely confident about engaging with us. We will regularly review our processes and procedures to protect your information from unauthorised access and use, accidental loss and/or destruction.
Sometimes we use other organisations (known as ‘data processors’) to process your personal information on our behalf. We don’t allow them to use this information for their own purposes and they have to follow our strict instructions whilst complying with appropriate security measures. We constantly assess their security measures when we bring them on board and we continue to monitor their compliance throughout the time we use their services.
Although we do not do so at present, we may collect information about your computer, including (where available) your IP address, operating system and browser type, for system administration. This is statistical data about our users’ browsing actions and patterns and does not identify any individual.
For the same reason, we may obtain information about your general internet usage by using a cookie file which is stored on the hard drive of your computer. Cookies contain information that is transferred to your computer’s hard drive. They help us to improve our site and to deliver a better and more personalised service.
25th May 2018, BPOS Executive