Affinity (also known as ‘BTU’ or ‘TBU’) is strongly committed to protecting your personal data. We deal with members on matters of great sensitivity and will always treat your personal details with the utmost care and respect. We will only use the information that we collect about you lawfully and transparently.
This statement explains how we collect, use and store personal data (this is any information relating to an identified or identifiable living person). The statement also explains the rights of anyone whose personal data we hold. Personal data may be obtained from individuals themselves or from others.
We hope that this statement will answer any questions you may have, but please do contact us if you require further information. Contact details can be found under the ‘Contact Details’ section of this statement.
The Legal Bases for Collecting and Processing Personal Data
Data protection laws set out a number of bases on which companies can collect and process personal data. We use the following:
1. Consent – in some cases, we rely on your consent to collect and process data. An example is when you agree to receive our newsletters by email.
2. Contractual obligations – sometimes, we need your personal data to comply with our contractual obligations. For example, if you want to register for our free personal accident insurance, we need to hold your date of birth.
3. Legal compliance – we may need to collect and process your personal data if required by law.
4. Legitimate interest – in some cases, we use your data in accordance with our need to run the union efficiently and effectively and serve you as a member. For example, if you use our discounted shopping voucher scheme, we might use your purchase history to send you details of new brands or special promotions. We might also use your home address to send you direct marketing information about our ancillary services.
When Do We Collect Your Personal Data?
When you visit our website.
When you complete a membership application form.
When you contact us by any means to join, to get advice or with general queries etc.
When you use our ancillary services.
When you ask us to provide information to you by email.
When we meet you in person.
When you complete any surveys we send you.
When you complete one of our forms.
When you’ve given a third-party permission to share with us the information they hold about you.
What Sort of Personal Data Do We Collect?
We do not sell or otherwise trade members’ data to or with any organisation.
We only provide members’ personal data to other organisations in the course of fulfilling our contractual obligations to you, when delivering our services to you or if required to do so by legal or other governmental and regulatory bodies.
The type of information we will collect about you includes your:
- Telephone numbers
- Email address
- Bank details
- Date of birth
- Work address
- Job title
- Pay grade
- Working hours
- Length of employment service
We also collect details of your interactions with us through our Membership Services Team, our Advice Team and our Area Officers. For example, if you contact our Advice Team by telephone to ask us for advice about a problem you have at work, we will record the information you give us for the duration of your membership.
We also hold copies of documents you send to us. For example, if you are subject to disciplinary action, we will retain copies of any correspondence you send us relating to that matter.
We will never collect sensitive information about you without your prior consent.
Why Do We Collect and Process Personal Data?
We will contact you by post, by telephone, by email or by text message or by the use of any similar technology in accordance with our need to run the union efficiently and effectively and serve you as a member. If you have given us your consent to contact you, this can be withdrawn at any time by emailing us at firstname.lastname@example.org or by letter.
We collect and process your data to:
1. Administer your membership of the union and to collect subscriptions;
2. Notify you of changes to our services;
3. Keep you informed of the latest news relevant to your employment, including our campaigns, industrial action and ballots;
4. For the purposes of providing individual advice and representation;
5. Provide information from the Union and our insurance provider, Plus Insurance, about the ancillary services we provide as part of your membership, such as our insurance schemes, our unique Free Benefits Scheme (free Travel Insurance, Income Protection, Personal Accident Insurance, Will and CV Writing services) and our discounted shopping voucher scheme;
6. For elections, such as to the Union’s District Committees and General Council;
7. To comply with the laws and regulations that apply to our activities.
Our Use of Computer Cookies
The rules on the use of computer cookies mean we need to ask for your consent to send them to your computer.
Cookies are small files stored on your computer which hold information specific to your use of particular websites. In our case, cookies allow the Affinity server to store your preferences so that the next time you visit our site the pages are tailored to your preferences, without you having to express those preferences again. You can usually modify your browser to prevent this happening. The information collected in this way could be used to identify visitors to our site, although as a matter of strict principle we do not do so.
A good example of the use of a cookie would be that if you give us consent to store cookies on your machine now, we will not have to ask you again because our server will know from information stored in your cookie that consent has been given already.
In addition, we may also use web server logs to evaluate our web site and discover for example which pages are most frequently visited. Information collected in this way will remain anonymous.
Further information on cookies can be found at https://www.aboutcookies.org.
Personal data will be held securely in accordance with our internal security policy and the law. We will not transfer your information outside the EEA (European Economic Area), except in a limited number of cases where we use essential services from non-EU third party companies (one example of which is Rocket Science Group LLP (otherwise known as MailChimp), a company we use to send our emails). We will only use processors certified as compliant with the EU Privacy Shield and committed to complying with the provisions of GDPR. For further information on the third party companies we use, please email us at email@example.com.
Our policies, procedures and training cover data protection, confidentiality and security of data. We conduct regular reviews to ensure that that we continue to hold data securely.
When and How We Share Personal Data
We will occasionally share personal data with third parties when legally permitted to do so. Contractual arrangements and security measures are put in place to ensure that data is protected and to ensure that our data protection, confidentiality and security standards are met.
Personal data held by us may be transferred to:
1. Trusted third party organisations that assist us in providing goods, services or information. An example of such an organisation would be an independent scrutineer appointed to conduct a statutory ballot of members.
We provide only the specific data the third party needs to provide their services and that data can only be used for the purposes set out in our contract with them. If we stop using their services, the data held by the third party will either be destroyed or anonymised.
2. Trusted third parties for their own purposes.
We will only do this in one very specific circumstance. With your consent, given at the time you provide your personal data, we may pass those data on to a third party for direct marketing purposes where we have agreed that that third party should be able to market its services to our members.
3. Auditors and other professional advisers.
4. Legal or other governmental and regulatory bodies or other third parties where we are required to do so by the law or the regulations under which we operate.
How Long Will We Keep Your Personal Data?
We only keep personal data for as long as is necessary for the purpose for which it was collected. At the end of that period, personal data is destroyed or anonymised so that it is used only in a non-identifiable way.
Changes to This Privacy Statement
We recognise our ongoing responsibility to ensure we treat your personal details with the utmost care and respect. Accordingly, this statement will be reviewed on an ongoing basis. Any change will take effect once the revised privacy statement is available on our website.
This privacy statement was last updated on 15th May 2018.
You have rights over your personal data which must be fulfilled by Affinity (as a Data Controller) at your request. The rights you have over your personal data include:
1. Access to your personal data:
You have the right to access the personal data we hold about you, which can be done by emailing us at firstname.lastname@example.org. We may charge for a request for access if the law permits us to do so. We will respond to any requests for data promptly and within the legally required time limit of one month from receipt of the request. If the request is complex or we receive a number of requests from you, that time limit may be extended by a further two months, in which case we will write to you within the first month to explain why the extension is necessary. It is important to understand that in most cases if members leave the union we delete any information we hold regarding representation previously provided to those members.
2. Amendment of personal data:
If you tell us that any personal data processed by us is no longer accurate, we will make amendments based on the information you provide us.
Your data can be updated in the following ways:
By email: email@example.com
By telephone: 01234 716005
In writing to:
3. Withdrawing your consent:
If you have given us your consent to process your data, you can withdraw consent at any time. For example, we will only send you our newsletters by email if you have given us your consent to do so. To withdraw your consent, please email us at firstname.lastname@example.org or, to stop receiving emails, please click on the unsubscribe link that appears in our emails.
4. Other rights:
You may also have other data subject rights, including the right to erasure or deletion of personal data, to object to or restrict our processing of personal data and finally a right to data portability. If you want to exercise these rights, please email us at email@example.com or write to us at:
If you want to make a complaint about how we process your personal data, please contact us by email at firstname.lastname@example.org or send us a letter to the address above. We will investigate and respond to any complaints we receive as quickly as possible.
You can also raise a complaint with the Information Commissioner’s Office (or ICO), which is the UK data protection regulator. More information on your rights and how to complain to the ICO can be found at https://ico.org.uk or by telephoning 0303 123 1113.
If you have questions about any aspect of this statement or how we process personal data, please contact us:
In writing at:
By email: email@example.com
By telephone: 01234 716005