- 1. About this Policy
1.1 This policy explains when and why we collect personal information about our members and instructors, how we use it and how we keep it secure and your rights in relation to it.
1.4 We will always comply with the General Data Protection Regulation (GDPR) when dealing with your personal data. Further details on the GDPR can be found at the website for the Information Commissioner (www.ico.gov.uk). For the purposes of the GDPR, we will be the “controller” of all personal data we hold about you.
- 2. Who are we?
2.1 We are Not Dead Yet UK. We can be contacted at firstname.lastname@example.org.
- 3. What information we collect and why.
3.1 We may collect your email address, first name, last name, and phone number so that we can keep you up to date with our activity. We can only do this with your consent to do so.
- 4. How we protect your personal data
4.1 In order to manage your data and communicate with you, it may sometimes be necessary for us to transfer your personal data outside the European Union. However we will only do so in accordance with the GDPR. That is most likely to involve either approval by the EU Commission that the country to which your data is being transferred provides adequate protection for personal data or on the basis of standard clauses, required by the EU, with the organisation to which we are transferring your data.
4.2 We have implemented generally accepted standards of technology and operational security in order to protect personal data from loss, misuse, or unauthorised alteration or destruction.
4.3 Please note however that where you are transmitting information to us over the internet this can never be guaranteed to be 100% secure.
4.4 For any payments which we take from you online we will use a recognised online secure payment system.
4.5 We will notify you promptly in the event of any breach of your personal data which might expose you to serious risk.
- 5. Who else has access to the information you provide us?
5.1 We will never sell your personal data. We will not share your personal data with any third parties without your prior consent (which you are free to withhold) except where we are required to do so by law or in paragraphs 5.2 and 5.3 below.
5.2 We may pass your personal data to third parties who are service providers, agents and subcontractors to us for the purposes of completing tasks and providing services to you on our behalf (e.g. to print newsletters and send you mailings). We do this for the purpose of our legitimate interests in operating the Club and for performing our contract with you. However, we disclose only the personal data that is necessary for the third party to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own purposes. It is possible that third parties may themselves engage others (subprocessors) to process your data. Where this is the case third parties will be required to have contractual arrangements with their sub-processor(s) that ensure your information is kept secure and not used for their own purposes.
- 6. How long do we keep your information?
6.1 We will hold your personal data on our systems for as long as you are subscribed to Not Dead Yet UK and for as long afterwards as it is in Not Dead Yet UK’s legitimate interest to do so or for as long as is necessary to comply with our legal obligations. We will review your personal data every year to establish whether we are still entitled to process it. If we decide that we are not entitled to do so, we will stop processing your personal data except that we will retain your personal data in an archived form in order to be able to comply with future legal obligations e.g. compliance with tax requirements and exemptions, and the establishment, exercise or defence of legal claims.
6.2 We securely destroy all financial information once we have used it and no longer need it.
- 7. Your rights explained
7.1 It is important that you understand what rights you have in respect of the Personal Data and Special Category Personal Data that we hold about you. To let us know that you wish us to exercise any of your rights outlined above please contact our Data Protection Manager at: email@example.com.
- The right to be informed (knowing how we will use your data).
- You have the right to be told how we will use your Personal Data – which is set out in This Notice.
- The right of access (being provided with copies of your data).
- You have the right to ask us to provide you with a copy of your Personal Data. We will supply any information you ask for as soon as possible but may take up to 1 month once we are satisfied as to your identity. We will not charge you for this. This is called a data subject access request.
- The right to rectification (changing incorrect information we hold).
- If you believe our records are inaccurate you have the right to ask for those records concerning you to be updated. Contact details for any requests can be found above.
- The right to be forgotten (erasure) (requesting deletion of your Personal Data).
- In some cases, you have the right to be forgotten (i.e. to have your Personal Data deleted from our database).
- The right to restrict processing (limiting how we use your data).
- In certain situations you have the right to ask for processing of your Personal Data to be restricted because there is some disagreement about its accuracy or legitimate usage.
- The right to data portability (moving your data in a useable format).
- You have the right to request the Personal Data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party – in certain situations.
- The right to object (when we must stop processing your data).
- You have the right to object to us processing data purely for our legitimate interests. If you make such a request, we must stop processing your Personal Data unless: we can demonstrate compelling legitimate grounds for the processing, which override your interests, rights and freedoms; or the processing is for the establishment, exercise or defence of legal claims.
- The right not to be subject to automated decision making including profiling (making a decision solely by automated means without any human involvement).
- The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you. We do not undertake automated decision making or profiling.
7.2 You have the right to take any complaints about how we process your personal data to the Information Commissioner:
Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow
Cheshire SK9 5AF
Telephone: +44 303 123 1113
7.3 For further information on each of those rights, including the circumstances in which they apply, please see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.