Who we are
The Royal Air Forces Association (“we” and / or “us) is a welfare charity, registered with the Charity Commission in England and Wales under charity number 226686 and with the Office of the Scottish Charity Regulator under charity number SC037673. We are registered as a data controller with the Information Commissioner’s Office (ICO). Our Data Protection (DP) Policy, together with its supporting Standard Operating Procedures (SOP), is designed to ensure that all activities conducted by the Association safeguard the confidentiality of personal information and comply with the provisions of Data Protection legislation, including the General Data Protection Regulation (EU) 2016/679. This Association Privacy Notice sets out how we will collect, use, share and protect your personal data.
These provisions also apply to our subsidiaries RAFATrad Limited and Royal Air Forces Association Housing Limited, both of which are separately registered with the ICO as data controllers. The sharing of data between us and each subsidiary is subject to a written data sharing agreement.
We promise to respect the confidentiality of any personal data you share with us, or that we get from other organisations, to keep it safe, and we will always take every effort to protect your privacy.
We pride ourselves on our honesty and openness and will always be clear how, when and why we collect and process your information; we promise will never do anything with your details that you wouldn’t reasonably expect.
Developing a better understanding of our members and supporters is crucial, and your personal data allows us make better decisions, fundraise more efficiently and, ultimately, helps us to reach our goal of friendship, help and support supporting the RAF family.
We will contact you and communicate with you as necessary to administer and manage any specific contracts between us, for example, your membership, employment or volunteering agreement or to provide you with products purchased from RAFATrad.
Our marketing communications include information about our welfare work and how you can help support it through your membership, or by volunteering, fundraising or donating. Fundraising and donations are crucial to sustaining our long term survival and we are reliant on our members and volunteers to both financially support and directly deliver our welfare work.
We generally seek your express consent to receive marketing communications, either by post, phone, text (SMS) or email. However, where we have an existing and ongoing relationship with you we recognise that you may regard giving such consent as unnecessary. Therefore, we will continue to write to existing members, volunteers or supporters about our activities and how you can support our work, balancing your right to privacy with your reasonable expectations about being kept informed. We promise not to bombard you with communications and at any time you can opt out of receiving such communications from us – see below.
With your consent, or where we have an ongoing relationship with you, we will contact you to let you know about the various ways you can support our work – without your support we cannot support the members who rely on our help and whose lives we really make a difference to. We will make it as easy as possible for you to tell us how you want us to communicate, and in a way that suits you.
Our forms have clear marketing preference questions and we include information on how to opt out when we send you marketing. If you don’t want to hear from us, that’s fine. Just let us know when you provide your data or contact us on 0800 018 2361 or firstname.lastname@example.org.
You can contact us at any time to update your details, change your communication preferences, opt out of any marketing, change your consent, object to processing, make a subject access request or make a complaint.
By phone: 0800 018 2361
By email: email@example.com
By post: FREEPOST The Royal Air Forces Association
Members can also update their communication references at any time via the online Members’ Portal: https://www.rafa.org.uk/portal/
We collect information in the following ways:
When you give it to us DIRECTLY
There are many ways you may give us your information. For example, when you join as a member, apply for a job, begin volunteering, make a donation, purchase our products or communicate with us. Sometimes your information is collected by an organisation working for us (e.g. a professional fundraising agency), but we are responsible for your data at all times.
When you give it to us INDIRECTLY
Your information may be shared with us by independent organisations, for example sites like Just Giving or BT MyDonate or via services such as RAF wi-fi. These independent third parties will only share your information when you have consented. You should check their Privacy Policies and Provisions when you provide your information to understand fully how they will process your data.
When you give permission to OTHER ORGANISATIONS to share or it is available publicly
To improve our communications and services, we may carry out data profiling and add data from other parties to your record – you can opt out of this at any time by contacting us.
The information we get from other organisations may depend on your privacy settings or the responses you give, so you should regularly check them. This information comes from the following sources:
Third party organisations
You may have provided permission for a company or other organisation to share your data with third parties, including charities. This could be when you buy a product or service, register for an online competition or sign up with a comparison site.
Depending on your settings or the privacy policies for social media and messaging services like Facebook, WhatsApp, LinkedIn or Twitter, you might give us permission to access information from those accounts or services.
Information available publicly
This may include information found in places such as Companies House and information that has been published in articles/ newspapers.
When we collect it as you use our WEBSITES OR APPS
In addition, the type of device you’re using to access our website or apps and the settings on that device may provide us with information about your device, including what type of device it is, what specific device you have, what operating system you’re using, what your device settings are, and why a crash has happened. Your device manufacturer or operating system provider will have more details about what information your device makes available to us.
The type and quantity of information we collect and how we use it depends on why you are providing it.
We use Google Analytics to analyse the use of our websites by generating statistical and other information.
Details captured during your visit to our websites will include, but are not limited to, traffic data, location data, weblogs and other communication data and the resources you access. However, all data collected is anonymous and will not identify you as an individual.
To opt out of being tracked by Google Analytics across all websites visit https://tools.google.com/dlpage/gaoptout.
What personal information we collect and how we use it
How much personal information we need to hold depends on our relationship with you. For example, if you are donating to us we will need to hold far fewer details on you than if you are asking us to assist you with a welfare issue, where we will need to know more about your personal circumstances.
Regardless, we will only ever capture the minimum amount of information that we need to and we promise to keep your information secure and only share with parties who need to know.
Members and Supporters
If you’re a member or if you support us, for example you make a donation, volunteer, register to fundraise, sign up for an event or buy something from our shop, we will usually collect:
- Your name
- Your contact details
- Your date of birth
- Your bank or credit card details
- Details of the enquiry, service or product
- What action we have taken, and if we have passed this to anyone else, their details
- Your marketing preferences
Where it is appropriate, we may also ask for additional information; we will mainly use your data to:
- Provide you with the services, products or information you asked for
- Administer your membership, volunteering activity or donation
- Process any welfare requests including signposting you to, and in some cases, and with your permission, sharing your details with other third-parties, agencies and authorities
- Support your fundraising, including processing Gift Aid
- Keep a record of your relationship with us
- Ensure we know how you prefer to be contacted
- Keep you up to date about our work, events and opportunities to support us through donating, fundraising or volunteering.
- Understand how we can improve our services, products or information
To support you in some of the above tasks, for example to assist with a housing enquiry, or seeking access to medical services or counselling, we will need additional ‘sensitive’ information from you. This may come directly from you, or from a third party on your behalf, for example from a family member, or GP.
We will normally only hold, use and share this sensitive information with your explicit permission, although there may be reasons when we are required to do so by law, or to protect your vital interests. In that case we may process your information without your knowledge or consent – this would be very, very rare, but possible.
Employees & volunteers
We will collect all personal information required to comply with employment legislation, including where necessary sensitive information. This may include medical information and where additionally appropriate we will perform a criminal record search. To prevent discrimination and to ensure diversity, we shall request information from the employee or volunteer on religion, sexuality and ethnicity. Further information is provided through specific privacy policies for employees and volunteers.
rafaYOUTH – Under 18’s data
We collect and manage information from under 18’s, and aim to manage this in a way which is appropriate to the age of the young person. Information is usually collected when under 18’s join rafaYOUTH or fundraise for us. But it can also be personal data of a sensitive nature of minors who have benefitted from our welfare support. We need to keep this information for legal reasons.
Where possible and appropriate, we will seek consent from a parent or guardian before collecting information about minors.
In order to prevent and detect crime, and to ensure the safety of our members and staff, we operate CCTV systems at our various locations. These cameras record footage in real-time and are operated and controlled by our own staff.
Recording Telephone Calls
|We use a voice-telephony recording system to record calls to our contact centre and other telephone lines (excluding those where payments are made). The system is used for the following purposes:
• to provide clarification and confirmation of information given or received
• to enable quality monitoring of contact centre staff
• for staff training
Callers will be informed that their calls are being recorded for these purposes by a pre-recorded opening greeting message when they call the contact centre.
Data recorded by the telephone voice recording system will only be used for the purposes set out above. The data shall be held securely and accessed by authorised users only. Within the scope of usage described above, we may export data from the voice recorder. Exported data shall be stored in secure locations but be deleted within 12 months of capture.
Building profiles and targeting communications
We use profiling and screening techniques to ensure communications to you are relevant and timely, and to provide an improved experience for our supporters and members. Profiling also allows us to target our resources effectively. We do this because it allows us to understand the background of our members and the people who support us and helps us to make appropriate requests to them. Importantly, it enables us to raise more funds, sooner, and more cost-effectively, than we otherwise would.
When building a profile we may analyse geographic, demographic, financial and other information relating to you in order to better understand your interests and preferences in order to contact you with the most relevant communications. In doing this, we may use additional information from third party sources when it is available. Such information is compiled using publicly available data about you and information which has been modelled about other things a company may know about you.
Our Philanthropy team uses information that is already in the public domain (information that has been published in print or online) to identify high net worth individuals who may be interested in supporting our work with a major gift. These publicly available sources of information include Companies House, the electoral register, the phone book, the Charity Commission’s Register of Charities, Who’s Who, LinkedIn, company annual reports and information that has been published in articles/ newspapers and made available through social media channels. We also carry out research to identify existing supporters who may be able to join our donor programme. This is based both on publicly available information, and information our supporters have given us voluntarily (e.g. a person’s history of support for us, where they live, their age and what their occupation is.)
Under data protection legislation, you have the right to object to your data being processed in this way. If you wish to opt out of being identified as a high net worth individual, please contact our Philanthropy team at this address: firstname.lastname@example.org .
We are also legally required to carry out checks on individuals who give us large donations, to comply with our duties in respect of anti-money laundering legislation and the prevention of fraud.
How we keep your information safe and who has access to it
We ensure that there are appropriate physical and technical controls in place to protect your personal details. For example, paper records are always locked away, our online forms are always encrypted and our network is protected and routinely monitored.
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff, volunteers and contractors. We use external companies to collect or process personal data on our behalf. We do comprehensive checks on these companies before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal data they collect or have access to. We’ll only ever allow your data to be used temporarily by suppliers working on our behalf.
Sharing within the Association
The RAF Association has two subsidiaries: RAFATrad Limited and Royal Air Forces Association Housing Limited, both of which are separately registered with the ICO as data controllers. The sharing of data between us and each subsidiary is subject to a written data sharing agreement.
We also have many branches, which are separate charities within their own right and legally responsible for protecting your data whilst in their safekeeping. We will ensure that data processing agreements are in place before sharing your data with your branch.
When you give information to us it will be shared within the wider Royal Air Forces Association organisation to provide the service to you that you require and reasonably expect.
Sharing with third parties
We may need to disclose your details if required to the police, other agencies, for example HMRC, regulatory bodies or our legal advisors.
We may also share your data with third parties who provide data processing services on our behalf. Where this the case we will ensure they protect your data and only use it for the specific purpose that we instruct them to.
We will only ever share your data in other circumstances if we have your explicit and informed consent.
Where we store your information
Your personal information will be hosted securely within the UK or the EU.
Some of our branches and suppliers run their operations outside the European Economic Area (EEA). Although they may not be subject to the same data protection laws as organisations based in the UK, we will take steps to make sure they provide an adequate level of protection in accordance with UK data protection law. By submitting your personal information to us you understand and agree to this transfer, storing and processing at a location outside the EEA.
How long we retain your information and how we keep it up to date
We will only keep your information for as long as we need it to assist you with your enquiry, process your membership or to assist with our fundraising activities. In some cases there are statutory timescales on how long we should keep your information, for example, gift aid transactions must be retained indefinitely, employment records for 6 years after an employee leaves. We shall delete your information according to these statutory limits, or according to guidance issued by the Information Commissioner.
We are committed to ensuring that we keep your information accurate, and up-to-date. To assist us in this task we use publicly available sources to keep your records up to date; for example, the Post Office’s National Change of Address database and information provided to us by other organisations as described above.
We would appreciate it if you let us know if your contact details change. Members can update their details on the Members’ Portal: www.rafa.org.uk/portal.
Data protection legislation gives you certain rights and these are listed below for your convenience:-
- You have the right to have a copy of the information which we hold on you. Unless there is a legitimate reason why you cannot make the application in writing, your request should be addressed in writing by letter or email, to the Association contact shown below enclosing two proofs of identification.
- You have a right to object to processing that is likely to cause, or is causing you damage or distress
- You have a right to prevent processing for direct marketing; simply email or call us and we will stop sending marketing materials to you
- You have a right to object to decisions being taken by automated means; although we can confirm we make no decisions on you using an automated process
- You have a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed
- You have a right to claim compensation for damages caused by a breach of data protection legislation
Where have given us consent to process your information, you can withdraw your consent at any time. In certain situations, these rights may not apply, for example if you gave us details to help you with a welfare issue we must keep details of that request, or, if you are a valid member we may have to write to you about your membership even if you asked us previously not to, but we would not send you direct marketing.
Finally, if you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, contact details below.
Changes to these Provisions
We may change our Personal Data Policy/SOPs or these Privacy Provisions from time to time. If we make any significant changes in the way we treat your personal information we will make this clear on our website www.rafa.org.uk or by notifying you directly.
Our contact details
Vikki Hall – Director of Governance & Risk
Data Protection Officer
Tel 0800 018 2361
Registered Charity 226686 (England & Wales) – SC037673 (Scotland)
ICO Registration No. Z7739345
RAFATRAD Limited Company Reg No. 3455255
ICO Registration No. ZA320507
RAFA Housing Limited Company Reg No. 17723R
ICO Registration No. ZA320029
If you are unhappy with how we have processed your personal information, please firstly contact the Data Protection Officer listed above. If you are still unhappy you many contact the following:
Information Commissioner’s Office
Cheshire, SK9 5AF
Helpline: 0303 123 1113 (local rate) or +44 1625 545 745
Royal Air Forces Association v2 24.04.2018
This document was last updated in April 2018.
Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. They are small text files that are placed on your computer by websites that you visit.
We do not store any personal data in the cookies that we use, and store the information anonymously to assist us in the running of the site, and also for monitoring the activity and traffic both to and through our website. We use Google Analytics cookies to do this.
You should be able to control what cookies are placed on your device through the browser settings.
Go to www.aboutcookies.org to find out more about cookies, including how to see what cookies have been set and how to manage and delete them.
Visit http://tools.google.com/dlpage/gaoptout to opt out of being tracked by Google Analytics across all websites.
You can opt-out to the creation of a user profile, Hotjar’s storing of data about your usage of our site and Hotjar’s use of tracking cookies on other websites by following this opt-out link.
Conversion tracking helps us measure the return on investment of Facebook Ads by reporting on the actions people take after viewing our adverts. We create pixels that track conversions, add them to the pages of our website where the conversions will happen, and then track these conversions back to the ads we are running on Facebook.
No personal information is contained in or collected as a result of these cookies or pixels
LEGITIMATE INTEREST STATEMENT
The Royal Air Forces Association (“the Association”) is a high-profile member-led welfare charity. We believe that the individuals whose information we hold on our database are fully aware of the nature of their relationship with us and the mutually beneficial reasons for remaining in contact.
The individuals whose details the Association holds fall into the following primary categories. They may be active or lapsed.
- RAFA Youth members
- Non-transactional supporters
- Individual corporate partnership contacts
The Association relies on legitimate interest for its processing of personal data in relation to direct marketing in accordance with Article 6(1)(f) of the General Data Protection Regulation (GDPR). This permits the Association to contact individuals by post about the Association’s activities. Individuals are free to opt out of postal contact at any time.
Articles 47 and 48 of the GDPR say that direct marketing activity is a legitimate interest; in particular, in the context of a relevant and appropriate relationship between the organisation (the Association) and the individual (the recipient), there would be a reasonable expectation that postal details are used for these purposes. The Association claims legitimate interest for the purposes of communications, via post, in order to:
- Send membership communications (such as Air Mail, the membership magazine, renewal and lapsing letters) and undertake research to improve our membership offering and services
- Send fundraising appeals, volunteering opportunities, invitation to events and updates on the Association’s activities to our supporters, including members, volunteers and also to non-members who have donated to the Association within the past three years
- Provide occasional information on other opportunities to support the Association to visitors to our events if they have provided their personal information e.g. as a result of buying a ticket for a paid-for event
- Send proposals and updates to named individual business and corporate partnership contacts (using their business addresses only)
- Re-engage with lapsed members, supporters and volunteers for income generation and welfare delivery purposes (within three years of their last engagement with the Association)
- Contact RAFA Youth members aged 17 years to invite them to become a member of the Association when they reach 18 years of age. RAFA Youth is the Association’s youth membership scheme for children age 13 to 17 years. We do not send promotional or marketing information to children
- Contact beneficiaries to undertake research and evaluation to improve our welfare services
Without these contact opportunities, the Association’s income generation and volunteer-based welfare delivery potential is put at risk, endangering the long term survival of the organisation:
- The Association’s membership programme is wholly dependent on mail for delivering membership cards to new and renewing members, the quarterly Air Mail magazine (a key membership benefit) and information about the Association’s work. Membership cards are required if members are to benefit from admission to Association Clubs as they must be shown to gain entry. Air Mail can only be sent by post. Without a postal-based welcome and renewal packs for members, the Association’s ability to continue to operate as a membership organisation would be compromised.
- Direct communications regarding fundraising appeals and notification of upcoming fundraising events and participation activities to existing supporters are crucial to the Association’s income generation activities. The Association is a registered charity and wholly reliant on fundraising. Income generation opportunities are greatly increased if fundraising appeals and notification of upcoming events and participation activities are sent by post – postal communications generate higher response rates.
- The Association relies on its volunteers to deliver welfare and fundraising activities as well as supporting its international branch structure. The ongoing recruitment of new volunteers is an essential component of the Association’s strategy to increase our income and to grow our welfare delivery to improve the lives of our beneficiaries.
In order to send the communications and direct marketing described above, the Association holds and processes the following personal information, which is stored securely on our database:
- Title, full name, address, postcode.
- Transactional data relating to the dates and amounts paid for memberships and donations.
- Bank details, used only for processing Direct Debit payments relating to ongoing memberships and regular gifts. Card details are not retained for one-off purchases e.g. memberships and donations.
The Association may provide individuals’ personal contact details (supplied from our own secure database) to mailing and fulfilment houses in order to send the activities described above. We may also occasionally brief suppliers to carry out analysis, sometimes using personal data and at other times anonymised data, to help determine market trends and opportunities around membership and support. This insight enables us to provide the best possible experience for our members and supporters.
None of the activities outlined above infringe the rights or freedoms of individuals under the terms of the GDPR:
- We only record and store personal data with the knowledge of the individual
- We may use external data sources to enhance the personal data we store as permitted by Article 22 of the GDPR
- We do not use marketing data obtained from a third party without proof of third party consent for mailing having been obtained by the data owner
- We retain the individuals’ data for as long as the active relationship lasts with the Association, for marketing, business analysis and administration purposes
- We retain the individuals’ data for a period after the relationship has ceased, for the same purposes (i.e., membership has lapsed; no donations have been received). This will be for a maximum of 7 years after the last recorded activity by the individual. These timings are consistent with the Association’s statutory responsibilities to retain data for Gift Aid and other tax purposes.
- We transfer data securely to third party suppliers for the purposes of producing personalised direct mail materials
Legitimate interest does not permit the Association to contact its members and supporters by email or telephone for marketing purposes. This is governed separately by the Privacy and Electronic Communications Regulations. The Association will only make e-mail or telephone contact if the appropriate consents are in place.
Clear information about how individuals can opt out of contact or change their contact preferences is prominent on the Association’s website and all printed or digital materials which contain a data capture element. An up to date privacy statement is available on the Association’s website: rafa.org.uk/privacy