Old Etonian Association Privacy Policy/Notice
Last Updated – 7th June 2018
- Our commitment to Privacy This privacy policy ('Privacy Policy/Notice') sets out how the Old Etonian Association (OEA) (‘we', ‘us' or 'our' being interpreted accordingly) uses and protects the personal information about you that we collect or that you provide, whether through our website OEA Online ('Website') or by other means.
- Changes to our Privacy Policy/Notice We may modify this Privacy Policy/Notice at any time so please check that you have seen the latest version. We will aim to post changes to this Privacy Policy/Notice at least 30 days prior to them being implemented.
- Personal Information We collect personal information from you in various ways, for example:
- when you join the OEA as a life member;
- if you supply personal information when using the Website;
- when you supply personal details in the course of registering for an event;
- when you sign-up to receive newsletters or email notifications from us;
- if you order any merchandise; and/or
- if you raise a question or issue with us.
The type of personal information we collect includes your name, email address, home (or work) address, phone number and other personal details which you may choose to provide or of which we may otherwise become aware by virtue of it being publicly available through the press or reputable sources. Such personal information is referred to in this Privacy Policy/Notice as 'Personal Data.'
- Use of Personal Data Personal data is used by us for the following purposes in accordance with your rights under applicable law:
- to keep you informed of OEA related news and upcoming events;
- providing you with access to the Website as well as administering or developing Website features or content;
- where you have agreed to take part in a survey or research; and/or
- other purposes that you consent to from time to time.
- Legal Obligations We collect and process your Personal Data in observance of applicable laws that regulate data protection and privacy. This includes, but is not limited to, the EU General Data Protection Regulation (2016/679); the Data Protection Act 2018 and other UK privacy legislation. The legal basis that we primarily rely on for processing your Personal Data are our legitimate interests in being able to operate and manage the OEA, but we will always balance these against the legal rights and freedoms of our members. In some cases, we may need to process Personal Data to meet a particular legal obligation or for a specific purpose with your consent.
- Disclosing Personal Data to Third Parties We never sell, trade or rent, or otherwise disclose Personal Data. Furthermore, we strictly prohibit the use of any personal contact details of OEA members as set out in our published membership list for any commercial or other purpose, without OEA's written consent.
- No International Transfers Personal Data will be processed by staff, volunteers and contractors who are based at our offices in the UK and Personal Data will not be transferred outside the UK.
- Your Data Rights In accordance with your legal rights under applicable law, you can request to receive information regarding the Personal Data that we collect about you; what we use that Personal Data for, who it may be disclosed to and other related information. You can also object to us continuing to process your personal data and/or ask for it to be erased, if we have no legitimate reason for continuing to handle it or you can ask us to limit how we are using it in certain cases. You can also request that we correct inaccurate or incomplete Personal Data we hold. To do this, please write to our data protection manager at the email address in the ‘Contact’ section below.
Where applicable law allows, we may request a fee to cover our administrative expenses in responding to a request which is manifestly unreasonable or excessive. We may also require further information to verify your identity or locate the specific information you seek before we can respond in full (usually within one month).
- Security to Protect Personal Data We employ appropriate technical and organisational security measures to protect Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We also endeavour to take all reasonable steps to protect Personal Data from external threats. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data disclosed or transmitted to us.
- Data Retention The criteria we use to retain Personal Data are based on specific OEA needs, any record keeping obligations under applicable law and relevant UK Information Commissioner's Office guidance. We will retain certain Personal Data in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which in the UK may be up to 6 years after a particular transaction).
- Contact If you have further queries or requests relating to how we use Personal Data please contact our data protection manager at OEA, Eton College, Windsor SL4 6DW (email: oea@etoncollege.org.uk). If, following our response, you are still not satisfied or believe we are processing your Personal Data not in accordance with applicable law you can raise your concern or complaint with the UK Information Commissioner's Office – for more information on this, see https://ico.org.uk/concerns/
- Governing Law This Privacy Policy is subject to English law. To the maximum extent legally permitted, you agree that any dispute relating to use of your Personal Data as referred to under this Privacy Policy is subject to the exclusive jurisdiction of the courts of England and Wales.