This policy explains about what information we collect, how and why we collect it. It also explains the ways in which we use and disclose that information. We take your privacy extremely seriously, and we never sell personal information.
When we say “we”, “us”, “our”, “NCOG” and “the group”, we are referring to North Cumbia Orchard Group, an independent association founded in 2010 to conserve, promote and celebrate orchards in North Cumbria. “Member” means a current member of NCOG. “Interested person” means a person about whom we hold information, other than a member (e.g. past members who wish to stay in contact; members of related organisations). “You” means a member or an interested person.
We organise a variety of events and provide resources for our members to use. We have an online presence via our website http://ncorchards.co.uk - “our Website”.
In addition to providing public information, our website has an online service (“My NCOG”) that members may use to manage their personal details, subscriptions, to book events and to report news. It also enables us to communicate with members.
How do we collect Personal Information?
“Personal Information” means any information that identifies or can be used to identify you, directly or indirectly, including, but not limited to, name, date of birth, address, phone numbers, email address, and other personal information.
We collect Personal Information:
- via our Website including, for example, when complete an application form, sign up for an event, or buy a membership subscription
- when you communicate with us
What type of information is collected?
Information you provide to us
Information we collect automatically
When you use browse our Website, we may collect information about your visit to the Website. That information may include your IP address, your operating system, your browser ID, your browsing activity. We may collect this information as a part of log files.
How is your information used?
We may use and disclose Personal Information only for the following purposes outlined in this policy.
We use the information to enable you to participate as a member (or to be kept informed as an interested person). This includes:
- providing you with information about the group’s activities
- communicating with Members in relation to their membership, orders, and payments, or in response to any communication received from a Member
- sharing information with third party payment providers to enable them to process payments by Members to us
- providing geographical information (see further notes below)
- protecting your and our rights and safety
- meeting legal requirements, including complying with court orders and other appropriate legal mechanisms
- responding to lawful requests by public authorities, including to meet national security or law enforcement requirements
Information about the location of members is shown on our public website. However, no personal information is shown - just a map marker to show that an anonymous member exists at that location. For signed-in members, the membership name is viewable. Members may opt out of either or both disclosures at any time by altering the privacy settings in their membership record.
We do not and will not knowingly collect information from any unsupervised child under the age of thirteen. If you are under the age of thirteen, you may not join NCOG or participate in its activities unless you have the consent of, and are supervised by, a parent or guardian.
Legal Grounds for processing your information
The legal grounds on which we rely to process your information are as follows.
Where we need the information to enable members to participate in the group’s activities, as a result of the contract that we have with members at any time.
Where interested persons have given clear consent for us to process their personal data in order to keep in contact with them.
Where we need to use your information to comply with a legal obligation.
Third Party Websites
We may disclose Personal Information to our third party providers for the purposes described in this policy. We do not share any information with third parties for the purposes of advertising or promotion.
Where you have chosen to use our Third Party Payment Provider (GoCardless), our Website will pass Personal Information to the payment provider for the purpose of enabling and managing payments. Information regarding GoCardless can be found in Appendix A. If you choose to use a Third Party Payment Provider’s services, you enter into an agreement directly with the Third Party Payment Provider. We are not a party to that agreement, and they are not Sub-processors for the purposes of this agreement. You authorise us to pass Personal Data, as prescribed in Appendix A, to the Third Party Payment Provider, for the purposes of enabling them to carry out the services that they provide to you. You are responsible for ensuring that your arrangement with the Third Party Payment Provider, and the service that they provide to you, is compliant with all applicable laws and regulations.
Our website is hosted by Clook (https://www.clook.net) , the business name of Sub 6 Limited, under a shared hosting agreement.
Third Party Contracts
When we do have to share Personal Information with third parties, we take steps to protect your information by requiring these third parties to enter into a contract with us that requires them to use the Personal Information we transfer to them in a manner that is consistent with this policy.
Personal data is stored on our Website. This website is built on ProcessWire, a Content Management System / Content Management Framework. ProcessWire provides extensive security capabilities through a user/role/permission structure. This has been implemented so that no member can see member details outside of their membership group unless they have been allocated specific roles authorised by our management committee (such as Membership Secretary). If any member becomes aware of any flaw in this implementation, they should inform the data protection officer immediately.
Access and Passwords
Access by members to their records is via an email challenge system. A token is sent to the member’s email address. Only email addresses for members are accepted. Members should not forward the access token to any email address other than one to which they have exclusive access.
Members with additional administrative functions are provided with a user id and password – they should take all reasonable steps to ensure that these are kept secure (for example by using a reputable password management system). Minimum password standards are enforced.
Members using a shared computer should sign out after every session.
We are not responsible for the consequences of any breach if members have not complied with the rules above. Any member becoming aware of a security flaw or potential breach should contact the Data Protection Officer immediately (see details at end).
Some financial transaction data is stored on a standalone password-protected PC. Hard copy records are not generally accessible and are subject to reasonable security measures.
Location of Your Data
Any personal data that we collect about you, or your Members, will be stored by us or our hosting provider. If at any time, we or they decide to store the data outside of the European Economic Area, we will notify you of that decision before doing so, to give you an opportunity to remove your personal data should you wish to do so.
Cookies are alphanumeric identifiers that we transfer to your computer through your Web browser to enable our systems to recognise your browser and to provide features such as remembering preferences and storing items in your shopping basket.
The Help menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. To use some essential features, like “My NCOG”, you must accept "session cookies". These are automatically removed from your computer as soon as you close your Web browser. We may also use a single "permanent cookie" to store some of your preferences. If you wish, you can refuse to accept this cookie without any serious consequences to you’re the Website.
Always be sure to sign off when you finish using a shared computer, to protect your data.
Set out below are our policies regarding your principal legal rights in your relationship with us.
RIGHT OF ACCESS
You have the right to obtain:
• confirmation that we are processing your data;
• access to your personal data; and
• other supplementary information.
Virtually all information we have about you may be obtained (and amended, where appropriate) by logging into “My NCOG” and is therefore available instantly and free of charge.
Any individual not able to access their data on “My NCOG” for good reason may request that it be provided (free of charge). This will be done without delay and at least within one calendar month of receiving the request.
RIGHT TO RECTIFICATION AND DATA QUALITY
You have the right to have personal data rectified if it is inaccurate or completed if it is incomplete. All standing personal data (i.e. other than transactions) can be modified by members logging into their account on WebCollect.
For transaction data, or when you are not able to access your data on “My NCOG” for good reason, you may make a request for rectification verbally or in writing. We will respond to a request without delay and at least within one month of receipt.
RIGHT TO ERASURE INCLUDING RETENTION AND DISPOSAL
You have the right to be forgotten and can request the erasure of personal data when it is no longer necessary for the purpose we originally collected/ processed it for – e.g. when you cease to be a member.
Our procedure is to ask lapsing or exiting members if they wish to stay on our database. If we receive no answer, we may retain details for a period in case there has been a communication problem.
In addition, individuals can make a request for erasure verbally or in writing. We will verify the identity of the person making the request, using “reasonable means” and will respond to a request without delay and at least within one month of receipt. Assuming the identity has been verified, we will not refuse a request for erasure. However, we cannot guarantee that they do not have records, for example at GoCardless, which are not under our control.
Questions & Concerns
If you have any questions or comments, or if you want to update, delete, or change any Personal Information we hold, or you have a concern about the way in which we have handled any privacy matter, please contact us by postal mail or email at:
FAO: NCOG Data Protection Officer
High Mosser Gate, Mosser, Cockermouth, Cumbria CA13 0SR
Date: May 1st 2019