Privacy Notice

Data Controller: Buckinghamshire Army Cadet Force. We collect and process personal data relating to those who use our online shop to manage the relationship. We are committed to being transparent about how we collect and use that data and to meeting our data protection obligations. This Privacy Notice aims to provide you with a clear explanation of the personal data we hold and the purpose[s] for which it is held. What information do we collect? We collect and process a range of personal data about you/your cadet. This includes: · name, email address and telephone number · payment card information · payment amounts · clothing sizes · whether you are eligible for free school meals · details of events and courses booked · details of items purchased We may collect this information in a variety of ways. For example, data might be collected through our website or parental consent forms. Why do we process personal data? Your personal data will be processed to enable us to receive your payments and bookings, so we can enter into a contract with you and fulfil that contract. Who has access to your data? Your data will be shared with adult instructors who are organising and attending the event where it is necessary for them to have access to the data. Your details will also be shared with BHQ who ensure our records are maintained, including cadet training records. We use software provided by our website and payment providers to store your data. These companies employ extensive security measures for securing data, including encryption, password security, firewalls, and two-factor authentication. Save as explained above, we will not share your data with third parties for any other purpose without your express consent. Your data may be transferred outside of the UK to countries under either EU standard contractual clauses and the ICOs Addendum; or under an International Data Transfer Agreement (IDTA) – we can explain this to you in more details if you would like us to. How do we protect data? We take the security of your data seriously. We have internal policies and controls in place to try to ensure that your data is not lost, accidentally destroyed, misused or disclosed, and is not accessed except by those requiring access in the performance of their duties. Where we engage third parties to process personal data on our behalf, we do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data. For how long do we keep data? In line with data protection principles, we only keep your data for as long as we need it for, which will be at least 6 years plus the financial year you made your last purchase, so that we comply with HMRC rules. Your rights You have a number of rights. These are: · the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice · the right of access. You have the right to access the data that we hold about you and to receive a copy of your data and information about where it was sourced. To do so, you should make a subject access request · the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you are able to require us to correct it · the right to ask us for your data to be erased, for example, if you believe there is no longer any need for your data to be held for its original purpose, or if you decide to withdraw any consent that you have given for your data to be processed · the right to restrict the processing of the data. For example, if you believe the data, we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct · the right to portability. You may transfer the data that we hold on you to another organisation for your own purposes · you may have the right to object to the way we use your data if you do not agree that we are using it for our legitimate interests · the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision-making in a way that adversely affects your legal rights. We do not at this time profile using personal data, or make any automated decisions. Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases, we may continue to use the data where permitted by having a legitimate reason for doing so. If you would like to exercise any of these rights, please speak to your Detachment Commander, If you believe we have not complied with your data protection rights, you can complain to the Information Commissioner. Their contact details can be found on their website (www.ico.org.uk). Updated: November 2023