HPS Privacy Statement
This is the privacy statement of the Highland Pony Society (HPS). In this statement ‘we’, ‘us’, ‘our’ or similar refers to HPS. ‘You’ or similar refers to the data owner. This Policy is under review and will be updated as appropriate. It was last updated in August 2018.
The General Data Protection Regulation (GDPR) is a new regulation designed to strengthen and unite the data protection processes for all individuals within the EU. GDPR applies to any organisation processing an EU citizen’s personal data irrelevant of where the company is based.
GDPR has placed new obligations on organisations processing personal data and has conferred additional rights on data owners. This document describes how the HPS complies with the requirements of GDPR.
Personal information we collect
Information we collect from you is :
- Name and preferred contact name
- Contact address and postcode
- Telephone number (landline and / or mobile)
- Email address
- Date of birth for junior members only
Sensitive personal data
HPS does not record sensitive personal data.
Council Members and others are required to comply with certain requirements set by Company Law and other regulations in order to fulfil their roles in the society. The HPS does not require individuals to submit sensitive information to the Society, but rather asks them to review and confirm they comply with relevant requirements (e.g. Fit and Proper Person) as part of their consideration of whether they may wish to undertake the role.
How we collect data
Data is only collected from the data owner. Some information may be submitted to us indirectly but must be supplied and signed by the data owner. For example, if a passport is applied for by a person who is not the breeder, they will be required to obtain the breeder’s details and signature.
The main channels through which we collect information are :
- Paper forms
- Our website
What we do with your personal information
HPS only uses personal data to meet its obligations as a Passport Issuing Organisation and to meet the needs of members. The principle ways data is used are to :
- Meet our legal responsibilities as an Equine Passport Issuing Organisation (PIO) as defined in the relevant legislation.
- Provide information as required by regulatory, statutory or enforcement bodies.
- Provide member services and support that members receive as a benefit of membership.
- Provide members with our newsletter (biannually) and Stud Book (annually). Current member details are published in the annual Stud Book and for exhibitors in the Breed Show Catalogue.
- Promote activities incidental to the operation of the society and our members’ interests (e.g. members’ and judges’ study days, annual dance etc).
- Facilitate the general operation of the Society, such as providing information about the society, its activities and undertakings, and general communications with data owners by post, email or telephone.
- Carry out identity verification, complaint investigation and detection of potential fraud.
- Enable full use of our website.
- Understand members’ needs and how they may be met.
- Maintain records as required to meet the reasonable expectations of our members and contacts.
- Carry out current and historical analysis of the breed and membership to provide information to support decision making.
What we do not do with your personal information
The HPS only uses data where directly required for the operation of the Society. The HPS does not:
- Use personal data for marketing purposes that are not incidental to the operation of the breed society (e.g. informing members of local shows).
- Make personal data available to third parties (save those specified below) or marketing organisations.
- Use personal data for modelling, profiling or in automated decision making.
Who we share your personal information with
The organisations with whom we do or may share personal data with are :
- Regulatory, statutory or enforcement bodies as required to meet our statutory requirements as a PIO.
- Grassroots Systems Ltd. Grassroots Systems Ltd are our software supplier and provide us with offsite data security facilities and backup member support. We have a General Data Protection (GDPR) Regulations compliant data processing agreement in place with them to ensure personal data is managed in compliance with GDPR.
- The Rare Breeds Survival Trust (RBST) for the purposes of breed analysis. Note that only skeleton personal information (name and region) is passed to the RBST for the purposes of geographic analysis.
- In the event of the HPS ceasing trading, our PIO operations will be taken over by The Shetland Pony Stud Book Society. This is a statutory requirement and only the specified statutory information will be passed to them. There is no data sharing at any other time.
How we process data
Data is processed using an industry standard software package. This package is used to store and process data and to produce the outputs supplied to members, passport holders, and bodies with whom we share data.
This system is held on a password protected computer in the office of the HPS. Encrypted backups are held locally, on the Cloud and by our support provider.
All outputs shared electronically to other bodies are encrypted
There is special protection for the personal data of a child. The age when a child can give their own consent is 16. If HPS requires consent from young people under 16, consent will be obtained from a parent or guardian in order to process the child’s personal data lawfully.
How long do we retain personal information
- Information relating to the breeder of a pony, and anyone who owned a pony, will be retained for a minimum of 35 years.
- Information relating to members who are neither breeders nor pony owners will be retained as long as they are members, and thereafter for research and analysis purposes.
- Personal data relating to deceased ponies, will be kept indefinitely for the purposes of historical research and to maintain the historical integrity of the studbook.
- Other information such as that relating to suppliers, press, equine industry contacts and others who we contact or who contact us in the course of the society’s operations will be kept as long as its retention and use is in ways the data owner could reasonably expect us to use their data.
1. Access to information.
You have the right to be supplied with a copy of the personal data that we hold about you. Where such a request is made we will provide this information.
2. Correcting information.
The HPS will endeavour to make sure that all personal data is correct and current. You have the right to ask us to correct any data that you believe is not correct or current, and we will make the required changes.
3. Deletion of personal data.
You have the right to ask us to delete your personal data where :
- You consider that it is no longer required to meet statutory or contractual needs. Note that such data can only be deleted if the statutory or contractual need has lapsed.
- You consider that the personal data held is in excess of what is required to meet statutory or contractual needs, in which case the excess information can be requested to be deleted.
- We are using information with your consent and you withdraw that consent.
- You have lodged a valid objection to our use of that information.
4. Data portability.
We only share your information where doing so does not conflict with our legal obligations as a PIO.
5. Right to Object.
Individuals have the right to object on the basis of ‘grounds relating to his or her particular situation’.
Changes to this privacy statement
The HPS will keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained from the HPS Office.