Privacy policy

We undertake to respect everyone’s privacy and use the personal information they provide only for the specific purpose we describe here.

We will not pass personal information on to a third party without express permission.

We comply with the Data Protection Act and – in particular – the data protection principles as well as the EU General Data Protection Regulation (GDPR).

We hold very little personal information – only that which is necessary to maintain a list of supporters and, optionally, email addresses of those that want to be kept up-to-date by us.

Data is held in a database that supports this web site. The database is stored with our Internet Service Provider (ISP): Opal Creations.

The GDPR requires us to declare why our processing of personal data is lawful. We claim a ‘legitimate interest’ defined as “Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

Guidance from the Information Commissioner’s Office is that “It is likely to be most appropriate where you use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing”.

We see the legitimate interests as being:

  • Our interest in administering the list of supporters and ensuring no duplicates
  • Supporters’ interest in being kept informed via occasional emails

We hold each supporter’s name and, if provided, their email address. We also hold a free text field that we optionally use to record the source of each supporter’s details.

We also hold a status flag that records where we are in the initial email validation process (we take steps to verify that email addresses given to us are genuine).

Supporters can change or remove their details:

  • Online via this page (a link is included at the bottom of all supporter emails)
  • Or by making a request via our contact page
In any case, we remove a supporter’s email address if we get multiple rejections from their mail provider.

Anyone can subscribe to an email feed that notifies them of new web site posts. We hold just the email address of each subscriber.

Subscribers can update or remove their email address:

  • Online via this page (a link is included at the bottom of all notification emails)
  • Or by making a request via our contact page

Only committee members (and not all of them) have access to supporter or subscriber data. A subset of the committee members have the capability to send supporter emails.

We do not retain any information from the ‘feedback’ or ‘ask a question’ forms. Instead, they generate emails to the relevant committee members.

We keep a number of backups of web site data:

  • We assume that our Internet Service Provider, keeps backup copies but we don’t rely on them.
  • We make a backup copy every day for storage on the web site. The backup file is encrypted with a strong key known only to two committee members.
  • We copy each day’s encrypted backup file to a PC held by a committee member where they are retained for at least 20 days.

Access to administer the site is restricted to committee members who log in with their personal username and password. Passwords are encrypted before they are stored in such a way that no-one, not even site administrators, can retrieve the password (we use a process known as one-way encryption).

Access to web site programming and site administration details is restricted to two of the committee members.