North Staffordshire Beekeepers For everyone interested in honeybees in and around North Staffordshire

NSBKA Privacy Policy

Overview

The North Staffordshire British Beekeepers Association (NSBKA) is committed to protecting and respecting your privacy.

As of 25th May 2018, the General Data Protection Regulations (GDPR) became British law through the Data Protection Act 2018. The purpose of GDPR is to strengthen and unify data protection for all individuals within the European Union (EU), while also addressing the exportation of personal data outside the EU.

We have tried to provide these pages in a way that is clear and easy to understand, including by writing them in plain language. If you are unsure about any of the contents, then please contact us using the contact details below.

If you are deaf or hard of hearing and you want to find out general information about the General Data Protection Regulations (GDPR), you can watch a short video produced by the British Deaf Association.

General

This privacy notice explains how and why North Staffordshire Beekeepers Association (NSBKA) processes your personal data under PART 2 (General Data) and the steps we take to keep your information safe. It also describes your rights regarding your information and how to complain to the Information Commissioner if you have concerns as to how we have handled your data.

This policy (together with our websites terms of use and any other documents referred to on it) explains when and why we collect personal information, how we use it, the conditions under which we may disclose it to others, and how we keep it secure.

We may change this policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. We may wish to use your personal data for a new purpose that is not covered by this Data Privacy Notice. Where appropriate, we will provide you with a new notice before we commence processing. This will explain the new use, and set out the relevant purposes and processing conditions.

If you have any questions regarding this policy and our privacy practices, please contact us
using the contact details below.

Our contact details

Our primary method of contact is by email at: secretary@northstaffsbees.org.uk
You can also contact us in writing at:

Middle Banks
Malthouse Road
Alton
Stoke-on-Trent
Staffordshire
ST10 4AG

Who are we?

We’re North Staffordshire Beekeepers Association (NSBKA).

We’re a local charity operating primarily in the North Staffordshire area, although our members can live elsewhere. We’re dedicated to helping honeybees and the beekeepers that look after them.

North Staffordshire Beekeepers Association (NSBKA) is a registered charity no. 511576. Our registered address is:

147 Armshead Road
Werrington
Staffordshire
ST9 0EL

We work with the British Beekeepers Association (BBKA) and approximately 74 other local beekeeping associations across England and Wales.

We are classed under the UK GDPR regulations as a data controller. That means we decide how the personal data we receive is processed and for what purposes we do that processing.

 

How to make a complaint

In the first instance, please contact North Staffordshire Beekeepers Association (NSBKA) using the contact details above.

If we are unable to resolve your complaint to your satisfaction, you have the right to lodge a complaint with the regulator for personal data, the Information Commissioners Office. You can contact them using the details below:

Website: https://ico.org.uk/global/contact-us/email/

Telephone: 0303 123 1113

Address:

Information Commissioner's Office,
Wycliffe House, Water Lane,
Wilmslow,
Cheshire,
SK9 5AF

 

What type of personal data do we process?

We process personal data, including Special Categories of personal data, that enables us to achieve our various roles. This includes:

• Your name and address and other contact details
• Information about your beehives, including number and location
• Education and training details
• Employment details
• Financial details, including eligibility for Gift Aid
• Goods or services provided
• References to manual records or files
• Information relating to safety and health
• Complaint, incident, civil litigation, and accident details
• Online identifiers such as IP addresses and information regarding access to our web pages
• Family, lifestyle and social circumstances

The Special Categories that we could hold in certain circumstances include:

• Race
• Ethnic origin
• Physical health
• Sexual orientation

When we process special category data the following conditions will apply:

• The you have given us explicit consent to the processing of your personal data for one or more specified purposes
• Processing is carried out in the course of legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body, and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes, and that the personal data are not disclosed outside that body without the consent of the data subjects
• Processing relates to your personal data, and where it has been manifestly made
public by you
• Processing is necessary for the establishment, exercise, or defence of legal claims or whenever courts are acting in their judicial capacity
• Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1), which shall be proportionate to the aim pursued, respect the essence of the right to data protection, and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject

We may monitor and/or record and retain telephone calls, texts, emails, and other electronic communications to deter and prevent inappropriate activity and to ensure we are accountable for our behaviour.

Your personal information may be held on a computer system or in a paper record such as in a physical file or a photograph.

Whose data do we hold?

We may obtain, use, and disclose personal information relating to a wide variety of individuals including, but not limited to, the following:

• Members of the North Staffordshire Beekeepers Association (NSBKA), including the committee members, and ordinary members
• Guests of members at our meetings
• Suppliers
• Complainants, correspondents, and enquirers
• People who make donations
• Consumers of goods and services provided by us
• Relatives, guardians, and associates of data subjects whose personal data has been processed where it is appropriate to do so
• Advisers, consultants, interpreters, and other professional experts

What is our lawful basis for processing personal data?

Each business process involving personal data is independently assessed to determine its lawful basis. We process your personal data under article 6 of UKGDPR because:

• It is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract
• The processing is necessary for us to comply with the law (not including contractual obligations) to which the controller is subject
• The processing is in the legitimate interests of the data processor or the data subject, except where such interests are overridden by the interests or fundamental rights or freedoms of the data subject
• The processing is necessary to protect someones life
• The individual has given clear consent for us to process their personal data for a specific purpose

What do we do with personal data?

We obtain, hold, use, and disclose personal information to support our purposes including:

• Process payments and orders you have made for goods and services, and arrange for delivery of these goods and services
• Process applications to join the North Staffordshire Beekeepers Association (NSBKA) or renew existing memberships, including the processing of capitation fees to the BBKA and membership of the BDI
• Process a donation you have made
• Administration, including but not limited to, training and development, performance management, welfare of our members or those attending courses, conventions, or events organised through NSBKA, or helping you to arrange workshops, food and drink, and accommodation
• Carry out our obligations arising from any contracts entered into by you and the North Staffordshire Beekeepers Association (NSBKA)
• Provide honeybee swarm collection services
• To be accountable to the public, to be regulated by external bodies, and to be audited by third parties
• Coordinating your entries into any competitions
• Communicating with you, where you have requested this and we think the content may be of interest to you, including newsletters, information about campaigns, appeals, and other fundraising activities or activities, and notifying you of changes to our services
• Management of public relations, journalism, advertising and media
• Business Management including, but not limited to, finance and accounting, procurement, property, planning, insurance, internal review, auditing, health and safety, information technology systems including systems testing, and legal services
• Management of correspondence, including complaints, requests for information, and other contacts from the public or other organisations
• Research, including surveys and feedback into the services we provide
• Work in line with National and Local Government Authorities (e.g. Defra, NBU and Trading Standards) guide lines to meet obligations relating to the management of livestock
• Protect the rights, property, or safety of our supporters and customers

We will only use appropriate personal information necessary to fulfil a particular purpose or  purposes.

Personal information could be held on a computer or in a paper record.

Sometimes we may process personal data outside of the European Union. They may not have laws that protect the individual's right to privacy in a similar way to the United Kingdom (UK), but where this is the case, North Staffordshire Beekeepers Association (NSBKA) takes its own appropriate steps to ensure that personal data is protected in an equivalent way.

Where do we get data?

We may obtain personal information from a wide variety of sources including, but not limited to, the following:

• Our members, including volunteers, agents, and temporary / casual workers
• Other government agencies, private sector organisations, and voluntary or charitable organisations with similar aims and objectives, including the BBKA
• Central and local government, governmental agencies and departments, including but not limited to, Defra, Trading Standards, and Licencing Authorities
• Education, training establishments, and examining bodies
• Persons making an enquiry or complaint
• Auditors
• Individuals themselves
• Business associates and other professional advisors
• Suppliers, and other providers of goods or services
• Financial organisations and advisors, including credit reference agencies
• Survey and research organisations, including universities
• Approved organisations and people working with beekeeping associations
• Data Processors working on behalf of North Staffordshire Beekeepers Association (NSBKA)
• The media

Our website

We obtain information about you when you use our website. This happens when you visit our website, register to join the North Staffordshire Beekeepers Association (NSBKA), use our online store, contact us about products and services, donate, or if you register to receive one of our regular newsletters.

We use analytics on our websites and tracking of our emails to ensure the correct operation of both. The results of the email analytics are only made available to the originators of the emails and will not be shared with third parties unless it is required to do so by law enforcement agencies.

When you are using our secure online donation pages or make a purchase through the website, your donation or payment is processed by a third-party payment processor. This processor specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.

Our website may contain links to other websites run by other organisations. This privacy policy applies only to our website. We cannot be responsible for the privacy policies and
practices of other sites, even if you access them using links from our website. Equally, if visiting us via a link on another website, we cannot be responsible for the privacy policies and practices of the originating website.

If you use our services while you are outside the UK, your information may be transferred outside the UK to provide you with those services.

With whom do we share data?

Disclosure of personal information will be made on a case-by-case basis with the necessary
controls in place.

We may disclose personal information to a variety of recipients in any part of the world, including those from whom personal information is obtained. This includes, but is not limited to:

• Our members, including volunteers, agents, and temporary / casual workers
• The British Beekeepers Association
• Third party service providers working on our behalf
• Central and local government, governmental agencies and departments, including but not limited to, Defra, Trading Standards, and Licencing Authorities
• Education, training establishments, and examining bodies
• Other government agencies, private sector organisations, and voluntary or charitable organisations with similar aims and objectives
• Persons making an enquiry or complaint
• Auditors
• Individuals themselves
• Business associates and other professional advisors
• Suppliers, and other providers of goods or services
• Financial organisations and advisors, including credit reference agencies
• Survey and research organisations, including universities
• Approved organisations and people working with beekeeping associations
• Data Processors working on behalf of NS-BKA
• The media
• Regulatory bodies such as the Infornation Commissioner͛s Office
• Data Processors working on behalf of NS-BKA
• The media
• Emergency Services, law enforcement agencies e.g. Trading Standards, where is necessary to do so

We may disclose information to prevent harm to individuals.

We may disclose personal information to other bodies or individuals when required to do so by an act of legislation, rule of law, or by court order. We may also disclose personal information on a discretionary basis for the purpose of any legal proceedings or for obtaining legal advice.

We may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf. This could include for example, processing donations or website payments, to contact you via third party services, or to manage your membership.

When we use third party service providers, we disclose only the personal information that is necessary to deliver the service.

Direct Marketing

We will not sell or rent your information to third parties, and we will not share your information with third parties for marketing purposes.

We will not release your information to third parties beyond the BBKA and its other member associations for them to use for their own direct marketing purposes, unless you have specifically requested us to do so, or we are required to do so by law (for example, by a court order or for the purposes of prevention of fraud or other crime).

 

Retention

We keep personal data as long as is necessary for the particular purpose(s) for which it is held.

Information we process for the operation of our charity is (such as member and financial records) will be retained in accordance with our retention schedule.

We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of Gift Aid). We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as it is set out in any relevant contract you may hold
with us.

 

Consent

Where we rely on your consent to process your personal data, we will make sure that it is a clear and unambiguous indication of your wishes, that your decision to give consent is fully informed, and that it is freely given. We will also give you certain information at the time of obtaining your consent, including:

• Any third party controllers who will rely on the consent
• Specify exactly what data we are collecting, what we want to do with it, and why we need it
• How to withdraw your consent if you change your mind at a later date

Withdrawing your consent will be as easy as it was when you gave it. Where possible you will be able to withdraw your consent using the same method as when you provided it. By withdrawing your consent to processing, you will be done without you suffering any detrimental effect.

You can withdraw your consent by contacting us using the details at the beginning of this notice.

 

Marketing

You have a choice about whether you wish to receive information from us. If you do not want to receive direct communications from us about the vital work we do for beekeepers and their honeybees, or and our exciting products and services, then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.

We will not contact you for marketing purposes by email, phone call, or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us using the details at the beginning of this notice.

 

Principles

Article 5 of the General Data Protection Regulations (GDPR) sets out the main responsibilities for organisations. Find out more about what the Information Commissioner, the regulator for Personal Data, says about these principles.

 

How do we process your data lawfully, fairly and in a transparent manner?

North Staffordshire Beekeepers Associatioin (NSBKA) ensures the lawful processing of personal data by considering what personal data is collected, and how it is processed for all new projects. Our processes are informed by best practice, relevant subject matter experts, and are reviewed by the committee. This ensures information is collected, processed, and disposed of appropriately.

These pages exist to provide transparency for the processing of personal data by North Staffordshire Beekeepers Association (NSBKA).

How do we make sure that personal data is collected for specified, explicit, and legitimate purposes?

By considering what personal data is collected and processed for our activities. North Staffordshire Beekeepers Association (NSBKA) makes sure that personal data is only collected for a specified, explicit, and lawful purpose.

We regularly review our processing activities to check that the relationship, the processing, and the purposes have not changed. We have processes in place to refresh consent at appropriate intervals. We consider using privacy dashboards or other preference-management tools as a matter of good practice.

 

How do we ensure our processing of personal data is adequate, relevant, and limited to only what is necessary to achieve the purpose?

Collection of new data, and any changes in the way in which existing information is processed, are assessed by the North Staffordshire Beekeepers Association (NSBKA). Routine sharing of data with other entities is governed by information sharing agreements, which stipulates the conditions under which information can be shared, and outlines the minimum information required to achieve the purpose.

We regularly review our processing activities to check that the relationship, the processing, and the purposes have not changed. We have processes in place to refresh consent at appropriate intervals, including any parental consents. We consider using privacy dashboards or other preference-management tools as a matter of good practice.

 

How do we ensure personal data is accurate and kept up-to-date?

North Staffordshire Beekeepers Association (NSBKA) has internal processes in place so that committee members can be notified of suspected data quality issues.

If you think we hold inaccurate data about you, you can request its correction by using the details listed in the Individual Rights͛ section.

How do we ensure your data is not kept for longer than is necessary?

Physical files are subject to a robust management plan which ensures regular review and archiving in secure locations. Where IT systems permit, retention criteria are applied automatically. Where automatic retention cannot be applied for technical reasons, retention criteria are applied on a case-by-case basis by the relevant business area.

North Staffordshire Beekeepers association (NSBKA) may retain some information beyond the periods set out in the retention schedules for archiving purposes in the public interest, scientific or historical research purposes, and statistical purposes. Prior to retaining information in this way, the information is assessed to ensure that retaining it for these objectives is not incompatible with the original purpose for which it was collected.

If you think we are holding your personal data for longer than is necessary, or you wish to object to your data being held in the force museum you can request its deletion by using the details listed in the Individual Rights͛ section.

 

How do we ensure that personal data is processed in a manner that ensures appropriate security?

North Staffordshire beekeepers Association (NSBKA) follows good industry practice wherever possible. Where applicable, new systems are assessed for their security posture. Systems that are certified by independent security experts are preferred over those that do not.

Third parties who store or process data on our behalf are subject to the same standards as we would apply to our own organisation, and where appropriate, this requirement forms part of our contract.

Your rights

The General Data Protection Regulations and Data Protection Act 2018 reinforced existing rights by clarifying and extending them and by introducing new rights. Your information rights will be dependent on the reason why and how your data was collected and why it is being used.

These are your information rights.

 

The right to be informed

You have the right to be informed of certain information about our processing activities; we achieve this through this privacy notice. You have a right to receive concise, transparent, and intelligible information in a way that is easily accessible and free of charge.

If you need help understanding this information, or need this information in an alternative format, please visit the privacy notice page.

Your right of access

You have the right to ask us for copies of your personal information.

You have the right to confirmation that your data is being processed, to request a copy of the personal information we hold about you, and to some other supplementary information relating to your personal data. You can request this under a process called Subject Access. North Staffordshire Beekeepers Association (NSBKA) will not usually charge you a fee to apply for this information under Subject Access.

When requesting your own information, you will be asked to specify exactly what information you require us to provide. You will be required to provide proof of identification such as a passport or driving licence. Where a request for data is manifestly unfounded or excessive, especially if it is repetitive, we may either charge a reasonable fee based on the administrative costs of providing the service, or to refuse to respond. Where this is the case, we will explain why.

Some information we hold about you may be subject to an exemption. Exemptions are different depending upon whether the request is under the General Data Protection Regulations or the Data Protection Act Part 3 but can include:

• Information relating to other individuals (third party information), unless you provide their written consent and proof of their identity with your request.

We aim to reply to your request without delay, and in any case, within one month of receipt, however if the request is complex, or there are numerous requests, we may take up to three months to respond. If this is the case, we will notify you within the first month of the delay and explain why the extension is necessary.

Your right to rectification

You have the right to ask us to correct information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. Making such a request will not automatically result in the information being changed.

We may refuse to comply with a request for rectification if the personal data is processed:

• To exercise the right of freedom of expression and information
• To comply with legal obligation
• For public health purposes in the public interest
• Archiving purposes in the public interest, scientific or historical research, or statistical purposes
• To exercise or defend a legal claim

If we refuse to comply with your request for rectification, we will explain the reasons we are not acting, inform you of your right to complain to the ICO, and inform you of your ability to seek to enforce your request though a judicial remedy.

Where a request for rectification is manifestly unfounded or excessive, especially if it is repetitive, we may either charge a reasonable fee based on the administrative costs of rectification, or to refuse to respond. Where this is the case, we will explain why.

Where possible we will tell other organisations with whom we have disclosed your data that they need to update their records as well; we may not do this if it is impossible, or if it involves disproportionate effort to do so.

We aim to reply to your request without delay, and in any case, within one month of receipt, however if the request is complex, or there are numerous requests, we may take up to three months to respond. If this is the case, we will notify you within the first month of the delay and explain why the extension is necessary.

If you would like to have personal data we hold about you corrected, then please contact us using the details at the beginning of this notice.

Your right to erasure

You have the right to ask us to erase your personal information in certain circumstances.
These circumstances include:

• Where your personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
• If we rely on consent as the lawful basis for processing, and you withdraw that consent
• When you object to the processing and there is no overriding legitimate interest for continuing the processing
• Your personal data was unlawfully processed
• Your personal data has to be erased in order to comply with a legal obligation

We may refuse to comply with a request for rectification if the personal data is processed:

• To exercise the right of freedom of expression and information
• To comply with legal obligation, or for the performance of a public interest task, or exercise of official authority
• For public health purposes in the public interest
• Archiving purposes in the public interest, scientific or historical research, or statistical purposes
• To exercise or defend a legal claim

We aim to erase your data, or proǀide a reason why we won't, without delay, and in any case, within one month of receipt. If the request is complex, or there are numerous requests, we may take up to three months to respond. If this is the case, we will notify you within the first month of the delay and explain why the extension is necessary.

If we refuse to comply with your request for erasure, we will explain the reasons we are not taking action, inform you of your right to complain to the ICO, and inform you of your ability to seek to enforce your request though a judicial remedy.

Where a request for erasure is manifestly unfounded or excessive, especially if it is repetitive, we may either charge a reasonable fee based on the administrative costs of rectification, or to refuse to respond. Where this is the case, we will explain why.

Where possible we will tell other organisations with whom we have disclosed your data that they need to update their records as well; we may not do this if it is impossible, or if it involves disproportionate effort to do so.

If you would like to have personal data we hold about you erased, then please contact us using the details at the beginning of this notice.

Your right to restriction of processing

You have the right to ask us to restrict the processing of your information in certain circumstances. These circumstances include:

• Where you contest the accuracy of your personal data, but only until we have verified the accuracy of the personal data
• Where you object to the processing (where it was necessary for the purpose of legitimate interests), and we are considering whether our legitimate grounds override those of the individual
• When processing is unlawful and you oppose erasure and requests restriction instead
• If we no longer need the personal data but you require the data to establish, exercise or defend a legal claim

If we refuse to comply with your request for restriction, we will explain the reasons we are not taking action, inform you of your right to complain to the ICO, and inform you of your ability to seek to enforce your request though a judicial remedy.

Where a request for restriction is manifestly unfounded or excessive, in particular because it is repetitive, we may either charge a reasonable fee based on the administrative costs of rectification, or to refuse to respond. Where this is the case, we will explain why.

Where possible we will tell other organisations with whom we have disclosed your data that they need to update their records as well; we may not do this if it is impossible, or if it involves disproportionate effort to do so.

If you would like to have personal data we hold about you restricted, then please contact us using the details at the beginning of this notice.

We will tell you if we decide to lift a restriction on your personal data.

Your right to data portability

If we are processing your personal data using your consent or for the performance of a contract, and the information is being carried out by automated means, then you may request to receive personal data that you have provided to us in a structured, commonly used, and machine readable format. You also have the right to request that we transmit this data directly to another data controller.

If this technically feasible, then we will comply with the request, however, there may be legitimate reasons why we cannot undertake the transmission.

Where a request for transmission is manifestly unfounded or excessive, in particular because it is repetitive, we may either charge a reasonable fee based on the administrative costs of transmission, or to refuse to respond. Where this is the case, we will explain why.

If we refuse to comply with your request for transmission, we will explain the reasons we are not taking action, inform you of your right to complain to the ICO, and inform you of your ability to seek to enforce your request though a judicial remedy.

If you would like to have personal data we hold about you transmitted to you or another controller under this right, then please contact us using the details at the beginning of this
notice.

Your right to object to processing

You have the right to object to any processing based on the performance of a task in the public interest / exercise of an official authority, direct marketing, or processing for scientific or historical research, or statistical purposes.

Although you have the right to object to processing of your personal data for a task in the public interest, we do not always have to have to comply with the request. We will not comply if we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or that the processing is for the establishment, exercise, or defence of legal claims.

If we are processing your personal data for direct marketing, we will always comply with your right to object.

Where an objection is manifestly unfounded or excessive, especially if it is repetitive, we may
either charge a reasonable fee based on the administrative costs of complying with the request, or to refuse to respond. Where this is the case, we will explain why.

If we refuse to comply with your objection, we will explain the reasons we are not acting, inform you of your right to complain to the ICO, and inform you of your ability to seek to enforce your request though a judicial remedy.

If you would like to object to us processing your personal data, then please contact us using the details at the beginning of this notice.

Rights in relation to automated decision-making and profiling

We do not currently conduct automated decision-making or profiling. We have no current plans to implement this.

Review of this Policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

Last reviewed: April 2023
Next Review: January AGM