Date: 10th December 2018  Time:8:11
 

 

Privacy Policy for the Cumbria Family History Society

At the Cumbria Family History Society your privacy is important to us. We operate to fundamental principles which are in accordance with the GDPR and any other relevant legislation:

-        We only collect personal information from you that is legitimately needed for us to fulfil our obligation to you as a member of the society or as a client of the society.

-        We store personal information for only as long as we have a reason to need it or are required to for legal reasons.

-        We aim to make it as simple as possible for you to determine what information we hold on you and how you can correct any errors

-        We aim for full transparency on how we gather, use, and share your personal information.

 

Below is the Cumbria Family History Society privacy policy, which incorporates and clarifies these principles.

 

Who We Are and What This Policy Covers

 

The Cumbria Family History Society, registered charity number.518393  (hereafter The Society)  has been formed to promote and encourage the public study of British family history, genealogy, heraldry and local history, with particular reference to Cumbria and to promote the preservation, security and accessibility of archival materials related to its aims.

 

The Council of the Society is the Data Controller under the terms of the General Data Protection Regulation. They may be contacted via their secretary using the email address secretary@cumbriafhs.com

 

This Privacy Policy applies to information that we collect about you when you become a member of or purchase goods from the society , sign up to any facilities on the society website or communicate with the society for any other reason.

 

Throughout this Privacy Policy we’ll refer to our website, mobile applications and other products and any services provided collectively as “Services.”

 

Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.

 

 

Privacy Policy Changes.

 

Although most changes are likely to be minor, the society may change its Privacy Policy from time to time. The society encourages visitors to frequently check this document for any changes to its Privacy Policy. If we make changes, we will notify you by revising the change log below, and, where possible, we may provide additional notice (such as adding a statement to our homepage or sending you a notification through e-mail or your Membership Account) though this is not guaranteed and failure to do so will not affect this policy and its validity. This policy is effective from 26th May 2018.

 

If you have any questions about this Privacy Policy, please contact the secretary of the society.

 

Purpose of the processing

 

We only collect information about you if we have a reason to do so, for example, to provide our Services, to communicate with you in relation to your membership,  to make our Services better or deal with your communication.

 

The lawful basis on which we process this information

 

We collect and process most information on the basis of legitimate interest. In limited cases we may process information based on consent, but where that is the case it will be clearly shown and you will have to positively state that you provide consent. In some cases we have a legal obligation to process and retain records.

The society consider that the use of information provided by users of the society facilities will have a reasonable expectation that the data provided will be processed in line with the provision or use of society facilities in ways they would reasonably expect.

The society have carried out a legitimate interests assessment and consider that the individual’s interests do not override these legitimate interests and that such processing is not intrusive and likely to cause them harm.

Any person has a right to object to the processing of their data, The society however believe there is compelling reason for the processing of basic data as they are unable to fulfil their responsibilities without that information being processed. Without the processing of data it is not possible for you to be a member of the society and in making application to join the society you recognise this requirement.

You do however have the right to object to direct marketing, if you wish to be removed from direct marketing distributions then you should inform the society of this by contacting their secretary. This will not affect the societies ability to send you communications on non-marketing matters in connection with your membership of the society.

 

Requesting access to your personal data

 

Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information, contact the secretary of the society this can be done via the contact page on the website.

 

You also have the right to:

-        object to processing of personal data that is likely to cause, or is causing, damage or distress

-        prevent processing for the purpose of direct marketing

-        object to decisions being taken by automated means

-        in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and

-        claim compensation for damages caused by a breach of the Data Protection regulations

 

If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance so that we can rectify the situation. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/

 

Information We Collect

 

We collect information in two ways: if and when you provide information to us and automatically through operating our Services

 

Information You Provide to Us

This information is normally provided when you apply for or renew membership, though it may also be requested when setting website preferences, making purchases or contacting us. Every attempt will be made to make it clear why we are collecting this information.

Typically we will collect the following information:

-        We collect information that you provide to us when applying to join or renewing your membership of the society. The amount and type of information depends on the context and how we use the information. Here are some examples:

-        Membership: We ask for basic information from you in order to set up your membership. For example, we require your name and address and email address. Other optional items can be provided if you wish, such as your preferences and interests.

-        Website facilities: If you wish to use any website facility such as being advised of new items we ask you to provide your name and email address.

-        Communications with Us : You may also provide us information when you respond to surveys, or communicate with our officials.

-        Purchases: We may collect information when you make purchases from the society, as well as your name and address and email address, this may include financial data such as your PayPal details.

 

Information We Collect Automatically

 

We also collect some information automatically:

-          Log Information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information.

-          Usage Information: We collect information about your usage of our Services. For example, we collect information about how many times you visit the website and which pages you visit, however this information does not contain any direct personal data and is processed using your IP number.

-          Location Information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions and possibly to alter the content presented based on your location.

-          Information from Cookies & Other Technologies: A cookie is a string of information that a website stores on a visitor’s computer, and that the visitor’s browser provides to the website each time the visitor returns. The society uses cookies to help identify and track visitors, usage, and access preferences for our Services. For more information about our use of cookies and other technologies for tracking, including how you can control the use of cookies, please see the section in this policy that covers cookies

Automatic processing

When you provide data to the Society, for example when joining, renewing membership or making purchases, or using any forms on the website you are responsible for ensuring you input your data correctly. We will use that data as supplied, for example automatic  confirmation e-mails may be sent that contain some of the data you have supplied, if you have incorrectly entered your e-mail it could be sent to a different person, we have no way of validating information provided and therefore have to use it as supplied.

 

 

How We Use Information

 

All the personal data we process is processed by our officers in the UK,  for the purposes of IT hosting and maintenance this information is located on servers within the United Kingdom. No 3rd parties have access to your personal data unless the law allows them to do so.

If however you access our services from outside the United Kingdom it is possible your data may be temporarily held on servers or other caching points that are outside the UK, we have no control over this.

We have a Data Policy in place to oversee the effective and secure processing of your personal data.

We use information about you as mentioned above and as follows:

-        To provide our Services – for example, to send you our Newsletter/Journal or to send you emails with the details you have requested;

-        To further develop our Services–for example by adding new features that we think our users will enjoy or will help them to use our facilities more efficiently;

-        We use your supplied interests to provide you with relevant material and to contact you about topics you may be interested in;

-          To monitor and analyse trends and better understand how users interact with our Services, which helps us improve our Services and make them easier to use;

-          To monitor and protect the security of our Services, detect and prevent fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of the society and others;

-          To communicate with you about offers and promotions offered by the society and others we think will be of interest to you, solicit your feedback, or keep you up to date on the society and our products;

-          To personalize your experience using our Services, provide content recommendations and serve relevant advertisements.

 

Sharing Information

 

How We Share Information

 

We do not sell our users’ private personal information to any other party and information is only disclosed to 3rd parties if it is necessary for us to fulfil our obligations or required by law.

We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy:

-          Society Officials, and Suppliers: We may disclose information about you to our Society Officials, and Suppliers that need to know the information in order to help us provide our Services or to process the information on our behalf. We require our Society Officials and Suppliers to follow this Privacy Policy for personal information that we share with them. Examples of this would be the supply of limited data to our publications distributors to enable them to send you that material, or HMRC if you have agreed to Gift Aid.

-          Third Party Vendors: We may share information about you with third party vendors who need to know information about you in order to provide their Services to us. This group includes vendors that help us provide our Services to you (like payment providers that process your credit and debit card information). We require vendors to agree to privacy commitments in order to share information with them.

-          Other third parties: We may share information with other third parties who need the information to enable us to process your membership, for example we will share your information in the process of setting up a standing order with your bank, or when advising your details to HMRC to claim gift aid. In all cases your will have a reasonable expectation that your data will need to be shared to achieve what you have requested or authorised.

-          As Required by Law: We may disclose information about you in response to a subpoena, court order, or other governmental request.

-          To Protect Rights and Property: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of the society third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.

-          Business Transfers: In connection with any merger, sale of the society assets, or transfer of all or a portion of the society to another charitable entity, or in the unlikely event that the society goes out of business or enters bankruptcy, user information could be one of the assets that is transferred or acquired by a third party. If any of these events were to happen, this Privacy Policy would continue to apply to your information and the party receiving your information may continue to use your information, but only consistent with this Privacy Policy.

-          With Your Consent: We may share and disclose information with your consent or at your direction. For example, we may share your information with third parties with which you authorize us to do so, such as the social media services, or we may publish limited personal details about new members in our Newsletter.

-          Aggregated and De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.

-          Published Support Requests: And if you send us a request (for example, via a request email or one of our feedback mechanisms), we reserve the right to publish that request in order to help us clarify or respond to your request or to help us support other users.

 

Information Shared Publicly

 

Information that you choose to make public. That means, of course, that information like your public profile, or  other content that you make public on our website or any other website associated with us but controlled by other entities such as Facebook or Twitter, and your 'likes' and comments on other websites that use our Services, are all available to others. Public information may also be indexed by search engines or used by third parties. Please keep all of this in mind when deciding what you would like to share.

This includes information such as family trees and other genealogical interests that you have asked us to publish. Although it may be published in a members only newsletter or journal, we have no control over circulation of that media and it will be available in libraries and therefore accessible by the general public.

 

Data Retention

 

We only retain your data as long as is necessary to serve our legitimate interests. There are categories which have different criteria for retention as detailed below:

1.        Members Data, we retain this data as long as you remain a member and if you cease to be a member then your data will be removed within 2 years of ceasing to be a member, except for cases that have legal or contractual requirements for a longer period. In most cases this will only refer to any documents/records that HMRC or the Charities Commission require us to retain for a period of 6 years.

2.        In the case of non-members, we retain data only as long as you wish us to, you can remove your data at any time by using the website facility or instruct us to do so by contacting the society secretary. If you remove your data it will be destroyed and it will not be possible to reclaim it or provide any record of it. The only exception is where you have instructed us not to contact you, in which case we have to keep a record that you do not want us to contact you.

3.        Where data is collected at conferences and seminars the data we collect and how we will use it and retain it will be detailed on the relevant application form. In the absence of any such detail the following general conditions will prevail.

a.        We will normally collect Name, email address and interests relevant to the event.

b.        This detail will be made available to other attendees to enable contacts to be made by those with similar interests.

c.        The details will be provided under the strict condition they are not divulged to any party not in attendance at the event.

d.        All details will be destroyed by the society within 6 months of the event unless there is an ongoing relationship with the attendee. However it must be noted that copies of this data will be with other members and it is possible for it to find its way into the public domain.

4.        E-Mails, it is probably that copies of emails will be retained on servers in various parts of the internet. We have no control over copies of emails that are kept outside our control. For emails that are under our control we retain them for a maximum period of 2 years from the date of sending unless it is necessary to keep a copy for contractual or legal reasons in which case they will be kept as long as essential for that reason.

Security

 

Whist no online service can be warranted 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so. To enhance the security of your account, we encourage you ensure you use adequate passwords and do not disclose them to anyone.

 

Where email is used as a means of communication it must be realised that email is not a secure form of communication and you supply personal data via email at your own risk. Therefore for changing personal data held by us you should where possible and available use the secure forms available on the website.

 

 

Choices

 

You have several choices available when it comes to information about you:

Limit the Information that You Provide: If you are a member, you can choose not to provide the optional information. Please keep in mind that if you do not provide this information, certain features of our Services may not be accessible.

-          Opt-Out of Electronic Communications: You may opt out of receiving promotional messages from us. Just follow the instructions in those messages. If you opt out of promotional messages, we may still send you other messages, such as those about your membership and legal notices.

-          Set Your Browser to Reject Cookies: At this time, society will try and  respond to “do not track” signals across all of our Services, see further details in the cookie section. However, you can usually choose to set your browser to remove or reject browser cookies before using the society websites, with the drawback that certain features of society websites may not function properly without the aid of cookies, typically you will not be able to log in or utilise any forms on the website. For further information about cookies and how they work visit www.aboutcookies.org  or www.allaboutcookies.org. For information on how to reject cookies please refer to the documentation for the browser you are using.

 

Other Things You Should Know

 

DO NOT TRACK

Do Not Track. This is a feature implemented in most browsers which can be turned on by the user, sometimes called ‘Private Browsing’, though it is normally turned off by default and therefore requires action to implement. If implemented a signal is sent to our servers requesting they do not track activity, if applied this would cancel all cookies and essentially prevent some parts of the website working.

Do Not Track requests will be honoured by the website to the extent possible with current technical systems. There are some items that cannot be turned off, for example the website has to track your IP address to be able to communicate with you and those requests are kept in a log file for a period of time. Although an IP address is considered personal information they can and are changed and given to different people from time to time, so an individual IP address will not exactly identify someone without access to other information, this information is not available to us and is in general kept by the body providing your connection to the internet. For this reason we are not able to correlate log records containing IP addresses with any particular person and therefore are unable to supply this data.

By exception, anyone who has been authorised an administrator of the website will be excluded from DO NOT TRACK as this is essential to them being able to access the administration area.

style='color:#1F497D'> 

COOKIES

The society makes limited use of cookies on their website, but does not use cookies for tracking or analysis. At the present time you must either allow or refuse all cookies, there is no selective choice.

Details of cookies used by the website are as follows:

 

Cookie Name

Purpose

Content

__CPCookieControl

To denote if you have explicitly accepted cookies or rejected them. This remains active for one year when you will be required to revalidate your status.

Contain YES or NO to indicate whether you have agreed to cookies or not. It does not contain any personally identifiable information. This is an essential cookie that has to be set to identify your preferences.

SMFCookie10

To identify if you have logged in as a member, this will remain active unless closed by the user or disabled by the Society due to non-renewal of membership.

Contains a random string of characters which is your current log in id, this is encrypted from your database user id number, password salt and time of log in this does not contain any personal data, plus the standard cookie data of creation and expiry date and last access date.

PHPSESSID

To identify you during your visit to the Forum and to record statistics for the Forum.

Contains a random string of characters which is your current id, this does not contain any personal data, plus the standard cookie data of creation and expiry date and last access date.

_cfduid

 

 

 

 

This is an essential cookie used by Cloudflare, it cannot be disabled or refused if you wish to use the website. It has the sole purpose of carrying out the transmission of a communication over an electronic communications network

Cloudflare is a content distribution network which improves access to the website by speeding up content loading. It contains only a random string  such as “d39c6087b053d9a211f71648775461f981519301939” to identify the PC for security purposes.

There is no way for us to prevent setting this cookie and if you do not wish it to be set you must do this in your browser settings. If you refuse this cookie the website will not function.

 

Transferring Information

 

Every effort is made to retain all data within UK, however the nature of Content Distribution and Cloud Backup and the very nature of the internet does mean that data could get retained on servers or other storage media outside the UK, this is especially true when accessing Services from outside the UK. We have no control over this. If you are in UK it is likely your data will never leave the UK, but if you access from any other country, including other EU countries it is possible your connection can be routed over a system that takes it outside the EU. However all connections to our website are handled over secure HTTPS links so any access is encrypted and cannot in general be seen by any third party.

 

Ads and Analytics Services Provided by Others

 

The society do not use advertising services provided by others, however some facilities on the society website may require the setting of cookies to function, for example the Google Re-Captcha verification used may set a cookie as part of the verification process and Cloudflare may set a cookie to enable content distribution services. This as far as we are aware is not traceable to you and does not contain any personal information.

Google Invisible reCAPTCHA is utilised on our website as a spam protection service, use of this Invisible reCAPTCHA is subject to the Google Privacy Policy and Terms of Use.

https://www.google.com/intl/en/policies/privacy/

https://www.google.com/intl/en/policies/terms/

 

Third Party Software

 

If you like to use third party software like browser plugins with our Services, please keep in mind that when you interact with them you may provide information about yourself to those third parties. We don’t own or control these third parties or the way in which you install and implement them and they have their own rules about collection, use and sharing of information. You should review their rules and policies when installing and using third party software.

 

Website Hosting

Hosting, development and maintenance of internet services is carried out on a voluntary basis by John Steel. Please refer to www.johnsteel.net/privacy for details of his privacy policy and terms and conditions.

Where the society operate a web presence on a third party platform, such as Facebook and Twitter, please refer to their website for details of their policies.

 

Links to other websites

 

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Change Log

 

1.        This is the original document issued on 15th May 2018

 


© Cumbria Family History Society. Registered Charity No.518393

Member of Fed F.H.S’s. N.W.Group of F.H.S’s & Assoc. of S.A.F.H.S.