Your Data and How We Protect It
At Hampshire Aeroplane Club we take the privacy of your data very seriously. This Privacy Statement specifies how we treat personally identifiable information. We provide this Privacy Statement because you have a right to know what information we collect and how it is protected and used.
We aim to be clear about our purposes when we collect your data and not do anything you wouldn’t reasonably expect. This Privacy Statement sets out the ways in which we use your data and how you can hold us accountable for that.
What information do we collect?
You give us your information when you contact us for information, by phone or online via our website; by signing up to our newsletters or social media platforms; by updating your preferences on our website; by making bookings; or by communicating with us. We also keep your details when you sign up to receive emails from us. If you have signed up to undertake training with us then we also hold training records personal to you.
The information we hold about you may include:
· Your name
· Postal address
· Telephone number
· Email address
· Booking history
· Billing information
· Training history
· Licence details
· Your preferences for how we communicate with you about our activities
We maintain a record of your transaction history, but we do not store your payment card number.
We keep a record of the emails we send you, and we may track whether you receive or open them so we can make sure we are sending you the most relevant information.
We may then track any subsequent actions online, such as website members page access.
How do we use your data?
We use your data to:
· Provide you with updates and training information or in response to information you have asked for
· Contact you if there are any important changes to your booking or training
· Administer your purchases and training records
· Keep a record of your relationship with us
· Occasionally undertake customer research to help us understand how we can improve our services or information
· Ensure we know how you prefer to be contacted
· We may combine information you provide to us with information available from external sources in order to gain a better understanding of our members and visitors.
· We use profiling and segmentation to ensure communications are relevant and timely and to provide an improved experience to our customers and supporters.
· When building a profile we may analyse geographic, demographic and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications.
If you have opted to receive marketing communications from us by post or email, we will tell you about events and Hampshire Aeroplane Club related services that might be of interest to you. We will;
· Email you about forthcoming events, club activities, training sessions, or a combination of these in the HAC Newsletter.
· Mail you about updates in training, offers, rates along with financial documents including quotations and invoicing.
In order to send you information that might be of interest to you we will analyse your personal information and booking patterns to create a profile of your interests and preferences. Occasionally, we may include information in these communications from partner organisations or organisations who support us.
If you have opted out of marketing communications, we may still get in touch with you for administrative purposes regarding your membership or training. For example, we may email you to give you important information about a booking which may need to be changed for certain reasons.
You can change your marketing preferences or opt out of marketing communications by emailing firstname.lastname@example.org or calling us on 0333 355 0764
We will not share any of your personal details with any other third parties without your agreement, unless required in order to fulfil our contract with you or allowed by law.
In general, the third-party providers used by us to fulfil our contract with you will only collect, use and disclose your information to the extent necessary to allow them to
perform the services they provide to us. These providers may include the CAA or other flying schools (as agreed by you) should you be transferring organisation.
Use of the website flyhac.co.uk
We collect non-personally identifying information of the sort that web browsers and servers typically make available. This includes technical information, such as your IP address and your login information and information about your visit, such as records of how you navigate the pages on our site and how you interact with the pages.
A cookie is a small file, saved onto your device, which stores small pieces of information about how you have used our site or to aid the online purchasing process. We use cookie information to monitor traffic levels and to find out how our website is used, so we can keep improving. Cookies are also needed to enable your account and the booking process to work smoothly. It is not possible to use our website without using cookies, so there is no option to opt-out. We do not store any information about you personally in our cookies.
Google Analytics Advertising
Hampshire Aeroplane Club have implemented the following features through Google Analytics Advertising:
Demographics and Interest reporting, Remarketing, GDN Impression Reporting and the DoubleClick Campaign Manager integration.
Hampshire Aeroplane Club and third-party vendors may be using first-party cookies (such as the Google Analytics cookie) or other first-party identifiers, and third-party cookies (such as Google advertising cookies) or other third-party identifiers together. Visitors can opt-out of these Google Analytics Advertising Features through Ads Settings, Ad Settings for mobile apps, or other available means (for example, the NAI’s consumer opt-out).
How we keep your data safe
Your personal data will be held and processed on Hampshire Aeroplane Club’s systems. Where possible we aim to keep a single record for each customer. Your data is always held securely. Access to customer information is strictly controlled. It is held in the UK and the processes are EU compliant. Email data is held by our email distribution supplier 1and1 / Gmail, who are EU compliant.
We will store your data in our systems for a maximum of 3 years after your last booking, transaction or communication with us. To determine our retention periods we consider the amount, nature, and sensitivity of the personal data, the potential risk of
harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and the applicable legal requirements.
Sometimes we ask you to provide sensitive information, for example details regarding aviation medicals / restrictions, or next of kin information or if you apply for a job. As with all the personal information we hold, sensitive information is held securely and restricted to those who need to use it. We will delete information when we no longer need it.
CCTV and recorded images
You have the following rights related to your personal data:
· The right to request a copy of personal information held about you
· The right to request that inaccuracies be corrected
· The right to request us to stop processing your personal data
· The right to withdraw your consent to direct marketing
· The right to request that we erase your personal data
· The right to lodge a complaint with the Information Commissioner’s Office
How can I see what information you are keeping on me?
You have the right to get a copy of the information that we hold about you, this is called a Subject Access Request. You can request a copy of your personal information in writing to Hampshire Aeroplane Club, Solent Airport, Gosport Road, Stubbington, PO14 2AE or email email@example.com.
Please include your full name, address and contact telephone number and details of the specific information you require, including any relevant dates. You will need to supply proof of your identification. We will respond to your request within one calendar month from receipt.
Please note this service is free of charge, however we will be allowed to charge you for our reasonable administrative costs if your request is clearly unfounded or excessive.
Changes to this policy
Please contact us if you have any questions about our Privacy Statement, or wish to be removed from any communications or data processing activities please email firstname.lastname@example.org
* Where you have engaged with us and have indicated that you are a wheelchair user or have any other disability, rather than ask for your consent to process this special category of personal data which is outside of your reasonable expectation to be so asked and is difficult for us in practice to administer given the requirements of GDPR in relation to consent, we will rely on Schedule 1 Pt 2 para 16 of the Data Protection Bill 2018 which permits the processing of special category data for ‘Support for individuals with a particular disability or medical condition’.
Last updated 01 July 2020
Data Protection Policy
Hampshire Aeroplane Club
|Last updated:||July 2020||Version:||1.0||Reviewer:||D. Hart|
GDPR means the General Data Protection Regulation.
Responsible Person means Hampshire Aeroplane Club Ops Officer
Register of Systems means a register of all systems or contexts in which personal data is processed by Hampshire Aeroplane Club (HAC)
1. Data protection principles
HAC is committed to processing data in accordance with its responsibilities under the GDPR.
Article 5 of the GDPR requires that personal data shall be:
a. processed lawfully, fairly and in a transparent manner in relation to individuals;
b. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes;
c. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
e. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and
f. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
2. General provisions
a. This policy applies to all personal data processed by HAC.
b. The Responsible Person shall take responsibility for HAC’s ongoing compliance with this policy.
c. This policy shall be reviewed at least annually.
3. Lawful, fair and transparent processing
a. To ensure its processing of data is lawful, fair and transparent, HAC shall maintain a Register of Systems.
b. The Register of Systems shall be reviewed at least annually.
c. Individuals have the right to access their personal data and any such requests made to HAC shall be dealt with in a timely manner.
4. Lawful purposes
a. All data processed by HAC must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests (see ICO guidance for more information).
b. HAC shall note the appropriate lawful basis in the Register of Systems.
c. Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
d. Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent should be clearly available and systems should be in place to ensure such revocation is reflected accurately in HAC’s systems.
5. Data minimisation
a. HAC shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
b. HAC shall ensure a minimum number of staff shall have access to customer personal data and only as necessary in line with operational requirements.
a. HAC shall take reasonable steps to ensure personal data is accurate.
b. Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date.
c. HAC shall ensure that data is amended or removed in a timely manner and accurately.
7. Archiving / removal
a. To ensure that personal data is kept for no longer than necessary, HAC shall put in place an archiving policy for each area in which personal data is processed and review this process annually.
b. The archiving policy shall consider what data should/must be retained, for how long,
c. Data not needing archiving or having been archived for its specified maximum period shall be fully removed and deleted from all records.
a. HAC shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
b. Access to personal data shall be limited to personnel who need access and appropriate security should be in place to avoid unauthorised sharing of information.
c. When personal data is deleted this should be done safely such that the data is irrecoverable.
d. Appropriate back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, HAC shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the ICO (more information on the ICO website).
END OF POLICY
We need all submissions for data or erasure requests in writing.