Historical Association Privacy Notice

Published 2nd May 2018

Our privacy commitment

The Historical Association is committed to the protection of your privacy. We take your rights seriously and treat all the information you give us with care.

This privacy notice explains how and why we collect, store and use the personal data you give us, to ensure you stay informed and can be confident about providing us with your information.  In choosing to share your personal information with us, you will be agreeing to our collection and use of your information as described in this policy.  If you no longer want us to process your personal details you can ask us to stop at any time by contacting data@history.org.uk

We use the information you share with us to:

  • Make sure you receive the service, product or information you have requested or bought
  • Carry out reasonable administration of your membership, bookings, volunteering, donations and other services
  • Keep in touch with you in the way that you want us to
  • Better understand our users and members so that we can personalise and improve the services we offer

For details of how we do this please see the full policy below.

We’ll keep this page updated to show you all the things we do with your personal data. This policy applies if you’re a supporter of the association (whether that be a member, e-subscriber, volunteer, donor or employee) or use any of our services, visit our website, email, call or write to us.

We’ll amend this privacy policy from time to time to ensure it remains up to date and reflects how and why we use your personal data and any new legal requirements. The current version will always be posted on our website. 

This policy was last updated on 12/04/2018. 

Who are ‘we’?

In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, it refers to the Historical Association.  We are an independent charitable organisation (Registered Charity number 1120261) incorporated by Royal Charter with the aim to support the teaching, learning and enjoyment of history at all levels. 

As a data controller we will only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (from 25 May 2018)/UK Data Protection Act and Privacy and Electronic Communication Regulations.  We are recorded on the ICO Data Protection Register under registration number Z6175134. Our address is:

Historical Association
59a Kennington Park Road
London
SE11 4JH

If you have any questions concerning your personal data please send these to data@history.org.uk or by post to the above address.

We promise:

  • To be fair and transparent about why we need to collect your personal information and what we are going to use the data for
  • To only collect the information we need to ensure we deliver the best service
  • To never sell your personal information, and only share it with organisations we work with when it’s necessary and the privacy and security of your data is assured
  • To make sure that any suppliers or partners who carry out work on our behalf meet the same high standards that we adhere to when handling your personal information
  • To make it simple for you to ask to see what information we hold about you, request changes to the data, or instruct us to delete it
  • To make it simple for you to tell us how you would like us to stay in touch
  • To take good care of your personal information, and make sure it is up to date, safe and secure at all times 

What personal data do we collect and how?

Your personal data (any information which can be identified as relating to you personally, for example your name or email address) will be collected and used by us in order to deliver and improve our services.  We’ll only collect the personal data that we need in each instance. 

We collect personal data in connection with specific activities such as registering for membership, subscribing to e-newsletters, placing an order, registering for an event, branch associate membership, entering competitions, making donations, volunteering, conducting research, employment, participation in Teacher Fellowship programmes and Quality Mark, registering for the Speaker’s List, special project work etc. 

Personal data provided by you


You can choose to give us your personal data by filling in forms on our website and events microsites, by providing your data at events or through local branches, by completing surveys, by corresponding with us by phone, email, or by joining as a member/user/supporter. 

The personal data you give to us when interacting with us (for example when joining or registering) may include:

  • Name, title and postal address
  • Email address and telephone numbers
  • Date of birth
  • Job title
  • Payment information such as credit/debit card or bank details
  • How you would like to hear from us
  • Details of purchases, membership, Gift Aid Declarations, and donations
  • Enquiries and feedback
  • Personal descriptions
  • Profile photographs
  • Details of your employer
  • Your place of study
  • Social media profiles
  • Your opinion about and experiences with the HA
  • Your activities and interests

We also use tools such as Google Analytics to better understand how you interact with us online.  This helps us to understand which areas of our website are most useful to our users and make improvements accordingly.  Much of the information we access through Google Analytics is anonymous and aggregated, and does not necessarily tell us who you are and where you live unless you choose to provide us with that information. Please see our Cookies policy for further information.

Data created by your involvement with us


We conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by analysing your interests and involvement with our work we may be able to build a profile which helps us decide which of our communications are likely to interest you.  For further information please see the section on ‘rights related to automated decision making and profiling’ below.  You can ask for this to stop happening at any time by emailing data@history.org.uk

Information from third parties


We buy anonymous external data (e.g. censation data provided by AFD) and combine it with the personal data of our members at an aggregated level to build profiles which help us work out what you’re most likely to want to hear from us about and how.  For further information please see the section on ‘rights related to automated decision making and profiling’ below.  You can ask for this to stop happening at any time by emailing data@history.org.uk

Sensitive personal data


For some of our research we may ask you to provide sensitive personal data e.g. ethnicity. You don’t have to provide this data and we also provide a ‘prefer not to say’ option.  We only use this information at an aggregate level for reporting e.g. equal opportunities monitoring.  

How do we use your personal data?

We’ll only ever use your personal data on appropriate lawful grounds as permitted by the EU General Data Protection Regulations (effective from 25 May 2018)/UK Data Protection Act and Privacy of Electronic Communication Regulations.

Personal data provided to us will be used for the purposes outlined in a fair processing notice at the time of collection or registration, in accordance with any preferences you express.

Your personal data may be collected and used to help us deliver our charitable activities, or complete your order or deliver a service you have requested. Below are the main uses of your data which depend on the nature of our relationship with you and how you interact with our various services and activities. 

Marketing Communications

Receiving marketing information from the Historical Association will always be your choice, and you can select what kind of information you would like to receive from us and how.  You can also change your mind at any time, and we will keep your preferences up to date.

If you consent to hear from us we may send you information based on what is most relevant to you or things you’ve told us you like.  This might be about membership, events, special projects, training and development, competitions or surveys.  We will never share your information with companies outside the Historical Association for inclusion in their marketing.

We will only send marketing communications by email if you have told us you would like to hear from us this way, or to let you know about services you have previously bought. Every email will include a link for you to unsubscribe if you wish to stop this. You can also manage your email communication preferences by logging into your account at www.history.org.uk and visiting ‘My HA’ and ‘My Account Details’, or by emailing us on data@history.org.uk

Personal data provided to us may also be profiled to help us with targeting our advertising.  For example, your membership data may be used to ensure we don’t market to you about joining the association.

We may sometimes use third parties to capture marketing data on our behalf, but only where we are confident that they will handle your data securely, in accordance with our Data Processor Agreement terms and in line with the requirements set out in the GDPR.

There are also some communications that we need to send. These are essential to fulfil our promises to you as a member, volunteer, or buyer of goods or services from the Historical Association. Examples include:

  • Transaction messaging, such as Direct Debit schedules, order confirmations and purchase confirmations
  • Membership-related communications such as renewal reminders, HA journals and HA News magazine

Membership

We use the personal data you provide as a member to service your membership, and fulfil your membership contract with us.  This includes sending renewal reminders and confirmations by mail and email, sending subscription journals, HA News magazine, information on how to use your membership, email newsletters and information about our AGM.  Where applicable your information will also be used to let you know about branch events that you can attend as part of your membership. 

Your data may be shared with Suppliers or contractors who carry out services on our behalf, such as journal mailings.  We send you information about membership renewal for a period of up to twelve months after you have lapsed unless you request otherwise. 

If you buy membership as a gift your details will be recorded and your association with that relationship will be recorded.  If you interact or have a conversation with us, we’ll also note anything relevant and store this securely on our systems to ensure we can provide you with the smoothest service possible. 

Donation and Legacy Pledges

If you make a donation, we’ll use any personal information you give us to record the nature and amount of your gift, claim gift aid where you’ve told us you’re eligible, to thank you for your support, and let you know how your contribution has helped us.

Where we have your permission, we may invite you to support the future of the HA by making a donation or leaving a gift in your will. If you’ve told us that you’re planning to, or thinking about, leaving us a gift in your will, we’ll use the information you give us to keep a record of this – including the purpose of your gift, if you let us know this. 

If we have a conversation or interaction with you (or with someone who contacts us in relation to your will, for example your solicitor), we’ll note these interactions, as this helps to ensure your gift is directed as you wanted.

Volunteering

We need to use personal data to manage your volunteering. This could include: contacting you about a role you’ve taken on or we think you might be interested in, expense claims you’ve made, and to recognise your contribution. It could also include information about your volunteering, including asking for your opinions on your volunteering experience. 

Event and Shop purchases

We process purchaser data in order to fulfil event bookings and shop purchases. Your data will be used to communicate with you throughout the process, including to confirm we’ve received your order and payment, send delegate and resource information for events, or to resolve issues that might arise with your order or booking.  We may also hold information such as dietary requirements for events.  When you make an event or shop purchase, we may also ask to contact you about future events or products that may be of interest to you.  This is your choice and you can opt out of these communications at any time. 

On occasion we may use an outside supplier to take event bookings on our behalf, but only where we are confident that they will handle your data securely, in accordance with our Data Processor Agreement terms and in line with the requirements set out in the GDPR.

Employment

If you have applied to work for the Historical Association, your personal information will only be processed for the purposes of recruitment, including processing your application.

In order to comply with our contractual, statutory, and management obligations, we process personal data, sometimes including ‘sensitive’ personal data, from job applicants and employees.  

Contractual responsibilities:  Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.

Statutory responsibilities:  Our statutory responsibilities are those imposed through law on the organisation as an employer. The data processed to meet statutory responsibilities includes, but is not limited to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring.

Management responsibilities:  Our management responsibilities are those necessary for the organisational functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number. 

Who will have access to my information?

Your information will be only be accessible to our staff, selected volunteers and contractors if they are trained and it is appropriate in order for them to carry out their role in line with this Privacy Policy.  We will always have control of what they see, how long they see it for, and what they are allowed to do with it. 

We will never sell your personal information, or let other organisations use it for their own purposes.

Personal data collected and processed by us may be shared with the following groups where necessary:

  • Historical Association employees, trustees, committee members and volunteers
  • Suppliers or contractors who carry out services on our behalf, such as order fulfilment, conference booking, sending mailings or carrying out research.
  • Third party cloud hosting and IT providers who host the website and provide IT support in respect of the website.

We only work with trusted suppliers who have agreed to the terms of our Data Processor Agreement to treat your information as respectfully as we do and in accordance with the EU General Data Protection Regulations (from 25 May 2018).

We may also disclose your personal information to third parties if we are duty-bound to share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use or Cookies policy and other agreements; or to protect the rights, property, or safety of the Historical Association and our members or supporters. This includes exchanging information with other companies and organisations for the purposes of fraud protection.

Our website may contain links to other websites that are outside our control and are not covered by this Privacy Policy.  If you access other sites using the links provided, the operators of these sites may collect information from you that will be used by them in accordance with their privacy policy, which may differ from ours. 

How do we keep your information secure?

The safety and security of your information is paramount to us. We use encryption for the transfer of data and our networks are regularly monitored to ensure they remain secure.

We operate a robust and thorough process for assessing, managing and protecting new and existing systems to ensure that they are up to date and in line with latest technological and legal developments.  We do this through a process called ‘data protection by design and default’ and where necessary, data protection impact assessments which analyse and mitigate any risks presented by processing personal data.

We have in place technical controls such as those specified by established framework systems like Cyber Essentials, and have a robust backup process in the event of any incidents. 

Our staff are required to complete mandatory information security and data protection training and the point of employment and regularly thereafter to reinforce responsibilities and requirements related to our information security policy. 

We also ensure that any other organisations we work with who carry out services on our behalf use appropriate technical and organisation measures. 

If you have a password to access to certain parts of our website, you must keep that password safe and not share it with anyone or your personal information could be at risk.

Storage of information

Historical Association operations are based in the UK and we store most of our data within the European Union (EU).   Some of our systems are provided by US companies and whilst it is our policy that we prefer data hosting and processing to remain on EU-based solutions, it may be that using their products results in data transfer to the USA.  However, we only allow this when we certain that the data will be adequately protected and appropriate safeguards are in place (e.g. with the assurances of EU-US Privacy Shield Framework Certification).  

Payment card Security

The Historical Association has an active PCI-DSS compliance programme in place. This is the international standard for safe card payment processes. As part of our compliance to this stringent standard, we ensure that our IT systems do not directly collect or store payment card information. 

How long will we keep your information?

We will only use and store your information for as long as it is required for the purposes it was collected for.  How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.  Typically this is three years since your last interaction with us unless we are required to hold it longer for legal or taxation reasons.  If we dispose of your information it will always be done safely and securely.

Understanding your rights

You have a number of rights in relation to how we use your data:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling

1. The right to be informed

We promise to use your data in a fair and transparent way.    

We will always inform you about the collection and use of your personal data, including the purposes of processing, how long we keep your data, and who it will be shared with.  We always provide this information at the point of data collection, or within one month if the data is obtained from other sources. 

We use a combination of methods to supply this information, of which this privacy notice is just one.  We endeavour to provide the information in a concise, transparent, intelligible and easy to understand format, and regularly review and update our privacy information, informing you of changes where necessary. 

2. The right of access

You have the right to a copy of the information we hold about you and supplementary information. This is called a ‘subject access request’ and allows you to be aware of what data we process about you and under what legal basis.

To request this information this you will need to complete a Subject Access Request Form (PDF, 0.3MB) which can be emailed to data@history.org.uk or posted to:

Subject Access Requests
Historical Association
59a Kennington Park Road
London
SE11 4JH

What do I need to provide?

You will be asked to provide the following details:

  • The personal information you want to access;
  • Where it is likely to be held;
  • The date range of the information you wish to access

We will also need you to provide proof of identity in the form of a current driver’s license, current passport, or birth certificate. If we hold personal information about you, we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.

If you are unable to submit the request yourself then someone else can place the request on your behalf.  If you are making a request on behalf of someone else, please include proof of identity for yourself and the data subject. We also need a letter from the data subject authorising the request on their behalf.

Is there a charge?

This request is free of charge; however, we maintain the right to charge a reasonable fee when a request is manifestly unfounded or excessive, particularly if it is repetitive.  This fee is based on the administrative cost of providing the information.   In the case of excessive repetitive requests we have the right to refuse to respond.

When can I expect to receive a response?

Once we have all the information necessary to respond to your request we will provide the information within one month of receipt.  This timeframe may be extended by up to two months if your request is particularly complex, in which case you will be notified within one month of receipt.  If we have to write to you requesting further information the 'clock' stops until all the necessary documentation has been provided.

3. The right to rectification

You can correct any inaccurate information we hold about you at any time, or complete it if it is incomplete. If you would like to correct the data we hold you can do this verbally or in writing.  To ensure that this request is dealt with in the most efficient way we recommend you call us on 0300 100 0223 or by emailing data@history.org.uk.  If you have made a manual request we will update your information as soon as possible and within one calendar month. 
 
If you have an online account with us you can also update much of your personal information immediately by logging in to www.history.org.uk and visiting ‘My HA’ and ‘My Account Details’.

We will also do our best to keep your information up to date, for example by monitoring returned mail to let us know if you no longer live at the address we hold for you.  Please let us know if your details have changed by emailing data@history.org.uk. Where we are made aware that the information we hold about you is out of date we will endeavour to rectify this as soon as possible and within one calendar month where possible.

4. The right to erasure

5. The right to restrict processing

You can request to have your personal data erased at any time, or ask us to limit the way we process your data.  You can do this verbally or in writing, however to ensure that this request is dealt with in the most efficient way we recommend you call us on 0300 100 0223 or by emailing data@history.org.uk

Where we are able to comply with the request, we will remove your information as soon as possible and within one calendar month. 

6. The right to data portability

This allows you to obtain and reuse the personal data we hold about you for your own purposes across different services.  Where we are able to comply with the request, we will provide the data we hold about you in a readable CSV format free of charge within one calendar month.  This timeframe may be extended by up to two months if your request is particularly complex, in which case you will be notified within one month of receipt. 
To request your data for portability purposes please email data@history.org.uk

7. The right to object

As highlighted in other sections of this Privacy Notice, you can object to the processing of your data at any time and free of charge.  You can do this by emailing data@history.org.uk or by calling 0300 100 0223 (lines open 9.30am-5.30pm Monday to Friday), or by post:

Data Protection
Historical Association
59a Kennington Park Road
London
SE11 4JH

8. Rights related to automated decision making and profiling

In addition to respecting your communication preferences, we know it is important to our members and supporters to use our resources in a responsible and cost effective way.  For this reason we occasionally use automated profiling and targeting to help us better understand our members and make sure that:

  • Our communications and services are relevant, personalised and interesting to you
  • We only ask for further support and help from you if it is appropriate
  • We use our resources responsibly and keep our costs down

To do this we will occasionally analyse how you interact with us and use both geographic and demographic information to let you know what is happening in your local area and understand your interests.  

We may also gather additional information about you from external sources, for example publicly available information regarding your wealth, lifestyle or life-stage.  We may use this information to assess your capacity to support us and invite you to do so.  This processing takes place on the basis of legitimate interests, and will not be used for any other purposes than outlined above, however if you would prefer that this did not happen simply let us know by emailing data@history.org.uk

How to get in touch

If you need help or have any questions about this policy and your rights in regarding the processing of your personal information please contact:

Data Protection
Historical Association
59a Kennington Park Road
London
SE11 4JH

You can also email us on data@history.org.uk or by calling 0300 100 0223 (lines open 9.30am-5.30pm Monday to Friday).

What to do if you’re not happy

In the first instance, please talk to us directly so we can resolve any problem or query.
You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection, or if you would like to make a complaint. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.

For broader advice and guidance please contact the data protection regulator:

The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Telephone: 01625-545700
Fax: 01625 524510

Attached files: