Privacy Policy
Privacy Notice
For everybody...
This privacy notice provides you with details of how we collect and process your personal data, either as a member of the society, as a newsletter subscriber, as a website user, as a prospective member, etc.
The people who are responsible for your data, and control how it is used are the members of the governing committee of Conquest (referred to as “we”, “us” or “our” in this privacy notice). The committee members are Nigel Walton, Debbie Lough, Louise Goddard, Flo Bradley Sutton, Luke Todd, and Andy Streatfield. As we share decisions regarding the use of your data, we are collectively the Data Controllers. We are Conquest Living History Society.
If you need to contact us for any reason to do with your data, you should contact Debbie Lough, who runs the website, at:
email: conquestlh@yahoo.co.uk
Postal address: c/o 31 Womersley Road, Knottingley, West Yorkshire, WF11 0DB, UK.
You have the right to receive copies of all or part of the information we hold on you at any time, free of charge. Just contact me (Debbie) as detailed above. Information will be provided to you within one month from the date we receive your query.
We may need to ask you some questions in order to verify that you are the person requesting the information, to ensure that we don't reply to a false request for your information from a third party.
The UK supervisory authority for data Protection is the Information Commissioner's Office (www.ico.org.uk)
We are not registered with them, as we are in an exempt category, but if you are not happy with any aspect of how we use and / or collect your data, you do still have the right to complain to them.
If you do have a complaint, we'd appreciate it muchly if you would contact us first, giving us a chance to resolve it for you ourselves.
It is a part of the General Data Protection Regulations that the information we hold about you must be both accurate and up to date. If the information you have given us changes at any time, please let us know by emailing conquestlh@yahoo.co.uk
International Transfers of Personal Data
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data as those within it do. European law therefore only allows these transfers to take place if set out criteria are met.
As a number of the suppliers we use (for website provision, email lists, payment processing, etc) are outside the EEA, this will necessarily involve a transfer of your data outside the EEA.
However, we will only transfer your data to countries that have a similar or greater degree of protection for personal data as that granted under EU / UK law.
If you want further specific information about companies that we use that involve the transfer of your data outside the EU, please contact Debbie at conquestlh@yahoo.co.uk.
As a newsletter subscriber...
The information we collect.
Your personal data is any information from which you may be identified. It does not mean anonymous data from which you cannot be identified.
The types of data we may process or hold about you will vary depending on whether you are a newsletter subscriber (when there will be less information), or a member (when there will be more information).
Information we might use when you subscribe to our newsletter includes:
Identity Data – we ask for your first name, last name, date of birth.
Contact Data – we ask for your email address.
Technical Data may include your login data, internet protocol (IP) addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
Profile Data may include your your interests, preferences, feedback and survey responses.
Usage Data may include information about how you use our website, products and services.
Marketing and Communications Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
We may also use your data to create 'Aggregated Data' – for example, we may use your usage data to work out the percentage of newsletter users who are opening an email, or clicking on a link. Aggregated Data itself is not Personal data, because individuals cannot be identified from it. If the aggregated data is linked to the personal data, then it is all considered as, and treated as, personal data.
Sensitive Data
Sensitive data, or 'special category data', refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
We do not collect any Sensitive Data about you.
We do not collect any information about criminal convictions and offences.
How we collect your data
As a newsletter subscriber, this is how we may collect data about you:
Direct interactions: You may provide data by filling in forms on our website, or in person at an event.
Automated technologies or interactions: As you use our website, and newsletters, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. See here for more information on what a cookie is and how it is used en.wikipedia.org/wiki/HTTP_cookie
Third parties or publicly available sources : We may receive personal data about you from various third parties and public sources as set out below:
Contact information and technical data from our email newsletter provider MailChimp, who are based in the USA.
How we use your personal data:
We use your personal data purely to create and send you emails about the society and our activities, blog posts, website news, etc. We will use it for no other purpose without first gaining your permission.
Your information is stored by Mailchimp.com, who use it to provide us with information on what you've read and what you've clicked on, that enable us to write mails that more people will find interesting and relevant. Mailchimp uses tls encryption and performs regular hacking penetration tests to ensure that the information they hold is secure.
We only share your information with any third parties if it is in order to fulfil the sending of the email newsletter. It will not be shared or used for any other purpose, and we will ensure that it is always held in a secured format.
The legal bases for us holding and using your information for our newsletter are set our below. By filling out a form to be added to our mailing list, you are giving us your permission to hold and use your data. You can withdraw that permission at any time, either by clicking the 'unsubscribe' link in any email, or by emailing conquestlh@yahoo.co.uk. This is your 'right to be forgotten', under the terms of the GDPR.
For everybody...
This privacy notice provides you with details of how we collect and process your personal data, either as a member of the society, as a newsletter subscriber, as a website user, as a prospective member, etc.
The people who are responsible for your data, and control how it is used are the members of the governing committee of Conquest (referred to as “we”, “us” or “our” in this privacy notice). The committee members are Nigel Walton, Debbie Lough, Louise Goddard, Flo Bradley Sutton, Luke Todd, and Andy Streatfield. As we share decisions regarding the use of your data, we are collectively the Data Controllers. We are Conquest Living History Society.
If you need to contact us for any reason to do with your data, you should contact Debbie Lough, who runs the website, at:
email: conquestlh@yahoo.co.uk
Postal address: c/o 31 Womersley Road, Knottingley, West Yorkshire, WF11 0DB, UK.
You have the right to receive copies of all or part of the information we hold on you at any time, free of charge. Just contact me (Debbie) as detailed above. Information will be provided to you within one month from the date we receive your query.
We may need to ask you some questions in order to verify that you are the person requesting the information, to ensure that we don't reply to a false request for your information from a third party.
The UK supervisory authority for data Protection is the Information Commissioner's Office (www.ico.org.uk)
We are not registered with them, as we are in an exempt category, but if you are not happy with any aspect of how we use and / or collect your data, you do still have the right to complain to them.
If you do have a complaint, we'd appreciate it muchly if you would contact us first, giving us a chance to resolve it for you ourselves.
It is a part of the General Data Protection Regulations that the information we hold about you must be both accurate and up to date. If the information you have given us changes at any time, please let us know by emailing conquestlh@yahoo.co.uk
International Transfers of Personal Data
Countries outside of the European Economic Area (EEA) do not always offer the same levels of protection to your personal data as those within it do. European law therefore only allows these transfers to take place if set out criteria are met.
As a number of the suppliers we use (for website provision, email lists, payment processing, etc) are outside the EEA, this will necessarily involve a transfer of your data outside the EEA.
However, we will only transfer your data to countries that have a similar or greater degree of protection for personal data as that granted under EU / UK law.
If you want further specific information about companies that we use that involve the transfer of your data outside the EU, please contact Debbie at conquestlh@yahoo.co.uk.
As a newsletter subscriber...
The information we collect.
Your personal data is any information from which you may be identified. It does not mean anonymous data from which you cannot be identified.
The types of data we may process or hold about you will vary depending on whether you are a newsletter subscriber (when there will be less information), or a member (when there will be more information).
Information we might use when you subscribe to our newsletter includes:
Identity Data – we ask for your first name, last name, date of birth.
Contact Data – we ask for your email address.
Technical Data may include your login data, internet protocol (IP) addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
Profile Data may include your your interests, preferences, feedback and survey responses.
Usage Data may include information about how you use our website, products and services.
Marketing and Communications Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
We may also use your data to create 'Aggregated Data' – for example, we may use your usage data to work out the percentage of newsletter users who are opening an email, or clicking on a link. Aggregated Data itself is not Personal data, because individuals cannot be identified from it. If the aggregated data is linked to the personal data, then it is all considered as, and treated as, personal data.
Sensitive Data
Sensitive data, or 'special category data', refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
We do not collect any Sensitive Data about you.
We do not collect any information about criminal convictions and offences.
How we collect your data
As a newsletter subscriber, this is how we may collect data about you:
Direct interactions: You may provide data by filling in forms on our website, or in person at an event.
Automated technologies or interactions: As you use our website, and newsletters, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. See here for more information on what a cookie is and how it is used en.wikipedia.org/wiki/HTTP_cookie
Third parties or publicly available sources : We may receive personal data about you from various third parties and public sources as set out below:
Contact information and technical data from our email newsletter provider MailChimp, who are based in the USA.
How we use your personal data:
We use your personal data purely to create and send you emails about the society and our activities, blog posts, website news, etc. We will use it for no other purpose without first gaining your permission.
Your information is stored by Mailchimp.com, who use it to provide us with information on what you've read and what you've clicked on, that enable us to write mails that more people will find interesting and relevant. Mailchimp uses tls encryption and performs regular hacking penetration tests to ensure that the information they hold is secure.
We only share your information with any third parties if it is in order to fulfil the sending of the email newsletter. It will not be shared or used for any other purpose, and we will ensure that it is always held in a secured format.
The legal bases for us holding and using your information for our newsletter are set our below. By filling out a form to be added to our mailing list, you are giving us your permission to hold and use your data. You can withdraw that permission at any time, either by clicking the 'unsubscribe' link in any email, or by emailing conquestlh@yahoo.co.uk. This is your 'right to be forgotten', under the terms of the GDPR.
NB as this table is in picture format, due to the limitations of the website software, if you need it in an accessible format (that can be read by reading software, for example), please contact us at conquestlh@yahoo.co.uk
If the form you filled in was in person (a hard copy, not online), the original will be stored securely in a locked cabinet, because we have to be able to prove that you have given us your permission, and your information transferred to Mailchimp manually. In this circumstance, if you unsubscribe from the newsletter, the original hard-copy sign up form will be destroyed.
Disclosures of your personal data
We may have to share your personal data sometimes, for the reasons set out in the above table, in order to carry out these activities – examples of this include where we have to share info with our IT suppliers, and where we are legally obliged to do so.
As a member of the society...
The information we collect.
Your personal data is any information from which you may be identified. It does not mean anonymous data from which you cannot be identified.
The types of data we may process or hold about you will vary depending on whether you are a newsletter subscriber (when there will be less information), or a member (when there will be more information).
Information we might use when you apply for / take out membership includes:
Identity Data – we ask for your first name, last name, date of birth.
Contact Data – we ask for your email address, telephone number, and postal address.
Technical Data - may include your login data, internet protocol (IP) addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
Profile Data - may include your your interests, preferences, feedback and survey responses.
Usage Data - may include information about how you use our website, products and services.
Marketing and Communications Data - may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
Financial Data - may include your bank account and payment card details.
Transaction Data - may include details about payments between us and other details of purchases made by you.
We also hold records of your attendance at events, your attendance and participation in training, etc.
We may also use your data to create 'Aggregated Data' – for example, we may use your usage data to work out the percentage of newsletter users who are opening an email, or clicking on a link. Aggregated Data itself is not Personal data, because individuals cannot be identified from it. If the aggregated data is linked to the personal data, then it is all considered as, and treated as, personal data.
Sensitive Data
Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
We DO sometimes collect Sensitive Data about you.
We may collect certain information about health from our members. This includes information regarding allergies; medications; longer term illnesses or medical conditions; disabilities; where applicable, pregnancy (meaning if a member is pregnant). We collect this information in order to ensure that you can take part as fully as possibly, and in order to pass onto emergency services should it be necessary.
We do not collect any information about criminal convictions and offences.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
How we collect your data
As a member of the society, this is how we may collect data about you:
Direct interactions: You may provide data by filling in forms on our website, or in person at an event, or by sending a form through the post.
Automated technologies or interactions: As you use our website, and newsletters, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. See here for more information on what a cookie is and how it is used en.wikipedia.org/wiki/HTTP_cookie
Third parties or publicly available sources : We may receive personal data about you from various third parties and public sources as set out below:
Contact information and technical data from our email newsletter provider MailChimp, who are based in the USA.
Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as: Stripe, and Weebly, both based in the USA.
Our website is hosted by Weebly, and our online card payments are processed by Stripe. If you pay membership online, your transactional and contact information will be held by Weebly, and your financial information will be held by Stripe.
It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS).
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
How we use your personal data:
We use your personal data to create and send you emails about the society and our activities, blog posts, website news, etc. We also keep records of membership, event attendance, training, etc.
If you have signed up for our members email newsletter, your information is stored by Mailchimp.com, who use it to provide us with information on what you've read and what you've clicked on, that enable us to write mails that more people will find interesting and relevant. Mailchimp uses TLS encryption and performs regular hacking penetration tests to ensure that the information they hold is secure.
We only share your information with any third parties if it is in order to administer your membership, or to meet our legal obligations. It will not be shared or used for any other purpose, and we will ensure that it is always held in a secured format.
The legal bases for us holding and using your information are set out below.
Disclosures of your personal data
We may have to share your personal data sometimes, for the reasons set out in the above table, in order to carry out these activities – examples of this include where we have to share info with our IT suppliers, and where we are legally obliged to do so.
As a member of the society...
The information we collect.
Your personal data is any information from which you may be identified. It does not mean anonymous data from which you cannot be identified.
The types of data we may process or hold about you will vary depending on whether you are a newsletter subscriber (when there will be less information), or a member (when there will be more information).
Information we might use when you apply for / take out membership includes:
Identity Data – we ask for your first name, last name, date of birth.
Contact Data – we ask for your email address, telephone number, and postal address.
Technical Data - may include your login data, internet protocol (IP) addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
Profile Data - may include your your interests, preferences, feedback and survey responses.
Usage Data - may include information about how you use our website, products and services.
Marketing and Communications Data - may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
Financial Data - may include your bank account and payment card details.
Transaction Data - may include details about payments between us and other details of purchases made by you.
We also hold records of your attendance at events, your attendance and participation in training, etc.
We may also use your data to create 'Aggregated Data' – for example, we may use your usage data to work out the percentage of newsletter users who are opening an email, or clicking on a link. Aggregated Data itself is not Personal data, because individuals cannot be identified from it. If the aggregated data is linked to the personal data, then it is all considered as, and treated as, personal data.
Sensitive Data
Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data.
We DO sometimes collect Sensitive Data about you.
We may collect certain information about health from our members. This includes information regarding allergies; medications; longer term illnesses or medical conditions; disabilities; where applicable, pregnancy (meaning if a member is pregnant). We collect this information in order to ensure that you can take part as fully as possibly, and in order to pass onto emergency services should it be necessary.
We do not collect any information about criminal convictions and offences.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
How we collect your data
As a member of the society, this is how we may collect data about you:
Direct interactions: You may provide data by filling in forms on our website, or in person at an event, or by sending a form through the post.
Automated technologies or interactions: As you use our website, and newsletters, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. See here for more information on what a cookie is and how it is used en.wikipedia.org/wiki/HTTP_cookie
Third parties or publicly available sources : We may receive personal data about you from various third parties and public sources as set out below:
Contact information and technical data from our email newsletter provider MailChimp, who are based in the USA.
Contact, Financial and Transaction Data from providers of technical, payment and delivery services such as: Stripe, and Weebly, both based in the USA.
Our website is hosted by Weebly, and our online card payments are processed by Stripe. If you pay membership online, your transactional and contact information will be held by Weebly, and your financial information will be held by Stripe.
It is encrypted through the Payment Card Industry Data Security Standard (PCI-DSS).
All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover.
How we use your personal data:
We use your personal data to create and send you emails about the society and our activities, blog posts, website news, etc. We also keep records of membership, event attendance, training, etc.
If you have signed up for our members email newsletter, your information is stored by Mailchimp.com, who use it to provide us with information on what you've read and what you've clicked on, that enable us to write mails that more people will find interesting and relevant. Mailchimp uses TLS encryption and performs regular hacking penetration tests to ensure that the information they hold is secure.
We only share your information with any third parties if it is in order to administer your membership, or to meet our legal obligations. It will not be shared or used for any other purpose, and we will ensure that it is always held in a secured format.
The legal bases for us holding and using your information are set out below.
NB as this table is in picture format, due to the limitations of the website software, if you need it in an accessible format (that can be read by reading software, for example), please contact us at conquestlh@yahoo.co.uk
By filling out a form to be added to our mailing list, you are giving us your permission to hold and use your data. You can withdraw that permission at any time, either by clicking the 'unsubscribe' link in any email, or by emailing conquestlh@yahoo.co.uk. This is your 'right to be forgotten', under the terms of the GDPR. Although it is worth bearing in mind that if you do withdraw your consent, you will not be kept up to date with event information, society news, etc.
If the form you filled in was in person (a hard copy, not online), the original will be stored securely in a locked cabinet, because we have to be able to prove that you have given us your permission, and your information transferred to Mailchimp manually.
The lawful bases under which we hold your membership, attendance and training records are largely legal obligation, and contractual. While you do have the right to be erased from our newsletter lists, because that is considered as marketing, you do not have the right to be removed from these records, because we need them both to fulfil your membership, AND to meet the required legal standards for record keeping.
Therefore all records relating to membership will be kept for seven years after your membership is terminated.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If you want to find out more about how the processing for the new purpose is compatible with the original purpose, please email Debbie at conquestlh@yahoo.co.uk
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground for doing so.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
Disclosures of your personal data
We may have to share your personal data sometimes, for the reasons set out in the above table, in order to carry out these activities – examples of this include where we have to share info with our IT suppliers, with the companies that process payments for us, with some clients who need to know who is on site, and where we are legally obliged to do so (eg if we were to be investigated for any incident occurring at an event).
Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We keep basic information about our members (including names and addresses, attendance records, and training records, etc) for seven years after their membership ceases.
In some circumstances you can ask us to delete your data, but we cannot always do this.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
As the emergency contact of a member of the society...
This includes only friends, relatives and next of kin of society members, who are listed as emergency contacts by our members.
The information we collect.
Your personal data is any information from which you may be identified. It does not mean anonymous data from which you cannot be identified.
The types of data we will process or hold about you is very simple if you are an emergency contact of a member.
Information we will hold in this circumstance is as follows, and is limited to:
Identity Data – your first name, and your last name.
Contact Data – your telephone number, or mobile telephone number.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
How we collect your data
As the emergency contact of a member, this is how we may collect data about you:
Third parties or publicly available sources :
We may receive personal data about you from third parties as set out below:
from the member of the society who provides us with your name and number.
How we use your personal data:
We use your personal data to contact you in the event of an emergency (eg, accident or sudden illness) involving the member who gave you as their emergency contact.
If the member emails us their membership form, your name and phone number will be stored by Yahoo Mail, which is encrypted.
Other than that, we will only share your information with any third parties if we must in the even of an emergency involving the member who gave us your contact information (eg, if a member needs to be hospitalised, we may share your information with emergency services or hospital staff).
The legal bases for us holding and using your information are set out below.
NB as this table is in picture format, due to the limitations of the website software, if you need it in an accessible format (that can be read by reading software, for example), please contact us at conquestlh@yahoo.co.uk
We may also keep hard copies of membership forms as part of our records, and as part of our emergency contact sheet. These are kept locked away at all times.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If you want to find out more about how the processing for the new purpose is compatible with the original purpose, please email Debbie at conquestlh@yahoo.co.uk
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground for doing so.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
Disclosures of your personal data
We may have to share your personal data sometimes, for the reasons set out in the above table, in order to carry out these activities – examples of this include where we have to share info with our IT suppliers, with the companies that process payments for us, with some clients who need to know who is on site, and where we are legally obliged to do so (eg if we were to be investigated for any incident occurring at an event).
Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
As an emergency contact of a member, although we will keep membership forms for 7 years, or longer if a member stays for longer than 7 years, all your information will be deleted / redacted from them at the end of each membership year (a membership year runs January to December). If a member rejoins, they may provide us with your information again, and it will be kept until the end of that year, and so on.
In some circumstances you can ask us to delete your data, but we cannot always do this due to legal obligations.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If you want to find out more about how the processing for the new purpose is compatible with the original purpose, please email Debbie at conquestlh@yahoo.co.uk
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground for doing so.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
Disclosures of your personal data
We may have to share your personal data sometimes, for the reasons set out in the above table, in order to carry out these activities – examples of this include where we have to share info with our IT suppliers, with the companies that process payments for us, with some clients who need to know who is on site, and where we are legally obliged to do so (eg if we were to be investigated for any incident occurring at an event).
Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
As an emergency contact of a member, although we will keep membership forms for 7 years, or longer if a member stays for longer than 7 years, all your information will be deleted / redacted from them at the end of each membership year (a membership year runs January to December). If a member rejoins, they may provide us with your information again, and it will be kept until the end of that year, and so on.
In some circumstances you can ask us to delete your data, but we cannot always do this due to legal obligations.
Anybody else...
This includes people who are contacting us for reasons other than membership, people who are simply browsing our website, or people who make membership or event enquiries.
The information we collect.
Your personal data is any information from which you may be identified. It does not mean anonymous data from which you cannot be identified.
The types of data we may process or hold about you will vary depending on what your interaction with us is – less if you are simply browsing our website, more if you actually contact us.
Information we might use in these circumstances may include:
Identity Data – your first name, last name, date of birth.
Contact Data – your email address, telephone number, postal address.
Technical Data may include your login data, internet protocol (IP) addresses, browser type and version, browser plug-in types and versions, time zone setting and location, operating system and platform and other technology on the devices you use to access this site.
Profile Data may include your your interests, preferences, feedback and survey responses.
Usage Data may include information about how you use our website, products and services.
Marketing and Communications Data may include your preferences in receiving marketing communications from us and our third parties and your communication preferences.
If you've emailed us to make an enquiry or to arrange an event, or to ask about membership, etc, we may need to keep copies of email discussions.
We may also use your data to create 'Aggregated Data' – for example, we may use your usage data to work out the percentage of newsletter users who are opening an email, or clicking on a link. Aggregated Data itself is not Personal data, because individuals cannot be identified from it. If the aggregated data is linked to the personal data, then it is all considered as, and treated as, personal data.
Sensitive Data
Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. We do not collect any Sensitive Data about you. We do not collect any information about criminal convictions and offences.
Where we are required to collect personal data by law, or under the terms of the contract between us and you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver goods or services to you). If you don’t provide us with the requested data, we may have to cancel a product or service you have ordered but if we do, we will notify you at the time.
How we collect your data
As somebody interacting with other than as a newsletter subscriber or member, this is how we may collect data about you:
Direct interactions: You may provide data by filling in forms on our website, or in person at an event, or by sending a form through the post, or by sending us an email.
Automated technologies or interactions: As you use our website, and email us, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies. See here for more information on what a cookie is and how it is used en.wikipedia.org/wiki/HTTP_cookie
Third parties or publicly available sources : We may receive personal data about you from various third parties and public sources as set out below:
Contact information and technical data from our email provider, Yahoo, based in the USA.
Technical information from our website provider, Weebly, also based in the USA.
How we use your personal data:
We use your personal data to maintain and improve our website, and to respond to requests made via email or other means.
If you email us, your email address and other information that you send us will be stored by Yahoo Mail, which is encrypted.
We only share your information with any third parties if we must in order to respond to a query you have sent us, or to meet our legal obligations. It will not be shared or used for any other purpose without your permission, and we will ensure that it is always held in a secured format. Please note: this means that we are not able to discuss your membership with a third party without your written consent.
The legal bases for us holding and using your information are set out below.
NB as this table is in picture format, due to the limitations of the website software, if you need it in an accessible format (that can be read by reading software, for example), please contact us at conquestlh@yahoo.co.uk
If you contacted us by filling in a form at an event (for example a membership enquiry), or through the post, the original 'hard copy' that you gave us will be securely stored for our records, only as long as it is necessary for us to do so. We must keep the hard copy, because it is our legal obligation to prove that we have your permission to contact you.
Change of purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
If you want to find out more about how the processing for the new purpose is compatible with the original purpose, please email Debbie at conquestlh@yahoo.co.uk
If we need to use your personal data for a purpose unrelated to the purpose for which we collected the data, we will notify you and we will explain the legal ground for doing so.
We may process your personal data without your knowledge or consent where this is required or permitted by law.
Disclosures of your personal data
We may have to share your personal data sometimes, for the reasons set out in the above table, in order to carry out these activities – examples of this include where we have to share info with our IT suppliers, with the companies that process payments for us, with some clients who need to know who is on site, and where we are legally obliged to do so (eg if we were to be investigated for any incident occurring at an event).
Data retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
If you make a membership enquiry that progresses to joining us, your initial enquiries will form a part of our membership records and will be kept for the duration of your membership.
If you are contacting us about an event that goes ahead, your information, and any communications, will be kept for seven years following the completion of the event.
If you contact us regarding an enquiry that does not go ahead, we will generally delete / destory all communications within one year.
In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.
In some circumstances you can ask us to delete your data, but we cannot always do this due to legal obligations.
Privacy Policy, last updated 29.4.2019
