Our commitment to your privacy
We are committed to keeping your personal details safe. This policy explains how and why we use your personal data, to ensure that you remain informed and in control of your information. Any references to SRPG, or to ‘we’ or ‘us’ refer to: Somerset Rare Plants Group.
We use three key definitions to describe people mentioned in this policy. These are definitions used by the Information Commissioner’s Office (ICO), the UK’s independent body set up to uphold information rights (www.ico.org.uk)
‘Data subject’: this is you. As the data subject, we respect your right to control your data.
‘Data controller’: this is us, the SRPG. With your permission, we determine why and how your personal data is used (as outlined in this policy).
‘Data processor’: this is a person, or organisation, who processes your data on our behalf, with your permission.
Why do we collect your personal data?
We use your personal data to keep in touch with you. We will only ever collect, store and use your personal data when we have an identified purpose and reason to do so. The ICO refers to this as a ‘lawful basis’. Further information about why we collect your personal data is outlined below.
To store your biological records
If you submit biological records to SRPG we collect your personal data so we can keep in touch with you regarding your records.
As defined by the ICO, the lawful basis for processing your data for these purposes is ‘legitimate interest’.
What kind of personal data do we collect? How do we collect it?
We will usually collect basic information about you, including your name, postal address, telephone number, email address.
Most of the time, we collect this data from you directly. Sometimes this is in person; other times, it is over the telephone, in writing or through an email.
How do we store your data?
All of the personal data we process is processed by us, our members or volunteers in the UK. However, for the purposes of IT hosting and maintenance your information may be situated outside of the European Economic Area (EEA). This will be done in accordance with guidance issued by the Information Commissioner’s Office. Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means).
Data retention policy
We will only use and store information for as long as it required for the purposes it was collected for. We continually review what information we hold, and delete what is no longer required.