Normandy Memorial Trust, 56 Warwick Square, London SW1V 2AJ
The data we collect about you and how we collect it
“Personal data”, or “personal information”, means any information about an individual from which that person can be identified.
How we use your personal data
We will only use your personal data when the law allows us to and for the purposes set out in this Policy.
- When you give your consent
- When necessary to comply with a legal or regulatory obligation
- For our legitimate interests or those of a third party, provided that your interests and fundamental rights and freedoms do not override those interests.
Purposes for which we will use your personal data
We have set out below a description of the ways we may use your personal data.
- We process personal data lawfully, fairly and in a transparent manner.
- We collect personal data only for specified, explicit and legitimate purposes.
- We process personal data only where it is relevant, and we limit the data to what is necessary for the purposes of processing.
- We keep accurate personal data and take all reasonable steps to ensure that inaccurate personal data is rectified or deleted without delay.
- We keep personal data only for the period necessary for processing.
- We adopt appropriate measures to make sure that personal data is secure, and protected against unauthorised or unlawful processing, and accidental loss, destruction or damage.
- We explain the reasons for processing your personal data, how we use such data and the legal basis for processing in our privacy notices. We do not process personal data of individuals for other reasons.
- We will update personal data promptly if you advise us that your information has changed or is inaccurate.
- We keep a record of our processing activities in respect of personal data in accordance with the requirements of the General Data Protection Regulation (GDPR).
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us using the details set out above.
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so. We may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.
We will only retain your personal data for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
We will take all reasonable steps to ensure that your personal data is treated securely and in accordance with this Policy.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
We may use your personal data to form a view on what we think you may want or need, or what may be of interest to you.
You will receive marketing communications from us if you have requested information or services from us and you have opted in to receiving marketing communications.
You can ask us or third parties to stop sending you marketing messages by contacting us at any time.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Your Legal Rights
Under data protection law you have the following rights in respect of your personal data:
- to request information regarding the personal data that we hold about you and the source(s) of that information. You can request a copy of any personal data we hold about you. This service is usually free of charge, although we have the right to charge a ‘reasonable fee’ in some circumstances;
- to request that we rectify any inaccuracies in relation to the personal data we hold;
- in some circumstances, to request the erasure of your personal data or object to the processing of your data;
to object to any direct marketing;
- in some circumstances, to request that your personal data be transferred to you or a new provider if the data is processed automatically;
- to withdraw consent to us processing your personal data. This will not affect the processing already carried out with your consent; and
- to lodge a complaint with a supervisory authority. In the UK, this is the Information Commissioner’s Office. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.
- If you wish to exercise any of the rights set out above, please contact us using the details set out in this policy.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to a person who does not have the right to receive it.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.