Data Privacy Statement
Following the introduction of the new General Data Protection Regulations (GDPR), which came into force of 25th May 2018, we would like to let you know what the Hampshire Astronomical Group does with personal data given to it by members of the public.
Firstly, we strongly believe in protecting your personal data which is why we collect only the absolute minimum data where necessary.
Basis for obtaining Personal Data
When signing up for any visits to the Group, either privately organised or public open evening/day visit, the minimum of information is obtained so that we can fulfil our part of the ‘contract’ to provide you with a service (the visit). This data is deleted each August – after the visit season. The reason for the delay is so that we can communicate with visitors about their visit – often because property has been left at the observatory and we would like to reunite property with its owners.
When anyone wishing to become a member of the Hampshire Astronomical Group applies for membership the minimum personal contact details will be collected by the Group for the basis of contacting you.
The Group operates a 24 hr CCTV system within the observatory for the purposes of safety and security. Images are erased after 30 days.
The Group lawfully processes your personal data; by which we mean we will create a list (name only) for your visit so that our volunteers on duty will know who to expect to visit on the evening/day. We will remove personal data after the visit and record visit statistics for our future planning.
We do not share, give, sell or otherwise pass on any personal data to other organisations. The technical exception is where we hold the data on a ‘cloud’ and where our internet service provider performs a service to the Group such as hosting our website. We have ensured that both these organisations are also GDPR compliant and hold data securely and in accordance with the European GDPR regulations. These internet companies will not contact you, send Spam, adverts or other forms of communication as a result of our contract with them.
The Group would be required to share personal data if required to do so by law. Such circumstances would include for the prosecution of any offence committed. Also personal data would be shared if there are any legal disputes between the Group and any person.
You have the right to ensure that we process your personal data fairly and where we do hold your personal data, that information is accurate.
You have to right to ensure that we do not hold personal data about you longer than is necessary and to have that data removed (also known as the right to be forgotten or the right to erasure). However, we do remove your personal data in the case of visits annually. As described, if you wish this data is removed sooner, please contact the Group.
Data subject request
To make a request to see what data we hold, what processing the Group does with your personal data or to have data erased, you should contact the Group. You can make that request by emailing firstname.lastname@example.org or writing to us at the address on our website. The Group will have 28 days to respond to your request. There is no fee attached to making this request.
Data Breaches and Complaints
If you believe there has been a data breach with your personal data, you should immediately contact the Group by emailing email@example.com or writing to us at the address on our website.
The data breach will be investigated and findings reported back to you.
Further information regarding GDPR and making a complaint to a higher authority can be found at the Information Commissioners Office at www.ico.org.uk
Should you require any further details, please do not hesitate to contact the group.