RAF Roundel

Privacy and Data Protection Policy

 

Privacy and Data Protection Policy

About this Privacy Policy

Stow Maries Great War Aerodrome is committed to protecting your privacy. This Policy sets out how we use and protect any information you share with us, including any third parties whom we commission to conduct work on our behalf. If we ask you for any personal information by which you can be identified when you visit or work with us, you may be assured that we will use it only in accordance with this policy.

You are entitled to see personal information about you which we hold. You will need to put your request in writing, accompanied by proof of identity in the form of original or certified copies of identifying documents. To request your personal information please email us at info@stowmaries.org.uk. You can find more details in Your rights below.

Who are we?

Stow Maries Great War Aerodrome (SMGWA) is a charitable company, limited by guarantee, registered with the Charity Commission under number 1151099. It was set up to own and operate the site and estate previously occupied by RFC and RAF Stow Maries in keeping with the objectives noted by the Commission. It encompasses a Trading Company, SMGWA Trading Ltd.

What we do

SMGWA owns and operates the site with the aim of preserving the fabric of Stow Maries WW1 Aerodrome for the public benefit, and to advance the public knowledge of the Aerodrome, the Great War and the Natural History of the surrounding countryside in such ways as may be deemed charitable in law. We do this by pursuing our Vision and Aims.

Vision and Aims

The core vision of Stow Maries Great War Aerodrome is to conserve our unique heritage site to enable it to play a vital contemporary role in the lives of our local and wider communities and become a key part of the nation’s cultural landscape.

SMGWA aims to:

  • Research, preserve and tell the stories of the men and women who lived, worked and died at SMGWA and the part it played in the home defence of London and the Southeast during the First World War,
  • Create, present and curate enjoyable and educational experiences for all, featuring the historical heritage, ecology and biodiversity of our site,
  • Champion and be an exemplar of active participation and lifelong volunteering at the Site,
  • Deliver an exciting, engaging and varied programme of participatory events,
  • Widen and broaden our audiences through accessible and diverse visitor experiences utilizing a range of interpretation techniques,
  • Maintain an appropriate Conservation Management Plan for the site, encompassing all facets of the site including ecological and historical.


UK GDPR Data Controllers and Processors

Under the UK General Data Protection Regulations (GDPR), there are guidelines about who decides what data we need to collect (Data Controllers) and who works with it (Data Processors). At SMGWA, the role of Data Controller is held by the Board of Trustees of Stow Maries Great War Aerodrome, with their Chief Executive Officer acting as their delegated authority. The Data Controllers make decisions about processing activities. They exercise overall control of the personal data being processed and are ultimately in charge of and responsible for the processing. Our team at SMGWA are our processors and they act directly under the authority of the CEO, only processing data for the purposes it has been collected for.

Which personal information do we collect?

When you work with us, you may be asked to supply personal information which could include:

  • name
  • job title or role
  • organisation
  • contact details including email address, telephone number, address, social media handle
  • dietary and/or access requirements
  • financial details to enable payments to be made or received.


You may be also asked to supply information like this when you register with us for something including:

  • signing up to our e-newsletter
  • registering for an event
  • completing an evaluation form
  • making an enquiry


Why do we collect your personal information?

We may collect and process your personal data under one or more of these lawful bases:

  • Consent: where you have explicitly provided your consent for us to process your data. For example, you have subscribed to our email newsletter.
  • Contract: where you have entered into a contract with us. For example, you have been engaged to work with us on a project or we have asked you to provide us with a specific service or goods.


What do we use the information for?

Your personal information may be shared between SMGWA team members for the purposes of managing events and services, responding to enquires, and contacting you with opportunities of interest.

We may use your personal information to:

  • support your attendance at events, including contacting you with reminders;
  • where necessary, share your name, role, organisation and email with approved or appointed third parties such as trainers, consultants and other organisations which have been commissioned by or which directly support SMGWA (see “Appointed third parties” below), solely for the purposes of supporting your engagement with us or them;
  • monitor and evaluate our work in order to improve our activities;
  • send you communications via our e-newsletter, if you have given your permission for this;
  • send you communications which we think will be of interest to you directly via email, phone or post;
  • invite you to participate in surveys or research which will improve our services.


SMGWA will retain records of interactions you have had with us to ensure we continue to provide an effective offer. These may include:

  • records of your attendance at our events;
  • records of work you have done with or for us;
  • evaluation forms or surveys you complete;
  • correspondence between us.


Who do we share your information with?

We will not sell, rent, share or forward your information to any third party for marketing or any other commercial purpose. We will not disclose any information about you other than for the purposes described within this policy, except when required to do so by law.

Where necessary, we will share your name, role and organisation (and email address, if essential) with approved third parties such as trainers, consultants and other organisations which have been commissioned by SMGWA or which directly support SMGWA (see “Appointed third parties” below), for the purposes of supporting your engagement them or us. These third parties will only use your data for the specified purpose and will not use it for any other reason or share it with any other individuals or organisations.

We may also use some third party organisations to help us deliver our online services. See “Third party online service providers” below for more information.

Appointed third parties

If SMGWA contracts individuals, consultants, businesses and other organisations to deliver specific training or developmental work for us, we may share your name and role with our appointed third parties. On occasion, we may share your email address, for example if we have appointed a third party to deliver a training or development event for us and it is necessary for them to have your contact details in advance due to the nature of the event. We will always share only the minimum information necessary.

Appointed third parties will only use your data for the specified purpose and will not use it for any other reason or share it with any other individuals or organisations. These third parties are bound by their employing organisation’s data protection and privacy policies. Any breach of these values and/or the law is the responsibility of their employing organisation, not SMGWA.

All individuals and/or organisations defined as an appointed third party are required to uphold SMGWA’s values whilst working according to this Privacy Policy, plus all respective and subsequent laws. Should any breach of these values and/or the law occur, the contracted individual and/or the organisation are liable for the breach, not SMGWA.

Please be aware that personal data which you submit to Eventbrite may be retained separately by Eventbrite under the terms of its Privacy Policy.

 How long is information kept?

  • Your personal information may be retained for at least the duration of the current financial year, usually the end of the following one, for financial reporting and audit purposes.
  • Other personal information relating to event bookings will be kept for up to one year after the event.

  • Photographs and videos in which you feature and for which you have given your permission for us to use will be kept for five years after the end of the financial year in which the resource was first created. Should we wish to keep the resource beyond this period, we will not do so without your written permission.

  • We retain supplier forms (which include bank details), invoices and grant contracts. For audit purposes, invoices will be retained for up to seven years.


Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure SMGWA has put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.

We will do our best to protect your personal information, but we cannot guarantee the security of any information transmitted to our email addresses, our website and all communications with us are at your own risk. We will use strict procedures and security features on the website to try to prevent unauthorised access.

Third party online service providers

We use third party service providers to help provide our services, including Hootsuite, Eventbrite, and LinkedIn. We are not responsible for the privacy policies or practices of these third party organisations. If you sign up to any service hosted by a third party you will be notified of their own privacy policies, and by signing up with any third party you agree to accept their terms and conditions.

SMGWA website

Cookies

Like most websites, tour website uses ‘cookies’. These are small data files which are stored on your device in order to improve the functionality and management of the site. As these cookies are commonly used across the web, we recommend disabling cookies in your browser if you do not wish them to be installed on your device.

Most browsers allow you to refuse to accept cookies.  This may, however, have a negative effect upon the usability of many websites, and may prevent you from accessing some services available on this website.

Links to and content from other websites

Our site may, from time to time, contain links to and useful resources from the websites of our partner networks, advertisers and affiliates.  If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data to these websites.

Analytics

We use Google Analytics to record anonymised data about how this website is used. This enables us to measure how many people use the website, how they reach the site, and what pages they visit. This information helps us improve the website by understanding how people use it, and also enables us to report to funders about how well the site is performing.

Google Analytics does not allow us to view individual user details; it only enables us to analyse patterns of behaviour across multiple users. It collects users’ IP addresses, but solely for the purpose of analysing where in the world people are using this site.

Learn more about Google Analytics security and privacy principles and safeguards 

Eventbrite

We use Eventbrite to take bookings for our events. Eventbrite uses secure servers based in the United States, which are certified compliant with the EU-US Privacy Shield. You can find Eventbrite’s privacy policy here: Eventbrite privacy policy.

Eventbrite uses sub-processors (who process data on behalf of Eventbrite). A list of sub-processors is available on Eventbrite’s website. These sub-processors may have access to your personal information. We have not been able to assess each sub-processor and where data is transferred. However, the sub-processors are subject to contractual clauses to keep your information safe and the information you are asked for to register for this event has been limited.

After you register with Eventbrite you are able to delete your own information from their website following the event, in the privacy centre.

When you sign up to one of our events via Eventbrite, your data will be retained on Eventbrite until three months after the event has taken place; after that date your booking details will be deleted from Eventbrite.

Your rights

If you have signed up for our e-newsletter or made an Eventbrite booking, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.

Data protection laws provide you with the following rights to:

  • request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
  • request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected;
  • request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below);
  • request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it; and
  • request a copy of your personal information which you have provided to us, in a structured, commonly used and machine-readable format and the right to transfer it, or to require us to transfer it directly, to another controller.


You also have the right to object to the processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.

You will not have to pay a fee to access your personal information (or to exercise any of the other rights above). However, we may charge a reasonable fee if your request for access is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access the information (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal information is not disclosed to any person who has no right to receive it.

Where we rely on your consent to process your personal data, for example if we need your consent to send you any direct marketing, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us using any of the details set out below in the “Contacting Us” section. Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.

If you are unhappy about how your personal data has been used, please refer to our complaints policy. You also have a right to complain to the supervisory authority, which in the United Kingdom is the Information Commissioner’s Office https://ico.org.uk, which regulates the processing of personal data.

You are entitled to see personal information about you which we hold. You will need to put your request in writing, accompanied by proof of identity in the form of original or certified copies of identifying documents.

You can also ask us to:

  • update the details we hold about you,
  • consider a request to stop processing your data, including sending you communications,
  • complain about or discuss how we are handling your information.


For any of these requests please email us at info@stowmaries.org.uk

 

 

Sign up for our newsletter!

SMGWA Logo
Please enter at least 3 characters