OSME is committed to:
– protecting your privacy and taking good care of your personal information
– never selling or leasing your personal information
– only sharing your personal information with individuals or organisations with whom we work
– responding promptly to any questions you have concerning how we hold your personal information
- INTRODUCTION, APPLICATION, CONTENT & ABBREVIATIONS
Why a notice?
We believe it is important that you should understand why and how OSME uses your personal information (called here “personal data”) and that you are made aware of your legal rights. Accordingly, this Privacy & Cookies Notice (“this notice”) describes what happens to any personal data you give us (or any which we collect about you). This includes setting out how OSME, as a data controller, complies with UK data protection legal requirements in relation to your personal data (including the General Data Protection Regulation-known as “GDPR”).
Why is OSME a “data controller” in relation to me?
A “data controller” is someone who decides how and why your “personal data” is to be “processed”.
“Personal data” means in law any information that (i) identifies you or which can be identified as relating to you personally and (ii) is collected from you or a third party. Examples include your name, postal or email address, user ID, password, bank account details & telephone number.
As for “processed” this encompasses almost any use of “personal data”: for example, collecting, storing, sharing or destroying.
As described later in this notice there are many ways in which OSME “processes” your “personal data”. Hence OSME is a data controller in relation to your personal data.
Why does this notice apply to me?
If you have a relationship with OSME involving personal data this notice will apply to you. This will be the case if you are:
- a member, donor, volunteer, customer or regional representative of OSME;
- a trustee of, or consultant to, OSME;
- an applicant for a conservation award or other grant;
- a user of any of our services (including purchaser of merchandise);
- making an enquiry in relation to membership, services, donations, awards or grants;
- emailing, calling or writing to OSME; or
- a visitor to OSME’s website or other social media platforms.
I only want to look at OSME’s website, so why does this notice apply to me?
While you can use many functions of OSME’s website without disclosing any personal data you will reveal personal data if you, for example, complete an online membership application form.
What is covered in this notice?
You will find below information on the following topics:
- About OSME& how to contact us
- What information OSME collects about you (your data)
- How OSME uses information about you (your data)
- Disclosing and sharing your data
- Protecting your data
- Storing your data
- Accessing & amending your data
- Your legal rights
- Links to other websites & your privacy
- Cookies
- Changes to this notice
You can access this notice from the bottom of every page of our website by clicking on the appropriate link.
Other abbreviations used in this notice
To save repetition, in this notice:
“Birdfair” means the annual British Birdwatching Fair at Rutland Water;
“processing” in relation to your personal data means any use including collection, sharing, storing, retaining, deleting, destroying or transferring overseas;
“we”, “us” and “our” means OSME; and
“you” and “your” means you, any person authorised by you or any person who deals with us for you (e.g. a member who has sponsored you).
- ABOUT OSME & HOW TO CONTACT US
OSME is a UK registered charity (charity no. 282938).
We promote the study and conservation of birds in our region.
If you have any questions about this notice or the personal data we hold about you please either email secretary@osme.org or write to OSME, c/o The Lodge, Sandy, Bedfordshire, SG19 2DL, United Kingdom.
As noted above, for the purposes of data protection law, OSME is regarded as a “data controller” in relation to your personal data (see section 1).
- WHAT INFORMATION OSME COLLECTS ABOUT YOU (YOUR DATA)
(A) Personal data provided by you
We collect personal data you provide to us (both electronically and in paper format).
This is likely to happen when you:
- apply to be a member (for yourself or another);
- place an order for products;
- make a donation;
- offer to be a volunteer (including trustee, regional representative, adviser or Birdfair representative);
- submit an article for Sandgrouse;
- register your interest in an activity of OSME (such as, a fundraising trip);
- provide feedback;
- participate in competitions (such as, a raffle);
- complete a register of attendance at a OSME meeting or event;
- apply for a conservation grant or award;
- send an enquiry to OSME (including to its officers and editors); and
- use OSME’s website (for example, use may result in cookies capturing technical information).
The personal data collected in this way may include:
- personal details (name, previous name, title, marital status, age, date of birth, email address, postal address, telephone number, user ID or login, or password);
- financial information (payment information such as, credit/debit card or direct debit details, bank account details and fiscal information such as, whether your donations can be gift-aided);
- professional information (experience in research work or organisations you have worked with or for);
- how you would like to hear from us;
- details of your membership, purchases and volunteering activities; and
- details of your interests and preferences (such as, the countries you would like to visit or what interests you most about bird species or sites).
Please note you may be disclosing personal data by reason of your relationship with us (for example, disclosing your purchase patterns when you buy from us) and when this is gathered by the technology you use to access our services (for example, location data from your IP address or telephone number).
(B) Information from third parties
OSME occasionally receives personal data from third parties. This is mostly likely to be where:
- you provide your information to another organisation involved in financing or conducting conservation projects in the Region; or
- where you have posted to one of OSME’s social media pages or one linked to OSME’s.
(C) Information from publicly available resources
OSME may occasionally collect information from publicly available resources (for example, from the electoral register in order to check your contact details).
(D) Sensitive personal data
It is unlikely that we will receive what is known in data protection law as “sensitive personal data”. This is mostly information relating to health, beliefs or political affiliation. However, if this does happen, OSME will take extra care to ensure your privacy rights are protected.
(E) Special cases: trustees & volunteers
If you are a trustee or volunteer then OSME may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts and medical conditions). This information will be retained for legal or contractual reasons, to protect OSME(including in the event of an insurance or legal claim) and for safeguarding purposes.
(F) Special cases: donations
In certain circumstances OSME is required by the Charity Commission to check the source of donations and any conditions attached to them. This might require OSME to research the financial soundness, credibility, reputation and ethical principles of a donor or prospective donor.
(G) Surveys
OSME may from time to time conduct membership surveys. If so, you will not be under any obligation to participate and at the time will be informed about what is to be done with any personal data collected and when it will be destroyed.
- HOW OSME USES INFORMATION ABOUT YOU (YOUR DATA)
By law OSME may only use your personal data where it has a legal ground that justifies such use. The grounds can be summarised as:
- to enter into or perform a contract with you (or for taking steps prior to entering into it);
- for OSME’s own (or a third party’s) legitimate interests;
- to comply with a legal obligation;
- to protect your vital interests or those of another person;
- for the performance of a task carried out in the public interest; and
- where you have consented.
Accordingly, OSME will only use your personal data if at least one of the above grounds applies. In any event, OSME will only use your information for the purpose or purposes for which it was collected (or else for closely related purposes).
The GDPR requires OSME to explain which of the legal grounds justifies OSME’s use of your personal data. For some uses one or more legal ground will apply (except where OSME relies on consent). This is set out in the Schedule to this notice. In this section we set out how OSME uses your information.
We may use your personal data for the purpose of:
- assessing an application for membership;
- administering & managing your membership (including updating your records, tracing your whereabouts to contact you about your account & sending out renewal notices);
- giving you notice of OSME’s annual general meeting (“AGM”) or extraordinary general meeting (“EGM”);
- sharing with payment service providers where necessary to process your payment;
- despatch of membership benefits to you (including journals-which may contain third-party advertisements, information on OSME’s activities, volunteering opportunities, fundraising activities and its merchandise);
- fulfilment of orders for products or services ordered by you from OSME (“OSME merchandise”);
- administration of conservation grants & awards;
- administration of donations and legacies (including recording the nature and amount of a donation, claiming Gift Aid, sending a thank you letter and getting in touch should there ever be any issues when processing a donation);
- debt recovery;
- responding to your enquires (including applications for grants or awards and submission of articles for OSME’s journals);
- keeping a record of correspondence with you;
- communicating OSME’s announcements to you (for example, changes in services provided and conservation work) and events (for example, non-AGM or non-EGM meetings) – but see Keeping in touch with OSME below;
- communicating to you about fundraising (including sending you raffle tickets & information about fundraising trips) and volunteering opportunities – but see Keeping in touch with OSME below;
- communicating developments in your country or region – but see Keeping in touch with OSME below;
- contacting you for the purpose of providing you with information relevant to the operation and maintenance of your membership (including any online account you open) or updating information about how we process your personal data;
- sharing with a third party where you have requested this;
- advising you of fundraising trips where you have completed a register of interest at a meeting of OSME or at an event at which OSME is exhibiting (such as, Birdfair);
- ensuring that content from our website is presented in an effective manner for you and your computer;
- desktop research related to fundraising solely for our charitable purposes;
- your participation in interactive features on our website;
- aggregating membership information and statistical analysis related to advertising (but none of this usage involves automated profiling or will identify any individual i.e. it is anonymised);
- good governance of OSME (such as, internal reporting and compliance with OSME codes or policies);
- obtaining advice or services from legal and other professional advisers relating to the rights or interests of you, OSMEor a third party in respect of whom OSME has responsibilities (including how to protect the same);
- adhering to best practice and guidance of governmental and regulatory bodies (such as, HMRC, the Information Commissioner’s Office and the Charity Commission);
- activities related to the prevention, detection and investigation of crime (including fraud);
- complying with a legal obligation that applies to OSME;
- preventing and detecting crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions (this may require us to process information about criminal convictions and offences, to investigate and gather intelligence on suspected financial crimes, fraud and threats and to share data with law enforcement and regulatory bodies);
- protecting the rights, property and safety of OSME, its members, visitors or others which OSME is under a legal duty to protect;
- auditing of OSME’s operations to comply with our duty to report on OSME;
- complying with orders from courts and other administrators of justice; and
- dealing with requests from you or others to exercise rights under data protection laws.
Please note we may access and use information from credit reference and fraud prevention agencies to:
- manage and take decisions about your membership;
- prevent criminal activity, fraud and money laundering;
- check your identity and verify the accuracy of the information you provide to us; and
- trace debtors and recover debts.
Keeping in touch with OSME
OSME does not use your personal data to market the products or services of third parties (although its journals may contain such advertisements).
However, OSME would like from time to time to provide you (through email and post) with information about:
- OSME’s announcements (news & events);
- OSME’s fundraising activities (including sending raffle tickets & information about fundraising trips or leaving a gift in your will);
- OSME’s volunteering opportunities; and
- developments in your country or region.
We call these “external communications”. This does not include communications required to fulfil OSME’s obligations to you as a member (such as, sending OSME journals and notices of AGMs) or as a purchaser of OSME merchandise or membership (such as, sending transaction notifications or renewal notices). It also does not include us contacting you for the purpose of providing you with information relevant to the operation and maintenance of your membership (including any online account you open) or updating information about how we process your personal data.
It is OSME policy that we will not provide you with external communications unless you “opt-in”. You may also choose whether to receive external communications by email or post or both. A link can be found on OSME’s website to opt-in.
You can, at any time, decide not to receive external communications or change how these are provided by emailing secretary@osme.org or writing to OSME, c/o The Lodge, Sandy, Bedfordshire, SG19 2DL, United Kingdom.
As we have explained external communications do not include OSME’s journals. You may if you wish decide not to receive any OSME journals by emailing or writing as described in the previous paragraph. Please note that if you choose to do this you may not hear about (amongst other things) OSME’s meetings, volunteering activities and conservation activities.
- DISCLOSING AND SHARING YOUR DATA
OSME will not sell or lease your personal data to any third party.
OSMEwill disclose or share your personal data with others as follows:
- members of OSME’s Council (who are elected by members of OSME at an annual general meeting or co-opted and are trustees in law & accordingly bound by duties of confidentiality) but only in so far as related to OSME’s activities;
- members of sub-committees of OSME’s Council (including the conservation awards sub-committee) but only so far as necessary for the performance of responsibilities delegated by OSME’s Council (for example, consideration of an application for a conservation grant);
- regional representatives of OSME (who are elected by members of OSMe at an annual general meeting) but only in respect of members located in the representative’s region, or applicants for or recipients of conservation grants or awards related to their region or enquires related to their region;
- employees of OSME;
- agents of OSME (but only in order to carry out tasks on behalf of OSME where OSME is the principal);
- professional or other advisers to OSME;
- the independent examiner of OSME but only in respect of his or her duties as examiner;
- subcontractors to OSME (primarily those carrying out administrative tasks on behalf of OSME, suppliers of or delivery organisations of OSME products or services you purchase, or payment service providers);
- organisations with which OSME holds a joint meeting but only in so far as required to ensure you have access to that meeting or where you completed a register of attendance; and
- where OSME is legally required to do so (such as HMRC) or as a result of a lawful request.
When OSME allows access to your personal data this will be on the basis that OSME controls what they see, what they are allowed to do with it and how long they can see it.
Please note that if you attend an AGM or EGM of OSME, OSME will retain a record of your attendance and of any resolution you propose or second but only for the purpose of complying with its legal or regulatory obligations as a registered charity. This record of your name may appear in OSME’s journal and documents required to be displayed at AGMs or EGMs or sent to the Charity Commission.
Please also note OSME may disclose your personal data to third parties as follows:
- if OSME is under a legal duty to disclose or share your personal data (for example where we are required by law enforcement agencies, judicial bodies, government entities, tax authorities or regulatory bodies around the world);
- in order to enforce or apply OSME’s website terms of use and other agreements; or
- to protect the rights, property, or safety of OSME, its trustees, employees, consultants, regional representatives, members, donors, volunteers and other supporters.
- PROTECTING YOUR DATA
OSMEtakes very seriously the need to protect your personal data. We take such action as is reasonable and necessary to prevent unauthorised access to, or disclosure of, such data.
For example, the shopping cart service that OSME uses for membership signups and publication sales implements encryption when collecting or transferring sensitive data such as, credit card information.
However, OSME cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk (see also Warnings below).
CCTV & Recordings etc at OSME meetings
It is possible that if you attend a meeting of OSME the operator of those premise will use CCTV and so you may be recorded when you visit them. If so, OSME will insist that the CCTV is only:
- there to help provide security and to protect both you and others attending;
- CCTV will only be viewed when necessary (e.g. to detect or prevent crime); and
- footage is only stored temporarily.
It is also possible that OSME may choose to video one of its meetings in order to cast this on its website. If you are a speaker or member of a panel you may be recorded but OSME will seek your consent. Likewise, if a photo is taken at such meeting for posting to OSME’s website or use in a OSME journal. Similarly, if you are videoed or photographed winning a prize or being made a conservation grant or award.
Warnings
If you have a password to allow access to certain parts of our website, you must keep the password safe and not share it with anyone or your personal data could be at risk.
Data that is transmitted via the internet or in email cannot be 100% secure. You should bear this in mind when deciding what information you wish to share with OSME.
- STORING YOUR DATA
Where we store information
OSME currently stores all personal data in the United Kingdom. Some personal data may be transferred out of the United Kingdom (& European Union) by email but this is only likely to be where strictly necessary in relation to applications for, or awards of, conservation grants or enquires to be dealt with by OSME’s regional representatives or renewal of membership for nationals whose address is outside the United Kingdom (or European Union).
Some organisations which provide services to OSME may transfer personal data outside of the European Economic Area, but we’ll only allow them to do so if your data is adequately protected.
How long we store information
OSME will only use and store information for so long as it is required for the purposes for which it was collected. How long information will be stored for depends on the information in question and what it is being used for. We periodically review what information we hold and delete what is no longer required.
In determining how long to hold personal data we have regard to:
- our reasonable organisational needs (such as, managing our members’ database);
- the statute of limitation in relation to legal claims; and
- retention periods in line with regulatory requirements or guidance (such as, the period to retain raffle ticket stubs).
OSME never stores payment card information.
If OSME disposes of your personal data it will do so securely so far as reasonably practicable.
- ACCESSING & AMENDING YOUR DATA
What to do if your personal information changes
You should tell us without delay if there is any change in the personal data you have supplied to us (especially, name or address) so that we can update our records.
Please email secetary@osme.org or write to OSME, c/o The Lodge, Sandy, Bedfordshire, SG19 2DL, United Kingdom.
Access to your data
You have the right to request a copy of the information that OSME holds about you. If you would like a copy of some or all of your personal information, please email secretary@osme.org or write to OSME, c/o The Lodge, Sandy, Bedfordshire, SG19 2DL, United Kingdom.
You may be asked to provide the following details:
- the personal information you want to access; and
- the date range of the information you wish to access.
In addition, OSME may need you to provide information that will help OSME confirm your identity.
Amending your data
If you have already supplied OSME with personal information, you can amend or update this at any time by emailing or writing to OSME at the above address.
If you have an account with us, you can log on to your account (using your user ID and password) and amend or update information recorded there.
Incorrect data
If you believe that any information OSME holds on you is incorrect or incomplete, please email or write to OSME at the above address.
OSMEwill correct promptly any information which is found to be incorrect.
If you have an account with us, you can log on to your account (using your user ID and password) and correct any information inaccurately recorded there.
- YOUR LEGAL RIGHTS
You may find information about your UK data protection legal rights on the current website of the UK’s Information Commissioner: www.ico.org.uk
OSME considers it is important that you should be aware of those rights. Broadly speaking they are:
- the right to confirmation as to whether or not OSME has your personal data and, if so, to obtain a copy of the personal information held (please see section 8 above);
- the right to have your data erased (though this will not apply where it is necessary for OSME to continue to use the data for a lawful reason);
- the right to have inaccurate data rectified;
- the right to object to your data being used for marketing or profiling;
- the right to request the restriction of the processing of your personal data in certain circumstances including if you believe any of the data held is inaccurate, it’s no longer needed for the purpose it was provided or it’s not being used in a lawful manner;
- the right to withdraw consent given for marketing; and
- the right to receive personal data you have provided to OSME in a structured, commonly used and machine-readable format but only where OSME’s lawful basis for processing this information is either your consent or for the performance of a contract, or OSME is carrying out the processing by automated means.
Please note the above is a brief summary and there may well be exceptions to the rights described.
Please also note that if you request us to rectify, delete, restrict processing or stop processing your information, we may have to suspend, restrict or cease the operation of your membership (including any online account you have opened) and the provision of products or services to you.
If you wish to complain about the way in which OSME collects, uses, discloses, holds, protects, stores or otherwise deals with your personal data please email or write to OSME as described in section 8 above. OSME undertakes to respond to your complaint as soon as reasonably practical. Please remember OSME is a charity run by non-paid volunteers.
If you are dissatisfied with OSME’s response you can complain to the UK’s Information Commissioner’s Office.
Details can be found at:
-or you can telephone: 0303 123 1113;
or write to:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
- LINKS TO OTHER WEBSITES & YOUR PRIVACY
OSME’s website may contain links to enable you to visit other websites. OSME does not have any control over such other websites. Therefore, OSME cannot be responsible for the protection and privacy of any information which you provide whilst visiting such websites. You should exercise caution and look at any privacy statement applicable to the website in question.
- COOKIES
OSME’s website uses cookies to help provide you with the best experience we can. These are small text files that are placed on your computer or mobile phone when you browse websites.
Our cookies assist us in:
- remembering your settings during and between visits; and
- improving the speed & security of the website.
OSME does not use cookies to collect any personally identifiable information (without your express permission) nor to pass personally identifiable data to third parties.
- CHANGES TO THIS NOTICE
OSME may amend this notice from time to time by notice. For example, this may be done to take account of changes in the law, or the way OSME uses your data. The current version will be posted to OSME’s website.
Notice of any amendment or replacement of this notice will be posted to OSME’s website and will be deemed effective on publication.
SCHEDULE
OSME’s LEGAL GROUNDS FOR PROCESSING PERSONAL DATA
OSME considers the following legal grounds justify OSME’s use of your personal data:
- Processing of your personal data is considered by OSME to be necessary to perform a contract with you (or for taking steps prior to entering into it) where it is done for the purpose of:
- assessing an application for membership;
- administering & managing your membership (including updating your records, tracing your whereabouts to contact you about your account & sending out renewal notices);
- giving notice to you of OSME’s annual general meeting (“AGM”) or extraordinary general meeting (“EGM”);
- sharing with payment service providers where necessary to process your payment;
- despatch of membership benefits to you (including journals-which may contain third-party advertisements, information on OSME’s activities, volunteering opportunities, fundraising activities and its merchandise); and
- fulfilment of orders for products or services ordered by you from OSME.
- Processing of your personal data is considered by OSME to be necessary for OSME (or another’s) legitimate interests where it is done for the purpose of:
- administering & managing your membership (including updating your records, tracing your whereabouts to contact you about your account & sending out renewal notices);
- administration of donations and legacies (including recording the nature and amount of a donation, claiming Gift Aid, sending a thank you letter and getting in touch should there ever be any issues when processing a donation);
- administration of conservation grants & awards;
- debt recovery;
- contacting you for the purpose of providing you with information relevant to the operation and maintenance of your membership (including any online account you open) or updating information about how we process your personal data;
- responding to enquires (including applications for grants or awards and submission of articles for OSME’s journals);
- keeping a record of correspondence with you;
- ensuring that content from our website is presented in an effective manner for you and your computer;
- desktop research related to fundraising solely for our charitable purposes;
- your participation in interactive features on our website;
- aggregating membership information and statistical analysis related to advertising (but none of this usage involves automated profiling or will identify any individual);
- good governance of OSME (such as, internal reporting and compliance with OSME codes or policies);
- obtaining advice or services from legal and other professional advisers relating to the rights or interests of you, OSME or a third party in respect of whom OSME has responsibilities (including how to protect the same);
- adhering to best practice and guidance of governmental and regulatory bodies (such as, HMRC, the Information Commissioner’s Office and the Charity Commission); and
- activities related to the prevention, detection and investigation of crime (including fraud).
In such cases we consider we satisfy the “balancing” test required by GDPR because:
- we have a legitimate interest to use your personal data-being either:
- to provide you with the best membership services and products;
- to manage the Club efficiently and to ensure its existence;
- to develop the Club as a successful charity (including improving our governance, management or achievement of our charitable purposes including delivery of services and products to members);
- to protect the interests of the Club as a successful charity (including managing risk); or
- to adhere to best practice guidance from regulatory bodies (including the Charity Commission); and
- we will only use your personal data so far as we have no other way to give effect to our legitimate interests; and
- we consider our use will not materially prejudice your privacy.
- Processing of your personal data is considered by OSME to be necessary to comply with a legal duty where it is done for the purpose of:
- complying with a legal obligation that applies to OSME;
- protecting the rights, property and safety of OSME, its members, visitors or others which OSME is under a legal duty to protect;
- preventing and detecting crime and to comply with laws relating to money laundering, fraud, terrorist financing, bribery and corruption, and international sanctions (this may require us to process information about criminal convictions and offences, to investigate and gather intelligence on suspected financial crimes, fraud and threats and to share data with law enforcement and regulatory bodies);
- auditing of OSME’s operations to comply with our legal duty to report on OSME;
- complying with orders of courts and other administrators of justice; and
- dealing with requests from you or others to exercise rights under data protection laws.
- Processing of your personal data is considered by OSME to have been processed with your consent where done for the purpose of:
- communicating OSME’s announcements (for example, changes in services provided and conservation work) and events (for example, non-AGM or non-EGM meetings)- provided you have given your prior consent;
- communicating about fundraising (including sending raffle tickets & information about fundraising trips) and volunteering opportunities- provided you have given your prior consent;
- communicating developments in your country or region- provided you have given your prior consent;
- sharing with a third party where you have requested this; and
- advising you of fundraising trips where you have completed a register of interest at a meeting of OSME or at an event at which OSME is exhibiting (such as, Birdfair).