Highland Pony Society Privacy Policy

This is the privacy statement of the Highland Pony Society (HPS). In this statement ‘we’, ‘us’, ‘our’ or similar refers to HPS. ‘You’ or similar refers to the data owner. The Policy is under review and will be updated as appropriate.  

Background

The General Data Protection Regulation (GDPR) is a new regulation designed to strengthen and unite the data protection processes for all individuals within the EU. GDPR applies to any organisation processing an EU citizen’s personal data irrelevant of where the company is based.

GDPR has placed new obligations on organisations processing personal data and has conferred additional rights on data owners. This document describes how the HPS complies with the requirements of GDPR.

Personal information we collect.

Information we collect from you is :

·       Name and preferred contact name.

·       Contact address and postcode.

·       Telephone number (landline and / or mobile).

·       Email address.

·       Breeding prefix (if applicable).

·       Taxpayer status (as required for Gift Aid processing).

Bank details are only acquired where we have been supplied with a paper banker’s standing order form. In this case, they are only held for the period that the document is on our premises prior to despatch to the relevant bank.

Sensitive personal data.

HPS does not record sensitive personal data relating to health or criminal records.

Council Members and others are required to comply with certain requirements set by Company Law and other regulations in order to fulfil their roles in the society. The HPS does not require individuals to submit sensitive information to the Society, but rather asks them to review and confirm they comply with relevant requirements (e.g. Fit and Proper Person) as part of their consideration of whether they may wish to undertake the role.

How we collect data.

Data is only collected from the data owner. Some information may be submitted to us indirectly but must be supplied and signed by the data owner. For example, if a passport is applied for by a person who is not the breeder, they will be required to obtain the breeder’s details and signature.

The main channels through which we collect information are :

·       Paper forms

·       Our website

·       email

·       telephones

 

What we do with your personal information.

HPS only uses personal data to meet its obligations as a Passport Issuing Organisation and to meet the needs of members. The principle ways data is used are to :

·       Meet our legal responsibilities as an Equine Passport Issuing Organisation (PIO) as defined in the relevant legislation.

·       Provide information as required by regulatory, statutory or enforcement bodies.

·       Provide member services and support that members receive as a benefit of membership.

·       Provide members with our newsletter (biannually) and Stud Book (annually). Current member details are published in the annual Stud Book.

·       Promote activities incidental to the operation of the society and our members’ interests (e.g. members’ and judges’ study days, annual dance etc).

·       Facilitate the general operation of the Society, such as providing information about the society, its activities and undertakings, and general communications with data owners by post, email or telephone.

·       Carry out identity verification, complaint investigation and detection of potential fraud.

·       Enable full use of our website.

·       Understand members’ needs and how they may be met.

·       Maintain records as required to meet the reasonable expectations of our members and contacts.

·       Carry out current and historical analysis of the breed and membership to provide information to support decision making.

What we do not do with your personal information.

The HPS only uses data where directly required for the operation of the Society. The HPS does not:

·       Use personal data for marketing purposes that are not incidental to the operation of the breed society (e.g. informing members of local shows).

·       Make personal data available to third parties (save those specified below) or marketing organisations.

·       Use personal data for modelling, profiling or in automated decision making.

Who we share your personal information with.

The organisations with whom we do or may share personal data with are :

·       Regulatory, statutory or enforcement bodies as required to meet our statutory requirements as a PIO.

·       Grassroots Systems Ltd. Grassroots Systems Ltd are our software supplier and provide us with offsite data security facilities and backup member support. We have a General Data Protection (GDPR) Regulations compliant data processing agreement in place with them to ensure personal data is managed in compliance with GDPR.

·       The Rare Breeds Survival Trust (RBST) for the purposes of breed analysis. Note that only skeleton personal information (name and region) is passed to the RBST for the purposes of geographic analysis.

·       In the event of the HPS ceasing trading, our PIO operations will be taken over by The Shetland Pony Stud Book Society. This is a statutory requirement and only the specified statutory information will be passed to them. There is no data sharing at any other time.

How we process data.

Data is processed using an industry standard software package. This package is used to store and process data and to produce the outputs supplied to members, passport holders, and bodies with whom we share data.

This system is held on a password protected computer in the office of the HPS. Encrypted backups are held locally, on the Cloud and by our support provider.

All outputs shared electronically to other bodies are encrypted.

Children

There is special protection for the personal data of a child. The age when a child can give their own consent is 16. If HPS requires consent from young people under 16, consent will be obtained from a parent or guardian in order to process the child’s personal data lawfully.

How long do we retain personal information

·       Information relating to the breeder of a pony, and anyone who owned a pony, will be retained for a minimum of 35 years, or until 2 years after the death of the pony as required by legislation.

·       Information relating to members who are neither breeders nor pony owners will be retained as long as they are members, and thereafter for research and analysis purposes unless we are requested to remove it.

·       Personal data relating to deceased ponies, will be kept indefinitely for the purposes of historical research and to maintain the historical integrity of the studbook.

·       Other information such as that relating to suppliers, press, equine industry contacts and others who we contact or who contact us in the course of the society’s operations will be kept as long as its retention and use is in ways the data owner could reasonably expect us to use their data.

Your Rights

1.    Access to information.

You have the right to be supplied with a copy of the personal data that we hold about you. Where such a request is made we will provide the information within 30 days.

2.    Correcting information.

The HPS will endeavour to make sure that all personal data is correct and current. You have the right to ask us to correct any data that you believe is not correct or current, and we will make the required changes.

3.    Deletion of personal data.

You have the right to ask us to delete your personal data where :

·         You consider that it is no longer required to meet statutory or contractual needs. Note that such data can only be deleted if the statutory of contractual need has lapsed

·         You consider that the personal data held is in excess of what is required to meet statutory or contractual needs, in which case the excess information can be requested to be deleted.

·         We are using information with your consent and you withdraw that consent.

·         You have lodged a valid objection to our use of that information.

4.    Data portability.

You can ask us to pass your information to another organisation. We can only pass such data where doing so it does not conflict with our legal obligations as a PIO.

5.    Right to Object.

In addition to the right to have personal data deleted, individuals have the right to object on the basis of ‘grounds relating to his or her particular situation’ to:

·         processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)

·         processing for purposes of scientific/historical research and statistics.

Changes to this privacy statement

The HPS will keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained from the HPS Office.

May 2018