Data Usage and Data Protection Statement
Purpose of Policy
This policy describes how ONTRACK Rail Users’ Association collects and processes your personal data as part of the task of representing the interests of rail passengers around North East Essex (more especially around Thorpe-le-Soken, Kirby Cross, Frinton-on-Sea, Walton-on-the-Naze, and Clacton-on-Sea), but also promoting and encouraging the improvements of the rail services around North East Essex region.
It is important that you read this policy together with any other data related notice that we may declare on specific occasions when collecting or processing personal data about our members or where the general travelling public is concerned.
Data Controller and Data Processor
The data controller, collecting the information provided by ONTRACK members, in association with our task of representing the interests of rail passengers around North East Essex, may be contacted via email@example.com. The data processor, who is processing the information provided by ONTRACK members, in association with our task of representing the interests of rail passengers around North East Essex, may also be contacted via firstname.lastname@example.org.
The data controller and the data processor, collecting and processing the information from the ONTRACK website, in association with our task of representing the interests of rail passengers around North East Essex, may be contacted via email@example.com, which is also our web manager and technical expert/advisor.
The Data ONTRACK Collects
Personal data, or personal information, is any information about an individual from which that person can be identified. Personal data does not include information where the identity has been removed or is anonymous.
We collect and process (store, transfer and use) different kinds of personal data, which is outlined as follows:
- ONTRACK membership/supporter data. Contact data: As per the membership form, the personal data collected and processed is: name, postal address, landline phone number, mobile number and email address;
- ONTRACK membership/supporter data. Communications data: Your preference to receive news developments whereby your views can make a difference with regard to rail services in North East Essex;
- Electronic mail and contact form enquiries data. Contact data: If the website contact form is used, the personal data collected and processed is: name, a telephone number (optional) and email address. If we are contacted directly via electronic mail then the name and email address (at the very least) will be collected and processed;
- Website Comments Data. Comments made into the new blog section of the website will be recorded into the database. Web users who want to comment need to subscribe. The personal data collected and processed is as follows: email address, IP address (minimal data profile), and optionally the personal data profile can also include name and subscriber’s website address (if they have one);
- Website Functional Data. Various procedures are in place to protect the website from illicit online activities. Personal data will be recorded and processed as a consequence. Statistical data is also recorded, this will include IP address and which pages have been visited and online documents downloaded. Use and content of contact form submissions is recorded for a limited time. Use and commenting on blog articles is recorded for a limited time.
How Your Personal Data is Collected
With the ONTRACK membership, personal data is collected using the membership form, or the membership renewal form. This is collected either as the electronic version or paper version of the membership form.
The membership form is readily available from the ONTRACK website and can be printed out and filled in, or the form can be filled in at the AGM and handed in person to one of the ONTRACK representatives.
With the website contact form an email is generated and sent to the data processor’s computer email application. With direct email communication, the email message is also sent to the data processor’s computer email application. Messages are stored on a password protected and firewall protected computer.
Website comments data and website functional data is stored in the MYSQL database. The website data controller will be alerted by email when a new subscriber account request is made. Readily available WordPress plugins are used to record and monitor website activities to ensure no illicit online activities take place. The plugins used to collect data are WP Statistics, Wordfence, WP Mail Log and WP Security Audit Log.
How We Use Your Personal Data
With ONTRACK members, your personal data is only used to inform you of our work, news and developments, and meetings regarding the rail services in North East Essex. We encourage members to be proactive in our task to represent the interests of fellow rail passengers in this region.
With the personal data used in conjunction with the ONTRACK website operations, it our task to maintain a website that is safe to use by all, that is uncompromised by illicit online activities, and is data secure for those using the website, be it using the contact form, downloading documents, reading the news blog, or even commenting on our articles. Website activities and statistics are recorded for a maximum of 12 months and then automatically deleted.
Change of Purpose
We will only use your personal data for the purposes for which we collected it (as previously outlined). If another reason arises for which we need to use your personal data we will contact you first to gain consent.
Note that we may process your personal data without your knowledge or consent where this is required or permitted by law.
Disclosure of Personal Data
We do not sell, distribute or otherwise make personal data commercially available to any party, except as described in this policy or with your prior consent.
Protection of Your Personal Data
We take the security of the personal data we hold seriously, both membership personal data and website based personal data. Policies and procedures are in place to safeguard it from loss and misuse.
We also have procedures to deal with any suspected personal data breach and will notify you of breach where we are legally required to do so.
Good security practices are in places, namely: strong passwords; updated antivirus and firewalls; up to date Windows operating system installations, up to date Microsoft Word and Outlook applications, up to date WordPress installation and latest plugins in use at all times.
Length of Time Processed Personal Data Is Stored
With ONTRACK memberships, personal data is stored as long as the individual is a member. Once membership is closed, the personal data will be removed from our records with immediate effect.
With web based personal data stored, contact form messages are recorded by the WP Mail Log plugin and stored for a maximum of 30 days. The web activities stored by the WP Security Audit Log plugin are kept for 12 months. Blog comments, if deemed helpful to an article, will be kept online indefinitely, but the owner of the comment will always be able to remove comments at any time. If a subscriber to the blog wishes to delete their account, they can do so themselves at any time. Deletion of a subscribers account will automatically delete all their comments from the blog as well.
Your Legal Rights
We assume responsibility for keeping an accurate record of personal data once you have submitted the information. Please inform us of any changes to your information, or in the case of the blog, subscribers must update their email address by logging in at any time to the website user interface.
You are entitled to:
- Request access to your personal data;
- Request the correction or deletion of your personal data;
- Object to the processing of your personal data;
- Request a restriction of processing your personal data;
- Withdraw consent at any time, where we are relying on consent to process your personal data.
To exercise any of the above rights, please contact firstname.lastname@example.org for membership related personal data or email@example.com for web related personal data or contact ONTRACK Rail Users Association in writing to 2 Ashmole Drive, Kirby Cross, Frinton-on-Sea, Essex, CO13 0RX. Alternatively, use the contact form on the ONTRACK website https://www.ontrackrailusers.org.uk
If you are concerned about an alleged breach of privacy law or any other regulation by ONTRACK please contact firstname.lastname@example.org who will ensure that your complaint is investigated.
You also have the right to complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues.