This policy explains about what information we collect, how and why we collect it. It also explains the ways in which we use and disclose that information. We take your privacy extremely seriously, and we never sell personal information.

Definitions

When we say “we”, “us”, “our”, “NCOG” and “the group”, we are referring to North Cumbia Orchard Group, an independent association founded in 2010 to conserve, promote and celebrate orchards in North Cumbria. “Member” means a current member of NCOG. “Interested person” means a person about whom we hold information, other than a member (e.g. past members who wish to stay in contact; members of related organisations). “You” means a member or an interested person.

We organise a variety of events and provide resources for our members to use. We have an online presence via our website http://ncorchards.co.uk - “our Website”.

In addition to providing public information, our website has an online service (“My NCOG”) that members may use to manage their personal details, subscriptions, to book events and to report news. It also enables us to communicate with members.

How do we collect Personal Information?

“Personal Information” means any information that identifies or can be used to identify you, directly or indirectly, including, but not limited to, name, date of birth, address, phone numbers, email address, and other personal information.

We collect Personal Information:

• via our Website including, for example, when complete an application form, sign up for an event, or buy a membership subscription
• when you communicate with us

What type of information is collected?

Information you provide to us

When you ask to join NCOG or update your details, subscriptions or bookings, you are giving us Personal Information. The information is collected, used, disclosed and stored by us, as described in this Privacy Policy, to enable us to manage your membership of the group and to communicate with you.

Information we collect automatically

When you use browse our Website, we may collect information about your visit to the Website. That information may include your IP address, your operating system, your browser ID, your browsing activity. We may collect this information as a part of log files.

How is your information used?

We may use and disclose Personal Information only for the following purposes outlined in this policy.

We use the information to enable you to participate as a member (or to be kept informed as an interested person). This includes:

• providing you with information about the group’s activities
• communicating with Members in relation to their membership, orders, and payments, or in response to any communication received from a Member
• sharing information with third party payment providers to enable them to process payments by Members to us
• providing geographical information (see further notes below)
• protecting your and our rights and safety
• meeting legal requirements, including complying with court orders and other appropriate legal mechanisms
• responding to lawful requests by public authorities, including to meet national security or law enforcement requirements
• transferring your information in the case of the closure or merger of NCOG. In that event, any acquirer or merging association will be subject to our obligations under this Privacy Policy, including your rights to access and choice. We will notify you of the change either by sending you an email or posting a notice on our Website.

Geographical information

Information about the location of members is shown on our public website. However, no personal information is shown - just a map marker to show that an anonymous member exists at that location. For signed-in members, the membership name is viewable. Members may opt out of either or both disclosures at any time by altering the privacy settings in their membership record.

Children

We do not and will not knowingly collect information from any unsupervised child under the age of thirteen. If you are under the age of thirteen, you may not join NCOG or participate in its activities unless you have the consent of, and are supervised by, a parent or guardian.

Legal Grounds for processing your information

The legal grounds on which we rely to process your information are as follows.

Contract

Where we need the information to enable members to participate in the group’s activities, as a result of the contract that we have with members at any time.

Consent

Where interested persons have given clear consent for us to process their personal data in order to keep in contact with them.

Legal Obligation

Where we need to use your information to comply with a legal obligation.

Third Party Websites

Our Website may include links to other websites. If you submit Personal Information to any of those sites, your information is governed by their privacy policies. We encourage you to carefully read the privacy policy of any website you visit.

Third Parties

We may disclose Personal Information to our third party providers for the purposes described in this policy. We do not share any information with third parties for the purposes of advertising or promotion.

Payment Providers

Where you have chosen to use our Third Party Payment Provider (GoCardless), our Website will pass Personal Information to the payment provider for the purpose of enabling and managing payments. Information regarding GoCardless can be found in Appendix A. If you choose to use a Third Party Payment Provider’s services, you enter into an agreement directly with the Third Party Payment Provider. We are not a party to that agreement, and they are not Sub-processors for the purposes of this agreement. You authorise us to pass Personal Data, as prescribed in Appendix A, to the Third Party Payment Provider, for the purposes of enabling them to carry out the services that they provide to you. You are responsible for ensuring that your arrangement with the Third Party Payment Provider, and the service that they provide to you, is compliant with all applicable laws and regulations.

Hosting Provider

Our website is hosted by Clook (https://www.clook.net) , the business name of Sub 6 Limited, under a shared hosting agreement.

Third Party Contracts

When we do have to share Personal Information with third parties, we take steps to protect your information by requiring these third parties to enter into a contract with us that requires them to use the Personal Information we transfer to them in a manner that is consistent with this policy.

Cookies

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. We only use cookies to collect information about how visitors use our website. We use the information to compile reports and to help us improve the website. The cookies collect information in an anonymous form, including the number of visitors to the website and (approximately) where visitors have come to the website from and the pages they visited.

Security

Personal data is stored on our Website. This website is built on ProcessWire, a Content Management System / Content Management Framework. ProcessWire provides extensive security capabilities through a user/role/permission structure. This has been implemented so that no member can see member details outside of their membership group unless they have been allocated specific roles authorised by our management committee (such as Membership Secretary). If any member becomes aware of any flaw in this implementation, they should inform the data protection officer immediately.

Access and Passwords

Access by members to their records is via an email challenge system. A token is sent to the member’s email address. Only email addresses for members are accepted. Members should not forward the access token to any email address other than one to which they have exclusive access.

Members with additional administrative functions are provided with a user id and password – they should take all reasonable steps to ensure that these are kept secure (for example by using a reputable password management system). Minimum password standards are enforced.

Members using a shared computer should sign out after every session.

We are not responsible for the consequences of any breach if members have not complied with the rules above. Any member becoming aware of a security flaw or potential breach should contact the Data Protection Officer immediately (see details at end).

Non-web data

Some financial transaction data is stored on a standalone password-protected PC. Hard copy records are not generally accessible and are subject to reasonable security measures.

Location of Your Data

Any personal data that we collect about you, or your Members, will be stored by us or our hosting provider. If at any time, we or they decide to store the data outside of the European Economic Area, we will notify you of that decision before doing so, to give you an opportunity to remove your personal data should you wish to do so.

Cookies

Cookies are alphanumeric identifiers that we transfer to your computer through your Web browser to enable our systems to recognise your browser and to provide features such as remembering preferences and storing items in your shopping basket.

The Help menu on the menu bar of most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. To use some essential features, like “My NCOG”, you must accept "session cookies". These are automatically removed from your computer as soon as you close your Web browser. We may also use a single "permanent cookie" to store some of your preferences. If you wish, you can refuse to accept this cookie without any serious consequences to you’re the Website.

Always be sure to sign off when you finish using a shared computer, to protect your data.

Scope

This Privacy Policy is effective with respect to any data that we have collected, or collect, about and/or from you.

Changes

We may change this Privacy Policy from time to time. The most recent version of the Privacy Policy is reflected by the version date located at the bottom of this Privacy Policy. All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this Privacy Policy or other notice on the Website.

We encourage you to review this Privacy Policy from time to time, to stay informed of changes that may affect you, as your continued use of the Website signifies your continuing consent to be bound by this Privacy Policy. The version of this Privacy Policy that is published on this Website, is the version that applies at the time that you visited the Website.

Your rights

Set out below are our policies regarding your principal legal rights in your relationship with us.

RIGHT OF ACCESS

You have the right to obtain:

• confirmation that we are processing your data;

• access to your personal data; and

• other supplementary information.

Virtually all information we have about you may be obtained (and amended, where appropriate) by logging into “My NCOG” and is therefore available instantly and free of charge.

Any individual not able to access their data on “My NCOG” for good reason may request that it be provided (free of charge). This will be done without delay and at least within one calendar month of receiving the request.

RIGHT TO RECTIFICATION AND DATA QUALITY

You have the right to have personal data rectified if it is inaccurate or completed if it is incomplete. All standing personal data (i.e. other than transactions) can be modified by members logging into their account on WebCollect.

For transaction data, or when you are not able to access your data on “My NCOG” for good reason, you may make a request for rectification verbally or in writing. We will respond to a request without delay and at least within one month of receipt.

RIGHT TO ERASURE INCLUDING RETENTION AND DISPOSAL

You have the right to be forgotten and can request the erasure of personal data when it is no longer necessary for the purpose we originally collected/ processed it for – e.g. when you cease to be a member.

Our procedure is to ask lapsing or exiting members if they wish to stay on our database. If we receive no answer, we may retain details for a period in case there has been a communication problem.

In addition, individuals can make a request for erasure verbally or in writing. We will verify the identity of the person making the request, using “reasonable means” and will respond to a request without delay and at least within one month of receipt. Assuming the identity has been verified, we will not refuse a request for erasure. However, we cannot guarantee that they do not have records, for example at GoCardless, which are not under our control.

Questions & Concerns

If you have any questions or comments, or if you want to update, delete, or change any Personal Information we hold, or you have a concern about the way in which we have handled any privacy matter, please contact us by postal mail or email at:

FAO: NCOG Data Protection Officer

High Mosser Gate, Mosser, Cockermouth, Cumbria CA13 0SR

Date: May 1st 2019