1. Policy: Principle and Extent
It is our intention at the Register of Qualified Genealogists (RQG) to comply, as a UK registered company, with both British data protection legislation and with the General Data Protection Regulation (GDPR) of the European Union. We will seek also to operate within legal constraints applicable in countries where members live, to the extent that these are compatible with our primary obligations.
It is our policy to seek to protect data within our control in a manner compliant with the seven principles of the GDPR. These are, in summary, that personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with these purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
- and that the controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1.
We understand that your privacy is important to you and that you care about how your information is used and shared both off- and on-line. We respect and value the privacy of all members, and everyone who visits our website, and will collect and use information only in ways that are useful to you and necessary to us and in a manner consistent with your rights and our obligations under the law.
2. Scope – What Does This Policy Cover?
3. What Data Do We Collect?
We may collect and process the following data about you:
- Information you provided to us. You may voluntarily give us information about yourself by filling in forms on our site or by corresponding with us by e-mail or otherwise. In particular this includes information you provide when applying for membership of RQG and may include your name; contact information such as your address, e-mail and telephone number; your business website; details of qualifications achieved or being studied; a digital copy of your qualification certificate; and consent to notices.
- Information you seek to broadcast. Members may choose to provide information which is included on their member profile and which is visible to any user of the RQG website. By providing a member profile you provide implicit permission for that data to be shared globally through exposure on our website.
- Information we collect about you. Some data will be collected automatically each time you visit our site:
o technical information including IP address; browser type and version; operating system and platform;
o information about your visit, such as a list of URLs starting with a referring site, your activity on our site, and the site you exit to.
For further details, please see the section below on Cookies.
None of the data we collect comes within the definition of ‘sensitive’ under the Data Protection Act 2018 (e.g. racial, ethnic, sexual, political, religious, health, offending).
4. How Do We Use Your Data?
All personal data is stored securely in accordance with the principles of the Data Protection Act 2018. For more details on security see section 5, below.
We use your data to provide the best possible [products and] services to you. This includes:
- Providing and managing your Membership account;
- Providing and managing your access to our site;
- Personalising and tailoring your experience on our site;
- Supplying our services to you;
- Communicating with you on administrative and news-worthy matters;
- Responding to communications from you.
We provide facilities to allow members to expose personal data of their choice on the website in the form of a personal profile. RQG takes no responsibility for the content of profiles, though reserves the right to moderate over language used and claims made.
We are obliged by the Companies Act to keep registers of members (though not for students who are not members of the company), a copy of which are lodged electronically and available for public inspection in person at the Registered Office. The information provided is the member’s name, address, date of membership commencing and terminating, and the amount guaranteed (£1). A register of directors is also kept.
We are required by law to make annual returns to Companies House on our accounts. No personal data is required for that purpose. Financial transactions are reported in summary form. Directors’ details are also kept on the Companies House website.
5. How and Where Do We Store Your Data?
We keep your data only for as long as we need to in order to use it as described above in section 4, and/or for as long as we have your permission to keep it. Data gathered as part of the membership application process is stored in a Cloud-based facility. Access to that data is restricted to duly elected or co-opted members of the Board of RQG under the guidance of our Data Protection Officer.
Data on financial transactions with members will be held for at least six years to comply with accounting practice.
Some or all of your data may be stored or transferred outside of the European Economic Area (“the EEA”) which consists of all EU member states, plus Norway, Iceland and Liechtenstein. You are deemed to accept and agree to this by using our site and submitting information to us. If we do store or transfer data outside the EEA, we will take all reasonable steps to ensure that your data is treated as safely and securely as it would be within the EEA and under the Data Protection Act 2018. Such steps may include, but not be limited to, the use of legally binding contractual terms between us and any third parties we engage and the use of the EU-approved Model Contractual Arrangements.
Data security is of great importance to us, and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure data collected through our site.
Notwithstanding the security measures that we take, it is important to remember that the transmission of data via the internet may not be completely secure and that you are advised to take measures to protect your own use of the internet.
6. Do We Share Your Data?
We will not share your data with other organisations or sell it to them. We will not buy personal data from other organisations and we will not seek to obtain personal data from publicly accessible sources.
We will share details of name, e-mail address and/or postal address, personal business website and social media identifiers that you have provide to us, with authorised members for the purpose of communicating on company business. This use is authorised by members at the time of applying for membership.
We may compile statistics about the use of our site including data on traffic, usage patterns, user numbers, sales and other information. All such data will be anonymised and will not include any personally identifying information.
In certain circumstances we may be legally required to share certain data held by us, which may include your personal information, for example, where we are complying with the requirements of legislation, a court order, or a governmental authority. We do not require any further consent from you in order to share your data in such circumstances and will comply as required with any legally binding request that is made of us.
You may access certain areas of our website without providing any data at all. However, to use all features and functions available on our site you may be required to submit or allow for the collection of certain data.
7. Intentionally omitted
8. Your Data Protection Rights
Under the GDPR you have the right to:
- have inaccurate personal data rectified, or completed if it is incomplete;
- ask for a copy of your own personal data held by us. If you wish to see that please contact us for more details using the contact details below;
- have personal data erased, in certain circumstances. This is the so-called ‘right to be forgotten’;
- restrict the processing of your personal data, in certain circumstances, and for a certain period of time;
- data portability, i.e. the right to receive personal data in a structured, commonly-used, and machine-readable format, and to request that it be transmitted directly to another data controller;
- object to the processing of your personal data, i.e. stop processing it [which will have the effect of cancelling membership].
The nature of these rights has been explained in greater detail by the Information Commissioner’s Office. Their guidance can be found at: ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
9. What are Cookies?
A cookie is a small text file containing an identifier (a string of letters and/or numbers) which is sent to your computer or mobile device by a web server and is stored by your browser. The identifier is then sent back to the server each time your browser requests a page from the server.
Cookies are either “session” cookies or “persistent” cookies: a session cookie is deleted at the end of the user session, when the web browser is closed; a persistent cookie, however, will be saved on your device and will remain valid until its set expiry date, unless deleted earlier by the user.
Cookies do not typically contain any information that personally identifies you, but personal information that we store about you may be linked to the information stored in and obtained from cookies.
Cookies can be used by web servers to identify and track users as they navigate different pages on a website and identify users returning to a website.
10. What Cookies Do We Use and What For?
We do not use third-party/advertising cookies.
All cookies used by and on our site are used in accordance with current UK and EU cookie law.
The following cookies may be placed on your device:
You can choose to enable or disable cookies in your internet browser. Most internet browsers also enable you to choose whether you wish to disable all cookies or only third-party cookies. By default, most internet browsers accept cookies, but this can be changed. For further details, please consult the help menu in your internet browser or the documentation that came with your device.
You can choose to delete cookies at any time. However, you may lose any information that enables you to access our site more quickly and efficiently including, but not limited to, login and personalisation settings.
It is recommended that you keep your internet browser and operating system up-to-date and that you consult the help and guidance provided by the developer of your internet browser and manufacturer of your computer or device if you are unsure about adjusting your privacy settings.
12. Contacting Us
Please ensure that your query is clear, particularly if it is a request for information about the data we hold about you.
Effective Date: 01 November 2018