Welcome to the privacy notice of the GUILDFORD TWINNING ASSOCIATION (“GTA”). This notice was last updated in September 2020: any changes will be posted at the foot of this page.
1. IMPORTANT INFORMATION AND WHO WE ARE
a) PURPOSE OF THIS PRIVACY NOTICE This privacy notice tells you how the GTA collects and processes your personal data, including any data you may provide through this website or otherwise, for example when you join us as a member, email or telephone us, or buy or order a ticket or product (such as a Christmas card) from us.
Note that the GTA is an unincorporated association; therefore when we say in this notice “GTA”, “we”, “us” or “our”, that includes, as appropriate, the GTA’s members, officers and committee members.
b) DATA CONTROLLER The GTA is the data controller, which means we determine the purposes and means of processing personal data. If you have any questions about this privacy notice, including any requests to exercise your legal rights (see below), please contact our Chair, using the details set out below.
c) CONTACT DETAILS
Full name of unincorporated association: Guildford Twinning Association
Chair: Barbara Ford, 31 Mountside, Guildford, GU2 4JD
d) THIRD-PARTY LINKS This website includes links to some third-party websites. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for them. When you leave our website, we encourage you to read the privacy notice of every website you visit.
2. THE DATA WE COLLECT ABOUT YOU
Personal data, or personal information, means any information about an individual from which that person can be identified.
We may process (that is collect, use, store and transfer) different kinds of personal data about you which we have grouped together as follows:
- Identity Data includes name, marital status, gender, photograph.
- Contact Data includes email address and telephone number(s).
- Transaction Data includes details about payments to and from you and details of products/tickets you have purchased from us or reserved through us.
3. HOW IS YOUR PERSONAL DATA COLLECTED?
We use different methods to collect data from and about you including through:
- Direct interactions. You may give us your Identity and Contact Data by filling in forms or by corresponding with us by post, phone, email or otherwise. We may photograph you, for publication in our newsletter or on our website, when you attend one of our events: if you do not want us to do so, please let us know.
- Third parties or publicly available sources. We may receive personal data about you from public sources or various third parties such as PayPal, which shares the name, email address and billing address of purchasers (you) with the payee (us).
4. HOW WE USE YOUR PERSONAL DATA AND FOR WHAT PURPOSES
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where we need to perform the contract we are about to enter into or have entered into with you, for example to communicate with members including by publication of our newsletters both in print and on this website.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests, for example to monitor use of our website or to manage our accounts.
- Where we need to comply with a legal or regulatory obligation, for example to comply with data protection legislation.
Generally we do not rely on consent as a legal basis for processing your personal data except in relation to publishing photographs taken of you at our events or which you send us. You have the right to withdraw consent to publication at any time before we publish by contacting us (see Contact Details above).
6. DISCLOSURES OF YOUR PERSONAL DATA
We may have to share your personal data with the parties and for the purposes set out below:
- Service providers, acting as processors, who provide IT and system administration services.
- Professional advisers, acting as processors or joint controllers, including lawyers, bankers, auditors and insurers who provide consultancy, legal, banking, accounting and insurance services.
- HM Revenue and Customs, regulators and other authorities, acting as processors or joint controllers, who require reporting of processing activities in certain circumstances.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law.
7. INTERNATIONAL TRANSFERS
Our IT service providers, such as Google, Apple and PayPal, may be based at least in part outside the European Economic Area (EEA) in which case their processing of your personal data will involve a transfer of data outside the EEA.
8. DATA SECURITY
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those Committee members or members and to those third parties who have a business need to know. Those third parties will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We will notify you and any applicable regulator of a breach where we are legally required to do so.
9. DATA RETENTION - HOW LONG WILL WE USE YOUR PERSONAL DATA FOR?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
10. YOUR LEGAL RIGHTS
Under certain circumstances, you have the following rights under data protection laws in relation to your personal data:
- Request access to your personal data, commonly known as a “data subject access request”. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of your personal data.
- Request erasure of your personal data: we may however be unable to erase it entirely if it has been stored on back-up disks prior to 25 May 2018.
- Object to processing of your personal data.
- Request restriction of processing your personal data.
- Request transfer of your personal data.
- Right to withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.
If you wish to exercise any of the rights set out above, please contact our Chair (see Contact details at 1 c) above).
- September 2020: following our installing a "page hit" facility on the website:
(i): in paragraph 4, second bullet, the words "to monitor usage of our website or" were inserted.
- March 2020:
(i): as a result of SurreyCommunityInfo withdrawing as our hosting service provider, deleted previous reference to cookies which SurreyCommunityInfo may have used; and
(ii): corrected previous paragraph numbering inconsistency
- May 25, 2018: following the vote at the AGM on May 24 to change the Association's name:
(i) at the head of this notice, the former reference to the "GUILDFORD-FREIBURG ASSOCIATION" is changed, to a reference to the "GUILDFORD TWINNING ASSOCIATION";
(ii) "GFA" is changed to "GTA" throughout this notice; and