Scalefour Society Privacy Statement

This statement is also available as a PDF.

General Data Protection Regulation 2018

25th May 2018

1. Introduction

The Scalefour Society is a society that promotes accurate railway modelling to a scale of 4mm to one foot, and has a membership mainly in the UK but also in other countries across the world. As an essential part of its activities, the Society collects and manages its members’ data. In doing so, the Society observes UK data protection legislation, and is committed to protecting and respecting its members’ privacy and rights.

In order to ensure that members are reliably informed about how we operate, the Society has developed this Privacy Statement. This Privacy Statement describes the ways in which the Society collects, manages, processes, stores and shares information about you as a result of your membership of the Society. This Privacy Statement also provides you with information about how you can have control over the use of your data.

You should note that the Society will be reviewing this Privacy Statement on a regular basis in order to keep you fully up-to-date with our approach to data protection and privacy. If you have any comments or queries regarding our use of your data please contact the Society’s General Secretary by email at: secretary@scalefour.org or by post to: General Secretary (for address details see the ‘Blue Sheet’, Scalefour News or Society Website)

2. What Information Do We Collect About You

The information that we collect about you may include your name, home address, date of birth, e-mail address, telephone number, as well as relevant financial and credit card information. This is referred to as your "personal data". We collect this data in a number of different ways. For example, you may provide this data directly when filling in a membership application form, or when corresponding with us by telephone, e-mail or letter, or when ordering goods or services from the Society (electronically or otherwise).

There are no occasions when we will collect any sensitive information about you (known as "special categories of data") which might include, for example, details about your racial or ethnic origin, or data relating to your health. Should it ever be necessary for us to ask you for this type of data, we will provide you with separate details about how we will protect that information at that time.

3. How Will We Use That Information?

Currently, we use your data for the following purposes:

4. How Long Will We Keep Your Data?

Unless you ask us to do so, we will never keep your data for longer than is necessary for us to complete financial transactions or whilst you remain a member of the Society. However, we are required by HMRC to retain details of the Society's income, including your payments, for an extended period, currently six years. Personal data of members who have left the Society will be retained indefinitely in case they rejoin at a later date and for the Society's archive.

5. With Whom Do We Share Your Personal Data?

We work with a number of external suppliers who support our activities. This includes organisations that are critical to fulfilling customer orders as well as those that help us with circulation of our publications.

Notwithstanding the above, we assure you that we will only exchange your data with another organisation where, with your explicit consent, it is necessary to provide goods or services, or where it is necessary to fulfil a legal obligation of the Society.

We will never sell your personal data to any external organisation.

6. How Can You Access The Personal Data We Hold?

You have the right to ask us, in writing, for a copy of all the personal data we hold about you. This is known as a "Subject Access Request". Except in exceptional circumstances (which we would discuss and agree with you in advance), you can obtain this information at no cost.

We will send you a copy of the information within 28 days of receipt your request.

To make a Subject Access Request, please write to our Membership Secretary (for address details see the ‘Blue Sheet’, Scalefour News or Society Website).

7. Updating or Amending Your Personal Data

If, at any time, you want to update or amend your personal data or consent preferences, please contact our Membership Secretary, as above. Any requested and legitimate changes will take effect within 28 days of receipt of your request.

8. Data Privacy and Security

The Society's officers, processes and systems view the protection and security of our members' data as of high importance. Officers in any capacity responsible for personal data are required to maintain the data in encrypted form, on systems secured against improper use or corruption through internet security breaches. Officers transferring data to other officers use encryption protocols comparable to those of banks and government agencies. In addition, officers dealing with members' financial information are required to follow, and re-certify annually, compliance with, the Data Security Standards of the payment card industry, identical to those used in banking and e-commerce generally. All officers, on taking up their posts, are made aware, in writing, of these requirements, and reminded when key documents, such as membership lists, are distributed.

9. Disclaimers

Every effort is made to ensure that the information provided in this Privacy Statement is accurate and up-to-date, but no legal responsibility is accepted for any errors or omissions contained herein. We cannot accept liability for the use made by you of the information on the Society website or in this Privacy Statement or in any of the Society's publications, neither do we warrant that the supply of the information will be uninterrupted. All material accessed or downloaded from the Society website is obtained at your own risk. It is your responsibility to use anti-virus or anti-malware software.

This Privacy Statement applies solely to the data collected by us, and therefore does not apply to data collected by third party websites and services that are not under our control. Furthermore, we cannot be held responsible for the Privacy Statements of third parties, and we advise users to read these carefully before registering any personal data.

10. Accessibility Statement

Should you require a copy of this Privacy Statement in a different form, please contact our General Secretary as described in section 1 above. We cannot guarantee that we can fulfil all requests, but we will endeavour to help you as much as is practical.

11. General

The Data Controller of the Society is the Committee of The Scalefour Society, c/o General Secretary (for contact details see the ‘Blue Sheet’, Scalefour News or Society Website).