This Policy explains how The Lance Corporal Nicky Mason Memorial Fund will use any personal information that we may collect about you when you use our website
B. Collecting personal information
The following types of personal information may be collected, stored, and used:
information about your computer including your IP address, geographical location, browser type and version, and operating system;
information about your visits to and use of this website including the referral source, length of visit, page views, and website navigation paths;
information, such as your email address, that you enter when you register with our website;
information that you enter when you create a profile on our website—for example, your name, profile pictures, gender, birthday, and employment details;
information, such as your name and email address, that you enter in order to set up subscriptions to our emails and/or newsletters;
information that you enter while using the services on our website;
information that is generated while using our website, including when, how often, and under what circumstances you use it;
information relating to anything you purchase, services you use, or transactions you make through our website, which includes your name, address, telephone number, and email address;
information contained in any communications that you send to us by email or through our website, including its communication content and metadata;
any other personal information that you send to us.
Before you disclose to us the personal information of another person, you must obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy
We do not hold any payment details on file, either physically or electronically. All payment details are taken in the strictest of confidence in line with The Payment Card Industry Data Security Standard (PCI DSS).
Any payment details entered on to the The Lance Corporal Nicky Mason Memorial Fund website for retail orders are via the payment platform PayPal or Stripe. These details are entered and stored in accordance with PayPal and Stripe's own privacy policies.
C. Using your personal information
Personal information submitted to us through our website will be used for the purposes specified in this policy or on the relevant pages of the website. We may use your personal information for the following:
administering our website and business;
enabling your use of the services available on our website;
sending you goods purchased through our website;
sending statements, invoices, and payment reminders to you, and collecting payments from you;
sending you non-marketing commercial communications;
sending you email notifications that you have specifically requested;
sending you our email newsletter, if you have requested it (you can inform us at any time if you no longer require the newsletter);
dealing with inquiries and complaints made by you relating to our website;
keeping our website secure and prevent fraud;
verifying compliance with the terms and conditions governing the use of our website
Your personal data is processed by The Lance Corporal Nicky Mason Memorial Fund, located in the United Kingdom. Hosting and storage of your data takes place within the European Economic Area (EEA).
We may transfer your data to other third parties (including the police, law enforcement agencies, credit reference and fraud prevention agencies and other bodies) to protect our or another person's rights, property, or safety, in connection with the prevention and detection of crime.
We will not, without your express consent, supply your personal information to any third party for their or any other third party’s direct marketing.
D. Disclosing personal information
We may disclose your personal information to any of our employees, officers, insurers, professional advisers, or suppliers as reasonably necessary for the purposes set out in this policy.
We may disclose your personal information:
to the extent that we are required to do so by law;
in connection with any ongoing or prospective legal proceedings;
in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
Except as provided in this policy, we will not provide your personal information to third parties.
E. Retaining personal information
This Section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations regarding the retention and deletion of personal information.
Personal information that we process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
Notwithstanding the other provisions of this Section E, we will retain documents (including electronic documents) containing personal data:
to the extent that we are required to do so by law;
if we believe that the documents may be relevant to any ongoing or prospective legal proceedings; and
in order to establish, exercise, or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk).
F. Security of your personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse, or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall-protected) servers.
All electronic financial transactions entered into through our website will be protected by encryption technology.
You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
You are responsible for keeping the password you use for accessing our website confidential; we will not ask you for your password (except when you log in to our website).
We may update this policy from time to time by publishing a new version on our website. You should check this page occasionally to ensure you understand any changes to this policy. We may notify you of changes to this policy by email or through the private messaging system on our website.
H. Your rights
You have the right to access to any information that we hold relating to you. Requests must be made in writing and proof of identification is required to protect your information and to ensure it is not disclosed to unauthorised parties.
Should you believe that any personal data we hold on you is incorrect or incomplete, you have the ability to request to see this information, rectify it or have it deleted.s
I. Third party websites
Our website includes hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. You can set your browser not to accept cookies and the below websites tell you how to remove cookies from your browser. If cookies are disabled some features of our website may not function. For further information visit: www.aboutcookies.org or www.allaboutcookies.org.
In the event that you wish to complain about how we have handled your personal data, please contact us at email@example.com or write to us at The Lance Corporal Nicky Mason Memorial Fund, 25 High Street, Aveley, Essex, RM15 4BE. We will then look-into your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Information Commissioner's office ICO and file a complaint with them.
The strives to comply with applicable laws and regulations related to Personal Data protection in all countries where the Company operates.
This Policy sets forth the basic principles by which the Company processes the personal data of consumers, customers, suppliers, business partners, employees and other individuals, and indicates the responsibilities of its business departments and employees while processing personal data.
This Policy applies to the Company and its directly or indirectly controlled wholly-owned subsidiaries conducting business within the European Economic Area (EEA) or processing the personal data of data subjects within EEA.
Company - The Lance Corporal Nicky Mason Memorial Fund
EEA - European Economic Area
GDPR - General Data Protection Regulation
Personal Data - Any information relating to an identified or identifiable person ("Data Subject") who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
Data Controller - The natural or legal person, public authority, agency or any other body, which alone or jointly with others, determines the purposes and means of the processing of personal data
3. Basic Principles Regarding Personal Data Processing
Article 5 of the GDPR requires that personal data shall be:
a. Processed lawfully, fairly and in a transparent manner in relation to the data subject (‘4. lawfulness, fairness and transparency’);
b. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘5. lawful purposes’);
c. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘6. data minimisation’);
d. Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘7. accuracy’);
e. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘8. storage’);
f. Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘9. security’).
g. Data controllers must be responsible and accountable for and be able to demonstrate compliance with the principles outlined above. ('10. accountability')
4. Lawful, fair and transparent processing
To ensure its processing of data is lawful, fair and transparent, individuals have the right to access their personal data and any such requests made to the Company shall be dealt with in a timely manner.
5. Lawful purposes
All data processed by the Company must be done on one of the following lawful bases: consent, contract, legal obligation, vital interests, public task or legitimate interests.
Personal data must only be processed for the purpose for which they were originally collected. In the event that the Company wants to process collected personal data for another purpose, the Company must seek the consent of its data subjects in clear and concise writing. Any such request should include the original purpose for which data was collected, and also the new, or additional, purpose(s). The request must also include the reason for the change in purpose(s). The Person responsible for Data Protection matters is responsible for complying with the rules in this paragraph
Where consent is relied upon as a lawful basis for processing data, evidence of opt-in, consent shall be kept with the personal data.
Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent will be clearly available and systems should be in place to ensure such revocation is reflected accurately in the Company's systems.
6. Data minimisation
The Company shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
The Company shall take reasonable steps to ensure personal data is accurate.
Where necessary for the lawful basis on which data is processed, steps shall be put in place to ensure that personal data is kept up to date. When requests to correct, amend or destroy personal data records, the Information Security Manager must ensure that these requests are handled within a reasonable time frame.
To ensure that personal data is kept for no longer than necessary, the Company shall put in place an annual review to consider what data should/must be retained, for how long, and why.
The Company shall ensure that personal data is stored securely using modern software that is kept-up-to-date.
Access to personal data shall be limited to personnel who need access and appropriate security will be in place to avoid unauthorised sharing of information.
When personal data is deleted this should be done safely such that the data is irrecoverable.
Appropriate back-up and disaster recovery solutions shall be in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, the Company must perform an internal investigation and take appropriate remedial measures in a timely manner. Where there is any risk to the rights and freedoms of data subjects, the Company must notify the relevant data protection authorities without undue delay.
Any employee who violates this Policy will be subject to disciplinary action and the employee may also be subject to civil or criminal liabilities if their conduct violates laws or regulations.