Family History Federation

Devon Family History Society: Privacy Notice

Introduction

Devon Family History Society respects your privacy and is committed to protecting your personal data. This Privacy Notice will inform you as to how we look after your personal data and tell you about your privacy rights and how the law protects you.

1. Important information and who we are

Purpose of this Privacy Notice

This Privacy Notice aims to give you information on how Devon Family History Society collects and processes your personal data. This includes the ways in which the Society’s post holders administer your membership requirements, the information which you provide for the Devon Family Historian, your use of our website, including any data you may provide through the website, your access to our services, to purchase a product or service, or to take part in an event.  We have Acorn Club pages for children but we do not knowingly collect data relating to children, as a result of the website or running the Acorn Club. We now offer Under 21 Electronic Memberships, and we collect date of birth to validate these memberships. This information is stored as part of your membership record for these memberships.

This Privacy Notice may be subject to change, and the current version is available on the Society’s website. It is important that you read this Privacy Notice together with any other Privacy Notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This Privacy Notice supplements other notices and is not intended to override them. 

Controller

Devon Family History Society is the controller and responsible for your personal data (collectively referred to as “Devon FHS”, “we”, “us” or “our” in this Privacy Notice).

We are a Charity registered in the England (Registration Number 282490).

Contact details

Devon Family History Society

Postal Address: PO Box 9, Exeter, EX2 6YP

Contact: Data Manager

Email: datamanager@devonfhs.org.uk 

Website: www.devonfhs.org.uk

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance. 

Changes to the Privacy Notice and your duty to inform us of changes

We may need to update our Privacy Notice from time to time.  It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.

Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us but we will notify you if this is the case at the time. 

2. How your personal data is collected.

We use different methods to collect data from and about you including through:

  • Your membership joining and renewing forms (online and printed).
  • Messages sent to us via our details on the Contacts Page, via email, and in the Devon Family Historian.
  • Gift Aid Declarations.
  • Our Members’ Area.
  • Tree House.
  • Optional survey responses (through SurveyMonkey or via the our website).
  • Optional membership of email lists (through MailChimp).
  • Optional participation in Social Media, including Facebook, X (formerly known as Twitter), Mastadon, and Discord.
  • Purchases made on our online shop (but NOT credit or debit card details).
  • Participating in events (face-to-face and online).
  • During small groups and online meetings you may choose to share your contact details with others in the group (members and non-members) – this is optional. Your contact details may be forwarded to others who registered for the meeting, but who could not attend.
  • We offer two message boards and a Facebook group and page useable by both members and non-members. No personal data is collected by the Society from these sources.

Cookies. Our website uses small files called “Cookies” to improve your experience of the site and enable us to distinguish you from other users (for example in providing access to the Members’s Area). The cookies we use are “analytical” cookies. They allow us to recognise and count the number of visitors and to see how visitors move around the site when they are using it. This helps us to improve the way our website works. We also use Cookies in the online shop to enable functionality, such as being able to add multiple items to a basket. These Cookies are generally kept for a limited time, for example the duration of a session. The following key Cookies are in use:

Google Analytics (3rd party). We use this to see how many visitors we are getting, and how they found us.

You can find out more about Google Analytics’ Cookies here: http://www.google.com/policies/privacy/ads/#toc-analytics

We may in the future use video embedding, like YouTube (3rd party) to enhance your experience of content on our website. YouTube’s privacy notice including cookie policy is available at:      https://policies.google.com/privacy?hl=en-GB&gl=uk 

We use WooCommerce as part of our WordPress website, to provide the online shop functionality. Information about the cookies used by WooCommerce can be found here:   https://woocommerce.com/document/woocommerce-cookies/

Our WordPress website also uses a small number of Cookies to enable access to the new Members’ Area. Information on the Cookies used by WordPress can be found here:         https://wordpress.org/documentation/article/cookies/

We are constantly updating our website, and therefore this may not be a complete list of the Cookies that are in use. You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of our website may become inaccessible or not function properly. 

3.    Purposes for which we will use your personal data

We will only use your personal data when the law allows us to. Most commonly, we will keep and use your data if we have a legitimate and/or contractual reason for keeping it.  Your details are used to fulfil our contract with you and also if the Society needs to contact you for administrative matters. All computers holding your information are password protected and our Membership Database and Members’ Area information are encrypted.

  1. The following is held in an encrypted database by the Membership Secretary who is also the Data Manager. Your name(s), address, postcode, membership number, membership status, method of payment, date of joining/resignation, date of birth (if under 21), plus email and telephone number if you have provided them. A back-up is held by the Deputy Membership Secretary, Treasurer and Web Master. All of those with a copy of the membership database have been subject of an enhanced Disclosure and Barring Service (DBS) check.
  2. The Members’ Area Coordinator holds your name, membership number and postcode on a secure password protected system to identify you when you register in the old Members’ Area. The new Members’ Area stores this information within the WordPress website. All of those with access to the full WordPress website have been subject to an enhanced DBS check, and we enforce two factor authentication to protect access to the administrative functions of the website.
  3. Tree House holds your name, membership number and postcode on a secure password protected system to verify your admission to Tree House as a member.
  4. The Gift Aid Coordinator holds your signed Gift Aid Declaration in a secure office.
  5. The Membership Secretary provides your details to the Printer for posting out the quarterly Devon Family Historian. Information is deleted from the Printer’s system immediately after printing address inserts. The Printer is registered with the Information Commissioner.
  6. Ordering from Devon FHS’s Online Shop is detailed in the Shop’s Terms and Conditions. No credit or debit card details are available to the Society. We use third parties to process payments – these are currently PayPal, Stripe and GoCardless (for Direct Debit payments). Access to these systems are restricted to Trustees who are approved signatories, all of whom have been subject to an enhanced DBS check. Two factor authentication is enforced on these systems. No bank details are available to Devon FHS through any of these systems.
  7. We use Trustees and Volunteers to fulfil orders placed through the online shop. They have access to allow orders to information about the products ordered, and your contact information, so that orders can be dispatched to you. Two tier authentication is enforced for those with access to limited online shop functionality.
  8. Our Website, Members’ Area, Online Shop and Membership Database are designed by a commercial company, which observes GDPR regulations. Updating these may require a commercial company to access your personal data for specific reasons. The individuals in the company that we use for website support have been subject of an enhanced DBS check. The Website, Members’ Area, and Online Shop are also maintained by Trustees and Volunteers, all of whom have been subject of an enhanced DBS check.  
  9. We are migrating our Members’ Area, Online Shop and Membership Management system to a new platform, which similarly observes GDPR regulations. This migration will allow users to better manage their own data, and will allow the current Membership Database to be phased out.
  10. You manage your own interests on the Members’ Area. Your password and contact details are encrypted. Your Members’ Interests are currently stored in a separate database, which will be linked to the WordPress account that you will use to login to the new Members’ Area.
  11. Articles submitted for publication in the Devon Family Historian include your name, address, membership number and email. In submitting articles you agree for this information to be published.
  12. Your email or address is used to send you two reminders for an overdue subscription (we currently use MailChimp to provide this service, but will eventually send these reminders directly from our Members’ Area website). We may also use your email address to send you information about the activities of the Society. The Membership Secretary (or their nominated deputy) may contact you via any means supplied, if required to enable us to deliver services to you (for example to gain a change of address in the event of a Historian being returned, or an updated email address in the response of a bounced email).
  13. Your email or address is used to send you information about the Annual General Meeting, including information on voting arrangements and the Agenda.
  14. Your email is used for Electronic Members, to send you notification that the Historian Publication is available on the Members’ Area.
  15. Our Trustees and Volunteers use both Devon FHS and personal email addresses to fulfil their roles. If you are concerned about any approach please contact datamanager@devonfhs.org.uk.
  16. We may use your email, address and telephone number for ad hoc contact with you in relation to exceptional matters relating to your membership of Devon FHS, or to enable us to comply with any legal, statutory, or regulatory obligations that we have as a Charity.
  17. You may optionally register for the MailChimp mailing list, which is used to notify members and non-members about online meetings and other events on approximately a monthly basis. You may unsubscribe to this list on request (manually, or using the unsubscribe link in the email).

We only use your personal data for matters as listed and will not disclose any information to a third party without your explicit permission, however please note that we may process your personal data without your knowledge or consent where this is required or permitted by law.

4.    Disclosures of your personal data

  • HM Revenue & Customs, regulators and other authorities acting as processors or joint controllers based in the United Kingdom who require reporting of processing activities in certain circumstances.
  • Commercial businesses – Currently we use Webcube Media, The Printing Press, GURU Web Hosting, Astutium Ltd, Google, Dropbox, Sync, Mailchimp, SurveyMonkey, PayPal, Stripe, GoCardless, WeTransfer, Boardhost, WordPress, WooCommerce, Zoom.
  • We may use other commercial businesses if required. We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

5.    International transfers

Some of our external third parties are based outside the European Economic Area (EEA) so their processing of your personal data will involve a transfer of data outside the EEA.

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented.

We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.

Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA. 

Given the International membership of Devon Family History Society. if you choose to share your contact details as part of small groups or online meetings, then you should be aware that others attending may come from outside of the UK and EEA.

6.    Data security  

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those officers, society trustees, employees, agents, contractors and other third parties who have a need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. 

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

7.    Data retention

How long will you use my personal data for?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. 

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we have to keep basic information about our members and customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.

8.    Your legal rights

Under certain circumstances, you have rights under data protection laws in relation to your personal data. These are the right to: 

  • Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always have to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Right to withdraw consent where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

If you wish to exercise any of the rights set out above, please contact our Data Manager. 

  • No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

  • What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

  • Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. 

You are able to withdraw my consent to storage, processing and use of your data at any time by contacting datamanager@devonfhs.org.uk or by post to: Devon FHS Data Manager, Devon FHS, PO Box 9, Exeter, Devon, EX2 6YP.

Your details will then be removed, except for Gift Aid and Inland Revenue purposes.

This notice was approved by Devon FHS’s Executive Committee on 19 July 2022. 

 

Skip to content