Britannia Association Privacy Notice

  • The BA holds personal data provided by members via membership applications when there is a justifiable need to do so and removes data when no longer required.
  • The BA has robust security systems to protect data and information and will promptly inform anyone affected should any breach occur.
  • The BA does not sell any membership information lists.
  • The BA will not circulate personal information to any third parties without prior consent.
  • The BA does not share data with outside agencies including other RN organisations, service charities or commercial organisations.

THE DATA WE HOLD

We currently hold data which is pertinent to the GDPR in three main areas:

  1. Member data

    The BA holds details such as your name, address, contact number and email address, to maintain contact and ensure that you receive member services, including the annual Britannia Bulletin and electronic newsletters. We also hold service specific data regarding members training time at BRNC, specialisation and military rank, type and duration of individual membership.

    If you elected to pay your subscription via Direct Debit we also hold your bank details.

    Members joining using the online World Pay facility please refer to World Pay privacy policy.

    Any data you send over the internet is done so at your own risk – the internet is generally not completely secure, and we cannot guarantee the security of your data while it is in transit.

    Membership records are held in a secure ‘remote’ membership database, one which can only be accessed by authorised staff.

    Paper files are maintained in secure stowage.

    If your membership subscription lapses, we will hold your details for three years, in case you wish to rejoin and retain your old membership number.

  2. Transactional Data

    Details of any payments you make to the BA are held electronically and, in some cases, as hard copy. This includes records of membership fees paid and merchandise sales.

    Records of sales transactions are held for one year, in case we have to answer queries or offer refunds.

    All credit card details are immediately removed following any transaction.

  3. Employee information

    We hold details and working records for our members of staff. This is accessible only to the BA Director and Trustees on request.

    BA staff and Trustees adhere to codes of conduct relating to the fact that all correspondence and address details held remain confidential, and all emails issued should contain a standard confidentiality notice.

Privacy

All members, by completing their application have effectively agreed to the use, exclusively by the BA, of their name, postal, email addresses and telephone number, to ensure they receive updates and news, including the annual Britannia Bulletin.

We fulfil the terms of the GDPR in having a lawful basis for processing this data which is held on our database for the duration of memberships.

In the case of lapsed membership, the data is held for a further three years to allow lapsed members to easily rejoin maintaining their original membership number.

Deceased members’ records are removed on notification.

You will see new privacy notices on any form requiring member input. These confirm that ‘personal data submitted may be stored electronically but will only be used in relation to the application to which it relates. Statutory obligations excepting, personal data will not be passed on to third parties without permission.’

Individual’s Rights

  • The GDPR includes the following rights for individuals:
  • the right to be informed
  • the right of access
  • the right of rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • the right not to be subject to automated decision-making, including profiling.

We do not operate any data-profiling processes.

Upon request we’ll provide a member with the data that we hold on them – if requested, in electronic format. Individuals will have the right to have their personal data deleted where they believe it is being held without practical or lawful basis.

The BA has a nominated Data Protection Officer.

The BA Director will make any final decisions about the deletion or release of information.

We also acknowledge that individuals have a right to seek access to their information held on BA database.

Members accessible data lists are available through the secure, online login area.

We will comply with any such request within the new, statutory one-month period. However, we can refuse or charge for requests that are manifestly unfounded or excessive.

Breaches of data

BA systems, using remote off-site servers separated from direct member access, already fulfill the GDPR’s recommended ‘privacy by design’ approach. Should we become aware of any personal data breach, we will notify any member as rapidly as feasibly possible.