The Royal Air Forces Association (“we”) promises to respect the confidentiality of any personal data you share with us, or that we get from other organisations, to keep it safe, and we will always take every effort to protect your privacy.
We pride ourselves on our honesty and openness and will always be clear how, when and why we collect and process your information; we promise will never do anything with your details that you wouldn’t reasonably expect.
Developing a better understanding of our members and supporters is crucial, and your personal data allows us make better decisions, fundraise more efficiently and, ultimately, helps us to reach our goal of providing friendship, help and support to the RAF family.
We are moving to an ‘opt-in only’ communication policy. This means that we will only send marketing communications to those that have explicitly stated that they are happy for us to do so via their preferred channels, be that by email, SMS, phone or post.
Our marketing communications include information about our welfare work and how you can help support it through your membership, volunteering, or fundraising. If you would like to receive such communications but have not opted in, please contact us on 0800 018 2361 or email@example.com.
The only way we can deliver our welfare support is to fundraise and you giving us permission to send you details of our fundraising activities is crucial to our long-term survival.
We collect information in the following ways:
When you give it to us DIRECTLY
There are many ways you may give us your information. For example, when you join as a member, begin volunteering, make a donation, purchase our products or communicate with us. Sometimes your information is collected by an organisation working for us (e.g. a professional fundraising agency), but we are responsible for your data at all times.
When you give it to us INDIRECTLY
When you give permission to OTHER ORGANISATIONS to share or it is available publicly
To improve our communications and services, we may carry out data profiling and add data from other parties to your record – you can opt out of this at any time by contacting us.
The information we get from other organisations may depend on your privacy settings or the responses you give, so you should regularly check them. This information comes from the following sources:
Third party organisations
You may have provided permission for a company or other organisation to share your data with third parties, including charities. This could be when you buy a product or service, register for an online competition or sign up with a comparison site.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp, LinkedIn or Twitter, you might give us permission to access information from those accounts or services.
Information available publicly
This may include information found in places such as Companies House and information that has been published in articles/ newspapers.
When we collect it as you use our WEBSITES OR APPS
In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
The type and quantity of information we collect and how we use it depends on why you are providing it.
We use Google Analytics to analyse the use of our websites by generating statistical and other information.
Details captured during your visit to our websites will include, but are not limited to, traffic data, location data, weblogs and other communication data and the resources you access. However, all data collected is anonymous and will not identify you as an individual.
To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout.
What personal information we collect and how we use it
How much personal information we need to hold depends on our relationship with you. For example, if you are donating to us we will need to hold far fewer details on you than if you are asking us to assist you with a welfare issue, where we will need to know more about your personal circumstances.
Regardless, we will only ever capture the minimum amount of information that we need to and we promise to keep your information secure and only share with parties who need to know.
Members and Supporters
If you’re a member or if you support us, for example you make a donation, volunteer, register to fundraise, sign up for an event or buy something from our shop, we will usually collect:
- Your name
- Your contact details
- Your date of birth
- Your bank or credit card details
- Details of the enquiry, service or product
- What action we have taken, and if we have passed this to anyone else, their details
- Your marketing preferences
Where it is appropriate, we may also ask for additional information; we will mainly use your data to:
- Provide you with the services, products or information you asked for
- Administer your membership, volunteering activity or donation
- Process any welfare requests including signposting you to, and in some cases, and with your permission, sharing your details with other third-parties, agencies and authorities
- Support your fundraising, including processing Gift Aid
- Keep a record of your relationship with us
- Ensure we know how you prefer to be contacted
- Understand how we can improve our services, products or information
To support you in some of the above tasks, for example to assist with a housing enquiry, or seeking access to medical services or counselling, we will need additional ‘sensitive’ information from you. This may come directly from you, or from a third party on your behalf, for example from a family member, or GP.
We will normally only hold, use and share this information with your explicit permission, although there may be reasons when we are required to do so by law, or to protect your vital interests. In that case we may process your information without your knowledge or consent – this would be very, very rare, but possible.
Employees & volunteers
We will collect all personal information required to comply with employment legislation, including where necessary sensitive information. This may include medical information and where additionally appropriate we will perform a criminal record search. To prevent discrimination and to ensure diversity, we shall request information from the employee or volunteer on religion, sexuality and ethnicity.
rafaYOUTH – Under 18’s data
We collect and manage information from under 18’s, and aim to manage this in a way which is appropriate to the age of the young person. Information is usually collected when under 18’s join rafaYOUTH or fundraise for us. But it can also be personal data of a sensitive nature of minors who have benefitted from our welfare support. We need to keep this information for legal reasons.
Where possible and appropriate, we will seek consent from a parent or guardian before collecting information about minors.
In order to prevent and detect crime, and to ensure the safety of our members and staff, we operate CCTV systems at our various locations. These cameras record footage in real-time and are operated and controlled by our own staff.
Recording Telephone Calls
|We use a voice-telephony recording system to record calls to our contact centre and other telephone lines (excluding those where payments are made). The system is used for the following purposes:|
• to provide clarification and confirmation of information given or received
• to enable quality monitoring of contact centre staff
• for staff training
Callers will be informed that their calls are being recorded for these purposes by a pre-recorded opening greeting message when they call the contact centre.
Data recorded by the telephone voice recording system will only be used for the purposes set out above. The data shall be held securely and accessed by authorised users only. Within the scope of usage described above, we may export data from the voice recorder. Exported data shall be stored in secure locations but be deleted within 12 months of capture.
Building profiles and targeting communications
We use profiling and screening techniques to ensure communications to you are relevant and timely, and to provide an improved experience for our supporters and members. Profiling also allows us to target our resources effectively. We do this because it allows us to understand the background of our members and the people who support us and helps us to make appropriate requests to them. Importantly, it enables us to raise more funds, sooner, and more cost-effectively, than we otherwise would.
When building a profile we may analyse geographic, demographic, financial and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. Such information is compiled using publicly available data about you and information which has been modelled about other things a company may know about you.
Direct Marketing and Data Sharing
With your consent, we will contact you to let you know about the various ways you can support our work – without your support we cannot support the members who rely on our help and whose lives we really make a difference to. We will make it as easy as possible for you to tell us how you want us to communicate, and in a way that suits you.
Our forms have clear marketing preference questions and we include information on how to opt out when we send you marketing. If you don’t want to hear from us, that’s fine. Just let us know when you provide your data or contact us on 0800 018 2361 or firstname.lastname@example.org.
How we keep your information safe and who has access to it
We ensure that there are appropriate physical and technical controls in place to protect your personal details. For example, paper records are always locked away, our online forms are always encrypted and our network is protected and routinely monitored.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors. We use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they collect or have access to. We’ll only ever allow your data to be used temporarily by suppliers working on our behalf.
Sharing within the Association
The RAF Association is made up of businesses including a charitable arm and a trading arm. We have two main charities, one in England and one in Scotland and each of our branches, who are affiliated to the Association, are separate charities within their own right.
When you give information to us it will be shared within the wider organisation to provide the service to you that you require.
Many of our branches and clubs are independent charities and are therefore data controllers. This means they are also legally responsible for protecting your data whilst in their safekeeping. We will ensure that data processing agreements are in place before sharing your data with your branch or club.
Sharing with third parties
We will only ever share your data in other circumstances if we have your explicit and informed consent. However, we may need to disclose your details if required to the police, other agencies, for example HMRC, regulatory bodies or our legal advisors.
Where we store your information
Your personal information will be hosted securely within the UK or the EU.
Some of our branches, clubs and suppliers run their operations outside the European Economic Area (EEA). Although they may not be subject to the same data protection laws as organisations based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you understand and agree to this transfer, storing and processing at a location outside the EEA.
How long we retain your information and how we keep it up to date
We will only keep your information for as long as we need it to assist you with your enquiry, process your membership or to assist with our fundraising activities. There are statutory timescales on how long we should keep your information, for example, gift aid transactions must be retained indefinitely, employment records for 6 years after an employee leaves. We shall delete your information according to these statutory limits, or according to guidance issued by the Information Commissioner.
Where possible, we will keep your information accurate, and where necessary, up-to-date. To assist us in this task we use publicly available sources to keep your records up to date; for example, the Post Office’s National Change of Address database and information provided to us by other organisations as described above.
We would appreciate it if you let us know if your contact details change.
The Data Protection Act 1998 gives you certain rights and these are listed below for your convenience:-
- You have the right to have a copy of the information which we hold on you. A fee of £10 is payable for the information and unless there is a legitimate reason why you cannot make the application in writing, your request should be addressed in writing by letter or email, to the Association contact shown below enclosing two proofs of identification
- You have a right to object to processing that is likely to cause, or is causing you damage or distress
- You have a right to prevent processing for direct marketing; simply email or call us and we will stop sending marketing materials to you
- You have a right to object to decisions being taken by automated means; although we can confirm we make no decisions on you using an automated process
- You have a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
- You have a right to claim compensation for damages caused by a breach of the Act
You have given us permission to process your information, but you can withdraw your consent at any time. In certain situations, these rights may not apply, for example if you gave us details to help you with a welfare issue we must keep details of that request, or, if you are a valid member we may have to write to you about your membership even if you asked us previously not to, but we would not send you direct marketing.
Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, contact details below.
Changes to this Policy
Our contact details
Phil Sherwin – The Chief Information Officer
Tel 0800 018 2361
Registered Charity 226686 (England & Wales) – SC037673 (Scotland)
RAFATRAD Limited Company Reg No. 3455255
RAFA Housing Limited Company Reg No. 17723R
ICO Registration No. Z7739345
If you are unhappy with how we have processed your personal information, please firstly contact the Data Protection Officer listed above. If you are still unhappy you many contact the following:
Information Commissioner’s Office
Cheshire, SK9 5AF
Helpline: 0303 123 1113 (local rate) or +44 1625 545 745
Royal Air Forces Association v1 17.05.2017
This document was last updated in May 2017.