Our Core Beliefs Regarding User Privacy and Data Protection.
- User privacy and data protection are human rights.
- We have a duty of care to the people with their personal data.
- Personal data is a liability. It is only to be collected and processed when absolutely necessary.
- We will never sell, rent or otherwise distribute or make public your personal information.
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
Personal Information and Why We Collect It.
Personal information is required from SDFFA members in order to administer the Association, to provide access to the member’s area of the web site, to provide data on the type and location of fish caught and to administer the requirements of the MOD licence regarding eligibility of membership and usage of the river and lakes. Explicit permission for the Association to hold personal information is provided at the bottom of the rod application form.
What Information is Being Collected, Who is Collecting It and How?
- A potential member submits to the secretary a written rod application form (with rank, name, address, phone numbers, type of subscription, rod number and where relevant, the justification for a half rod). This form is retained in DropBox https://www.dropbox.com/en_GB/
- The SDFFA Web Site https://sdffa.co.uk/ has the member’s name, email address and rod number in its database in order to enable the member to access the member’s area of the web site for administration purposes. This includes:
- The submission of an on line catch return where the member submits the date, size and location of his catch with the name and rod number being entered automatically by the web site.
- A member will enter their name, the name of their guest and the date of fishing for their 2 complimentary guest tickets for a full member or one guest ticket for a half rod.
- In order to provide timely emails to members on association administration, the secretary imports a member’s first name and email address into Mailchimp https://mailchimp.com/ At the bottom of each email is an option for a recipient to unsubscribe from further emails.
- Members have the option of paying their annual subscription and purchasing additional day tickets by BACS. In order for the Treasurer and the Secretary to administer this, they share a spreadsheet in Google Drive which has the type of membership, rank, name, membership or guest ticket fee, the date of submission and how it was submitted (cheque or BACS).
- The SDFFA web site uses web tracking software to better understand how people find and use our web pages and to see their journey through the website.
- Should you choose to contact us using the contact form on our Contact Us page, none of the data that you supply will be stored by our website. The data will be collated into an email and sent to the Secretary over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS(sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by local computers and devices.
How Long is this Data Kept For ?
The on line Dropbox rod application is destroyed at the end of season which is 28 February yearly. If a member does not renew their membership:
- their membership details in the web site database are kept for six months (in case they renew during the year) and then deleted.
- membership and guest ticket details held in Google Drive are deleted after one year.
- first name and email addresses are retained in Mailchimp and people can unsubscribe from emails whenever they wish. Many ex members wish to keep in touch and re-join as and when their service or their personal circumstances allow.
- personal catch returns are deleted at the end of February each year.
Sharing of Personal Data. Personal data is not shared with third party other information is stored within Google Drive, Dropbox and Mailchimp who have strict privacy guidelines and strive to adhere to GDPR legislation as detailed in paragraph 7 below. They do not share information with third parties.
How is Your Personal Data Stored ?
- The rod application form is stored in Dropbox. Only the secretary has access to this. There is 2 factor authentication and Dropbox adhere to GDPR. Further details are here: https://www.dropbox.com/en_GB/security/gdpr
- The connection between the user and the web site is encrypted and has a SSL certification (https).
- The web site is hosted by Siteground. Their data centres are located in London, England. They are protected by 24x7 human security, biometrics, access control man traps, bullet proof lobbies and video surveillance. Further details here: https://www.siteground.co.uk/datacenters
- Mailchimp conforms to the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. To access the SDFFA account, duel authentication is required. Mailchimp are committed to achieving GDPR compliance and further information is available here: https://kb.mailchimp.com/accounts/management/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr
- Google Drive. Google is committed to GDPR compliance across Google Cloud services. Further details are here: https://www.google.com/cloud/security/gdpr/
Cookies and how we use them
What is a cookie?
A cookie is a small file placed on your computer’s hard drive. It enables our website to identify your computer as you view different pages on our website.
Cookies allow websites and applications to store your preferences in order to present content, options or functions that are specific to you.
- Analyse our web traffic using an analytics package. Aggregated usage data helps us improve the website structure, design, content and functions.
- Where applicable, identify whether you are signed in to our website. A cookie allows us to check whether you are signed in to the site.
- Cookies do not provide us with access to your computer or any information about you, other than that which you choose to share with us.
- There are no cookies that hold your personal information unless you are authorised to log into the web site.
However, please note if you need to log into the web site, that doing this may affect how our website functions. Some pages and services may become unavailable to you.
To learn more about cookies and how they are used, visit All About Cookies
Controlling information about you
We will report any unlawful data breach of this website’s database or the database(s) of any of our third party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen.
What are Your Rights ?
If at any point you believe the information we process on you is incorrect you can request to see this information, and have it corrected or deleted. There is no charge for this. If you wish to raise a complaint on how we have handled your personal data, you can contact us to have the matter investigated at firstname.lastname@example.org If you are not satisfied with our response or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office https://ico.org.uk/
Lead for Personal Data
The lead for personal data is the Secretary. Email: email@example.com
10th April 2018