Privacy Policy

Who we are

We are the Fairlop Waters Outdoor Activity Association. Our website address is: https://www.fairlopwaters.org.uk.

The Fairlop Waters Outdoor Activity Association is committed to collecting and using such data fairly and in accordance with the requirements of the General Data Protection Regulations (GDPR), the regulations set by the European Union, and Data Protection Act 2018 (DPA 2018), the UK law that encompasses the GDPR.

This Privacy Notice/Policy applies to members, volunteers, committee members, contractors, suppliers, supporters, donors and members of the public who make contact with the assocation.

GDPR roles

The Data Controller for the Fairlop Waters Outdoor Activity Association is the Committee who are appointed at an Annual General Meeting

What personal data we collect and why we collect it

Our website and social media

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Cookies

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

We use analytics to check that we are reaching the correct geographical audience. You can opt out of these cookies using the web form provided.

If you request a password reset, your IP address will be included in the reset email.

Member Information

We hold information about each of our members (and their parents or guardians if under 18) in order to help us communicate with those members and in order to understand who our membership represents.

The personal information we hold, is provided to us directly by you or by the parents or legal guardians of youth members in paper form or in digital form. Where a member is under the age of 18, this information will only be obtained from a parent or guardian and cannot be provided by the young person.

We may collect the following personal information:

  • Personal contact details such as name, title, address, telephone numbers and personal email address – so that we can contact you.
  • Age – so that we can ensure that where adults interact with young people when volunteering and working woth the assoication, the appropriate controls are in place.
  • Emergency contact information – so that we are able to contact someone in the event of an emergency.
  • Media in the form of photos, video, audio – for the purposes outlined in detail below for publicising what we do to existing, past and potential members and as part of our activities.

We use personal data for the following purposes:

  • to provide information about Association meetings, activities, volunteering courses and events to our members
  • to carry our the objectives stated in our constitution
  • to administer membership records
  • to fundraise and promote the interests of the Assoication
  • to manage our volunteers
  • to maintain our own accounts and records (including the processing of gift aid applications)
  • to contact your next of kin in the event of an emergency
  • to ensure you have and maintain the correct qualifications and skills
  • to allow you to connect to our systems and to ensure that you have a legitimate right to do so
  • where we are required to meet a legal obligation

Photography and video

During meetings and other events, still or video images may be taken and stored securely within the group’s Google G Suite storage.
Images may be used for one or more of the following purposes to promote the Association and its objectives and the Fairlop Outdoor Activity Centre

  • Use on the Association public Facebook page
  • Use on the Association public website
  • Use on the Association public Youtube channel, Instagram and Twitter accounts
  • Use o the Fairlop Outdoor Activity Centre website and social media accounts managed by VisionRCL

The lawful basis we process your data by

We comply with our obligations under the GDPR and DPA 2018

  • by keeping personal data up to date;
  • by storing and destroying it securely;
  • by not collecting or retaining excessive amounts of data;
  • by protecting personal data from loss, misuse, unauthorised access and disclosure and
  • by ensuring that appropriate technical measures are in place to protect personal data.

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

Membership data is retained for 12 months after notification that you wish to withdraw your membership.

Further processing

If we wish to use your personal data for a new purpose, not covered by this Data Protection Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions.  Where and whenever necessary, we will seek your prior consent to the new processing.

What rights you have over your data

As a Data Subject, you have the right to object to how we process your personal information.  You also have the right to access, correct, sometimes delete and restrict the personal information we use.  In addition, you have a right to complain to us and to the Information Commissioner’s Office (www.ico.org.uk)

  • Unless subject to an exemption under the GDPR and DPA 2018, you have the following rights with respect to your personal data
  • The right to be informed – you have a right to know how your data will be used by us.
  • The right to access your personal data – you can ask us to share with you the data we have about you. This is a Data Subject Access Request.
  • The right to rectification – this just means you can update your data if it is inaccurate or if something is missing.
  • The right to erasure – this means that you have the right to request that we delete any personal data we have about you. There are some exceptions, for example, some information will be held by the Association for legal reasons.
  • The right to restrict processing – if you think that we are not processing your data in line with this privacy notice then you have the right to restrict any further use of that data until the issue is resolved.
  • The right to data portability – this means that if you ask us we will have to share your data with you in a way that can be read digitally – such as a pdf
  • The right to object – you can object to the ways your data is being used.

If you have an account on our website site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.