‘ACESL’ Organisation Privacy Notice
|Our contact details||Association of Carrying Educators and Sling Libraries CIC|
|Registered office address||55 Thornfield Avenue, Farsley, Leeds, LS28 5HJ|
Data Protection Officer:
Mrs Lindsey Scorer Stretton-Hill
Work mobile 07899 644 527
1) What type of information we have
We currently collect and process the following information:
- Personal identifiers, contacts and characteristics (for example, name and contact details)
- Level of qualification within the carrying and babywearing industry
- Date of birth for identification purposes only
- Website management related information (see section 4 below)
2) How we get the information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
- To ensure all members are appropriately qualified for the level of membership
- To all members are over the age of 16, and that we can ensure we safeguard the under 18’s
- To ensure we can offer the appropriate linked membership benefits
- To ensure the safety of all our members, as well as promoting safer carrying of children for all
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
- Your consent. You are able to remove your consent at any time. You can do this by contacting email@example.com with the e-mail header “ICO: the right to be forgotten”.
- We have a legitimate interest, such as furthering the work of ACSL in supporting the profession.
3) What we do with the information we have
- We only share that which we are legally required to do.
- The directors have access to appropriate information, in order to carry out their role.
Or, with consent:
- in line with membership benefits e.g. CPD access (see below)
We respect the right of privacy to all the data we hold. Currently:
i) we request your consent to share specific information with the linked insurance companies in order to access the special discount rates: Name and Surname known by, DOB, Membership number, date of joining, and legal name if different.
If you decline permission to go on the insurance list, you will need to provide the appropriate evidence directly to the insurance company at the time of applying.
ii) Educare – CPD package. Requires the minimum information of your name and surname (known name), e-mail address. (We work with bodies to ensure the minimums are provided only.)
iii) visual media – permission granted via a consent form. The consent form is held, image is watermarked and/or only then used, in accordance with permission slip and the ACESL logo will then form part of the images future use. E.g. a member uploads images ACESL can use for their website, and/or share with other members. ACESL image and watermark will be on the image, members must use the image in accordance with ACESL requirements.
iv) Other ‘sign-up events’, will make it clear which advice and information are required at the time of signing so that each member can choose to consent or not.
4) Website inbuilt settings
Users of our website provider should be aware that:
- When visitors leave comments on the site the data is collected (as shown in the comments form), alongside the visitor’s IP address and browser user agent string to help spam detection.
- After approval of your comment, your profile picture is visible to the public in the context of your comment.
- If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
- If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
- If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
- When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
- If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
- If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
- For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information
ACESL’s choice was to utilise a mainstream commonly used website provider in order to minimise risk to any user.
5) How we store your information
ACESL stores all electronic information within secure online cloud storage. We used recognised mainstream ‘secure’ cloud storage. Electronic data is secured via encrypted mobile devices, using passwords secure back ups.
Paper-based data: is held securely lockable filing cabinets
ACESL follows security advice regarding passwords, with access attempt warnings and 2 factor authentication.
|We consider there are several types of personal information.||We will dispose of information accordingly.|
|i. Personal private information: name/s, address, e-mail address, DOB, phone number, information that is not publicly listed on any website search)||Removed between 6 and 12 months after active membership expired. Removed if ‘right to be forgotten’ request received|
|ii. Personal information: The private details of any individual that is listed on a website e.g. known nameThis can be expanded to include details of any CRB/DBS checks||Kept for as long as is necessary and reasonable.|
|iii. Professional information: including business and other typically publicly available information||Removed upon request, or if data is found to be out of date or misleading, or breaches our codes of conduct.|
|iv. Administrative record keeping: consent forms, and other administrative request forms.||These records may or may not be kept. However, archive records are kept as a PDF for as long as is necessary and reviewed bi-annually by directors. A proforma for removal of information will be kept so that the process is transparent, but still ensures will keep consent forms in case of requirement. Visual Media Consent forms are kept as a PDF as long as images are held by us – as proof of ownership and right of use.|
|iv. Administrative website: data retained by the website provider outside the remit of our management||These records will be kept in line with the website providers standards terms of practice.|
6) Your data protection rights
Under data protection law, you have rights including:
Your right of access – You have the right to ask us for copies of your personal information.
Your right to rectification – You have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Your right to erasure – You have the right to ask us to erase your personal information in certain circumstances.
Your right to restriction of processing – You have the right to ask us to restrict the processing of your information in certain circumstances.
Your right to object to processing – You have the right to object to the processing of your personal data in certain circumstances.
Your right to data portability – You have the right to ask that we transfer the information you gave us to another organisation, or to you, in certain circumstances. If you wish to make a request, you are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at 55 Thornfield Avenue, Farsley, Leeds, LS28 5HJ or firstname.lastname@example.org
7) How to complain
All other complaints should be directed to: Nicola Lawson, Lead Director ACESL in the first instance. email@example.com
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address:
Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow Cheshire, SK9 5AF
Helpline number: 0303 123 1113
Should there be any issues, in the first instance the DPO will carry out a review of the situation ideally within 48 hours, and within a maximum of 5 days. The Directors will receive the report and move forward in light of the feedback and discussion. If appropriate, the ICO will be informed as well as any of those affected.
The procedures and examples from the ICO will be followed. Should the DPO be unavailable another Director will either stand in, or nominate an appropriate replacement.
This policy will be reviewed annually by the DPO in association with the Directors. It may be updated at anytime to reflect any changes.
ACESL is registered with the ICO and follows the guidance relevant to ACESL.
Last updated on 22/05/2020.