Old Etonian Association Privacy Policy
Last Updated – August 2023
- Our commitment to Privacy This privacy policy ('Privacy Policy') sets out how the Old Etonian Association (OEA) (‘we', ‘us' or 'our' being interpreted accordingly) uses and protects the personal information that we collect or that you provide, whether through our website OEA Online ('Website') or by other means.
- Changes to our Privacy Policy We may modify this Privacy Policy at any time so please check that you have seen the latest version. We will aim to post changes to this Privacy Policy on our Website as soon as possible prior to them being implemented.
- Personal Information The type of personal information we collect includes your name, email address, home (or work) address, phone number and other personal details which you may choose to provide or of which we may otherwise become aware, by virtue of it being publicly available through the press or reputable sources. Such personal information is referred to in this Privacy Policy as 'Personal Data.' We collect Personal Data from you in various ways, in particular:
- we receive leaver details (and you join the OEA as a life member) when you leave Eton College ('the School') or you otherwise agree to become a member in accordance with the OEA Constitution and Rules;
- you may supply Personal Data when using this Website;
- when you supply Personal Data in the course of registering for or attending an OEA event or responding to an OEA survey;
- when you sign-up to receive newsletters or email notifications from us;
- if you order any merchandise; and/or
- if you raise a question or communicate with us.
- Use of Personal Data Personal Data is used by us for the following purposes in accordance with your rights under applicable law:
- in connection with the administration, operation and management of the OEA;
- to help the OEA promote and pursue its stated aims and objects;
- to enable OEA to observe its Constitution and Rules (as may be amended from time to time);
- to keep you informed of OEA related news and upcoming events;
- providing you with access to the Website as well as administering or developing Website features or content;
- to allow you to participate in OEA surveys or research (and to enable us to process and act on the results of those surveys or research);
- to help us meet our legal obligations; and/or
- other purposes that you consent to from time to time.
- Our Legal Basis We collect and process your Personal Data in observance of applicable laws including, but not limited to, the United Kingdom General Data Protection Regulation; Data Protection Act 2018 and other UK data protection and privacy legislation that applies from time to time (together 'UK Data Protection Law'). The primary legal basis for processing your Personal Data as described in section 4 is the legitimate interests of the OEA and its membership, but we will always balance these interests against the privacy rights of our members. In some cases, we may need to process Personal Data to meet our legal obligations or in other cases for a specific purpose with your consent. Where the OEA is relying on your consent to process your personal data, you have the right to withdraw your consent at any time, but the withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
- Disclosing Personal Data to Third Parties We never sell, trade or rent OEA membership details. Furthermore, although we hold OEA membership contact lists, we prohibit members from exploiting any OEA membership list (in whole or part) for commercial purposes. We only disclose Personal Data to the School and other third parties in line with your reasonable expectations and where there is a legal basis for doing so under UK Data Protection Law. Any sharing of Personal Data with the School will be regulated under the terms of a data sharing agreement for specifically agreed, lawful purposes that correspond with OEA's stated aims and objects. Where legally required, we will also ensure we have appropriate contractual terms in place with any party with whom we share your Personal Data or that processes data on our behalf (such as data hosting or IT support providers) to keep it private and secure.
- No International Transfers Personal Data relating to our members will be processed by OEA staff, volunteers and contractors who are based in the United Kingdom. Personal Data will not be regularly transferred outside the UK or the European Union (EU), except that we may sometimes need to transfer member data to third countries outside the UK or EU to promote and operate our network of international communities in keeping with our aim of maintaining connections between Old Etonians around the world. Some third countries' data privacy laws may be different to UK Data Protection Law so, where we transfer Personal Data internationally, and if legally required, we will take steps to protect such Personal Data in line with UK Data Protection Law requirements.
- Your Data Rights In accordance with your legal rights under UK Data Protection Law, you can request to receive information regarding the Personal Data that we collect about you; what we use that Personal Data for; as well as other supplementary information. You can also object to us continuing to process your Personal Data and/or ask for it to be erased, if we have no legitimate reason for continuing to handle it or you can ask us to limit how we are using it in certain cases. You can also request that we correct inaccurate or incomplete Personal Data we hold about you. To do this, please write to our data protection manager at the email address in the ‘Contact’ section below. Under UK Data Protection Law, in some exceptional cases we may request a fee to cover our administrative expenses in responding to a request or refuse to comply with a request although will notify you and provide reasons for refusal in these circumstances. We may also require further information to verify your identity or locate the specific information you seek before we can respond in full (usually within one month).
- Security to Protect Personal Data We employ appropriate technical and organisational security measures to protect Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage. We also endeavour to take all reasonable steps to protect Personal Data from external threats. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and we cannot 100% guarantee the security of all data disclosed or transmitted to us.
- Data Retention The criteria we use to retain Personal Data are based on our specific needs, any record keeping obligations under applicable law and relevant UK Information Commissioner's Office guidance. We will retain certain Personal Data in respect of financial transactions for as long as the law requires us to for tax or accounting purposes (which in the UK may be up to 6 years after a particular transaction).
- Contact If you have further queries or requests relating to how we use Personal Data please contact us at OEA, Eton College, Windsor SL4 6DW (email: oea@etoncollege.org.uk) marking your communication 'For the attention of the OEA Data Protection Manager'. If, following our response, you are still not satisfied or believe we are processing your Personal Data in breach of the law, you can raise your concern or complaint with the UK Information Commissioner's Office. For more information on this, see https://ico.org.uk/concerns/.
- Governing Law This Privacy Policy is subject to English law. To the maximum extent legally permitted, any dispute relating to use of your Personal Data as referred to under this Privacy Policy is subject to the exclusive jurisdiction of the courts of England and Wales.