Privacy policy

We undertake to respect everyone’s privacy and use the personal information they provide only for the specific purpose we describe here.

We will not pass personal information on to a third party without express permission.

We comply with the Data Protection Act and – in particular – the data protection principles as well as the EU General Data Protection Regulation (GDPR).

We hold very little personal information – only that which is necessary to maintain a list of supporters and, optionally, email addresses of those that want to be kept up-to-date by us.

Data is held in a database that supports this web site. The database is stored with our Internet Service Provider (ISP): IONOS.

Lawful basis of processing

The GDPR requires us to declare why our processing of personal data is lawful. We claim a ‘legitimate interest’ defined as “Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Guidance from the Information Commissioner’s Office is that “It is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing”.

We see the legitimate interests as being:

  • Our interest in administering the list of supporters and ensuring no duplicates
  • Supporters’ interest in being kept informed via occasional emails

Supporter data

We hold each supporter’s name and, if provided, their email address. We also hold a free text field that we optionally use to record the source of each supporter’s details.

We also hold a status flag that records where we are in the initial email validation process (we take steps to verify that email addresses given to us are genuine).

Supporters can change or remove their details:

  • Online via this page (a link is included at the bottom of all supporter emails)
  • Or by making a request via our contact page
In any case, we remove a supporter’s email address if we get multiple rejections from their mail provider.

Subscriber data

Anyone can subscribe to an email feed that notifies them of new web site posts. We hold just the email address of each subscriber.

Subscribers can update or remove their email address:

  • Online via this page (a link is included at the bottom of all notification emails)
  • Or by making a request via our contact page

Access to supporter or subscriber data

Only committee members (and not all of them) have access to supporter or subscriber data. A subset of the committee members have the capability to send supporter emails.

Contact us pages

We do not retain any information from the ‘feedback’ or ‘ask a question’ forms. Instead, they generate emails to the relevant committee members.

Securing web site data

We keep a number of backups of web site data:

  • We assume that our Internet Service Provider, keeps backup copies but we don’t rely on them.
  • We make a backup copy every day which is stored, encrypted, in a OneDrive folder belonging to the web site editor and made available to site administrators.

Access to administer the site is restricted to committee members who log in with their personal username and password. Passwords are encrypted before they are stored in such a way that no-one, not even site administrators, can retrieve the password (we use a process known as one-way encryption).

Access to web site programming and site administration details is restricted to two of the committee members.

You have rights under data protection legislation. The relevant ones being:

  • The right to be informed about our collection and use of your personal data. This document helps us satisfy that right. Please let us know if:
    • You have any questions about how we handle your data or what we hold
    • Concerns about any aspect of our privacy policy or the way we implement it
  • Right of access to information we hold about you. If you want to see that information please contact us.
  • Right of rectification. It’s in everyone’s interest that we hold accurate information. Contact us to get your information corrected.
  • Right to erasure. Note that this is not an absolute right. If you request deletion of all your data we will have to remove you from circulation of our emails. We will delete your data immediately on your request – subject to our data security and retention policies and obligations.