1. About this policy
This policy describes how we will collect and use personal data about you. There are words and phrases in the policy that have a specific meaning or that we are using in a particular way, in accordance with GDPR regulations. They are:
- “personal data” – any information about an identifiable living human being
- “process” anything we do with personal data, such as: collecting, recording, organising, storing, adapting, altering, retrieving, using, combining, disclosing, or deleting it
- “special category data” personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation, health, genetic or biometric data.
If you have queries about how we use your data, or comments or questions about this Policy, please do email us. The email address to use is set out in section 2 below.
Policy updates: We keep this Policy under regular review, it may be updated from time to time.
2. Who are we?
|Name||ODHE Network Ltd|
|Company Directors||Sara Corcoran and Simon Inger|
|Company Registration Number||11433124|
|Data Retention Period(s)||Prospective members: 12 months.
Members, suppliers & finance: 5 years
Former members: 3 years
|Date this Policy last updated||21st September 2021|
3. What information do we process, and why?
As a membership organisation we have a legitimate interest in processing your data to provide you with the services and information you have requested.
a) Prospective members
Most of the information we process comes from you. We process it so we can reply to you, and when you contact us again, we know what you asked before, what you were sent, and what you told us. Typically, we collect names, job titles, contact details, and background information directly provided by you. You are free to refuse our request for personal information, with the understanding that we may be unable to provide you with some of your desired services. We will retain a copy of all correspondence that we exchange, whether by email, post or via our website enquiry form, for our data retention period (see Section 2).
If we email you individually using our own email system or respond to an email sent to us at any of our business email addresses, a copy of that email will also be stored.
If you make an enquiry via our website, we will keep details of that enquiry and response for our data retention period (see Section 2).
If you sign up to a newsletter list, you will be sent what you asked for. You can unsubscribe at any time by clicking the unsubscribe button on a newsletter email. You are not automatically subscribed to any other lists.
We do not routinely keep and do not process special category data. To the extent we hold this, it was supplied or made publicly available by you.
When you subscribe as a member of the ODHE Network, we will collect information from you at the point of registration. This will include the information we collect from prospective members. We collect your email address and postal address so we can provide what we have contracted to, invoice you and keep proper records of our business relationship.
We process your data to support the delivery of the services you have bought. We keep records of the services provided to you, and information you give us, so we can support you when needed.
We collect information on potential and actual suppliers. Typically this is names and contact details together with background information directly provided by you or published by you on social media or on the internet, on good and services we might be interested in.
If you become a supplier we keep a copy of the contract between us and your bank details so we can pay you. We also keep a record of invoices/payments for accounting purposes.
We keep a record of the work you undertook along with any comments, reviews or suggestions about that work including complaints (if any) and their resolution.
This information is all needed to manage our customer relationships and our supply chain.
The main communication channel for members of the ODHE Network is the JISC mailing list: ODHEG@jiscmail.ac.uk. It is used to send information about both residential and virtual events and information for members, as well as requests for support from within the membership. The information supplied to JISC is subject to their Privacy Notice.
You can unsubscribe from emails at any time, but we may then be unable to provide the services you have paid for.
From time to time, we may contact individual members. This would normally be if something odd were going on and we wanted to check you could see and use the content or find out what was causing a problem.
5. Data sharing – 3rd parties
We collect information from you to enable us to organise events, and this information is passed to accommodation providers. We will not supply your contact details with this information.
We keep a list of the software platforms we use to run our business. If you would like a list of all the platforms we use, please email us (at the email address included in the table in section 2, above).
Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and practices of these sites, and cannot accept responsibility or liability for their respective privacy policies
6. Where is your data located?
Like most small businesses, we do not have any tailor-made software – we use mainstream packages for everything from our membership records, to email, to accounting.
This means that some of your data may be held in the EEA, and some may be held in services in the USA (with suitable data privacy shields) or elsewhere. We have picked mainstream suppliers with appropriate security standards.
The ODHE records and documents are stored in a secure repository which is accessible to the Co-Chairs and Administrator and is compliant with EU data protection regulations.
7. Retention periods
Your information will be kept for the length of time set out in our retention period (see Section 2).
We need to keep member and supplier information long enough to satisfy HMRC and our insurers. We keep information on prospective members long enough to ensure our customer service and response is effective.
You will remain on the list(s) you joined until you unsubscribe from that list or until one year after your membership has lapsed.
8. Your rights
You have the right to know what information we are collecting on you, and to amend it if it is inaccurate.
If you feel we have information we should not be keeping, or it is out of date or otherwise wrong, please let us know and we will take appropriate action.
Most of the information we hold is not based on your individual consent but is based on our needing the information to run our business and provide our services.
If you want to know what information (if any) we have about you, email us at the email address shown in the table included in Section 2 above and give us your name, email address(es) and we will happily do a search and let you know what information we hold on you and how we are using it/have used it.
You have a “right to be forgotten” – but that does have some legal limits to it. If you want us to remove information about you, let us know. If you have been a member, we may not be able to remove all data as we will have to ensure that we can continue to comply with legal, accounting, taxation and our insurer’s requirements.
If you have a complaint about the way we are handling your information or how we have responded to a request for information or removal, you can take this up in the first instance by emailing us at the email address shown in Section 2.
If we can’t sort it out, you are within your rights to contact the Information Commissioner for the UK.