The new European Union General Data Protection Regulations (GDPR) come into effect on 25th May 2018 and we have updated our Data Protection Policy to reflect the new regulations.  We take your privacy seriously and when you share your data with us we take care to protect it. 

The General Data Protection Regulations have eight important rights which are outlined below:

1. The right to be informed. This means that you have the right to know what we do with your data, why and how you can withdraw your consent for us to do that.
2. The right of access.  You have the right to know what data we store about you, check that it is accurate, or that it is being used lawfully and we will provide you with any data that we hold about you in the same format in which you made the request.
3. The right to rectification.  Should you believe the information we hold about you to be inaccurate then you may contact us and we will correct the information we store (including any 3rd parties).
4. The right to erasure (to be forgotten).  You may request that we erase the information which we hold about you. In order to comply with your wishes, we will have to cease providing you with the services.
5. The right to restrict processing.  You may ask us to restrict the processing of your personal information if you think it is inaccurate, you object to the processing, or you wish us to retain the information past the point at which we would normally remove it as you wish to establish or defend a legal claim.
6. The right to data portability.  You may request a copy of the data that we hold about you in a machine-readable format (for example an Excel spreadsheet or text file) for the purposes or re-using that data for any reason.
7. The right to object.  Should you object to our handling of your data in the areas of direct marketing, processing orders, or for any other reason, then you may inform us of your objection. If we agree with your written objection, and whilst we consider it, we will not use the data in the way to which you are objecting.
8. Rights in relation to automated decision making and profiling.  We may make automated decisions (via a computer algorithm) on certain aspects of the marketing materials that we send to you. We do not make any other automated decisions on your information. We do not make any decision on what the GDPR regulations suggest is special categories of personal information; nor make any decisions based on ethnicity, race, sex, gender or disability.

The personal data that you have provided for your membership record is held on a secure database managed by Corps Headquarters Adjutant General’s Corps.

Only our official security cleared staff can see and use your data in order to manage the Regimental Association business. The Regimental Association does not share your data with any other organisation, but may do in cases of Benevolence Applications to provide additional funding. Your personal information will not be used for another purpose without your consent.

You can ask for access to your personal data such as copies and other information about what we do with your data. You can also request that we change any incorrect personal data we have about you. You can also request that we delete your personal data, if it is no longer needed by us. 

We retain your personal data during your service and after you leave the services in order to validate your service in the Adjutant General’s Corps should you request assistance from us and for the Regimental Association to remain in contact with you to keep you updated with news and events and to send you the AGC Journal annually.

The Regimental Association undertake that all data collected will be dealt with lawfully in accordance with applicable data protection law (The General Data Protection Regulations which become law on 25 May 2018). The lawful grounds on which we process your data will be based on one or more of the following:

1. Where the processing is necessary in our organisation’s genuine interests as a charity or support provider. This is as long as this meets with your reasonable expectations and does not unreasonably interfere with your privacy rights. Normally this will be one of the reasons for processing your data, but this may change dependent on your personal circumstances.
2. Where we have your consent to use this data (or your explicit consent in relation to sensitive personal data, where a benevolence case is being processed).
3. Where we are under a legal duty to use or show your data.
4.  Where the processing of your data (including sensitive personal data) is in your or someone else’s vital interests such as a critical health, welfare or security issue.
5. Where necessary to perform a contract to which you are a party or steps at your request to enter into a contract.
6. For sensitive personal data, we may need to use your data as necessary for the establishment, exercise or defence of legal claims.

The Regimental Association is an ‘Assistance Provider’ and will receive sensitive data as part of Benevolence Applications. The Regimental Association will only record the sums paid to applicants and the reason for the payment and will not record any other sensitive data that is received as part of the benevolence application. This data will be retained for seven years. Your data may be shared with other support organisations so that we can meet your needs and find you additional support. Anonymised data will be kept to look at statistical information so that the Regimental Association can improve its work.

When your information is passed to another support organisation, in order to provide additional assistance, in the case of Benevolence Applications, they will then look at the best way to find you support. Different organisations have their own privacy policies and they may be different to this policy.

When collected, your data will be held by us and other support organisations for purposes in accordance with data retention policies that have been established in accordance with statutory requirements and codes of practice issued by the Information Commissioners Office.

Some organisations that provide funding to meet Benevolence Applications may retain records of the payment for up to seven years for accounting purposes. Please note that where a grant is awarded, the organisation providing that grant will retain this information for at least seven years.

If you have any questions about our data protection policy, or about the data we hold, then please contact Corp Headquarters. https://www.rhqagc.com/contact.html 

If you are not satisfied with our response, you have a right to complain to the Information Commissioner’s Office. See www.ico.org.uk.