Privacy Notice – The Friends of Oxford Botanic Garden & Arboretum
In the course of completing the application document, you have provided information about yourself (‘personal data’). We (The Friends of Oxford Botanic Garden & Arboretum) are the ‘data controller’ for this information, which means we decide how to use it and are responsible for looking after it in accordance with the General Data Protection Regulation and associated data protection legislation.
How we use your data
We will use your data to service your membership. This includes sending renewal information, sending Friends of Oxford Botanic Garden & Arboretum newsletters, sending What’s On leaflets and Friends of Oxford Botanic Garden & Arboretum flyers or invitations for events you are entitled to attend. If you buy membership as a gift your details and your association with that membership will be recorded. We need to process your data for this purpose in order to fulfil our contractual obligations to you or to take steps at your request prior to entering into a contractual relationship.
We will also use your personal data to invite you to support the work of the Oxford Botanic Garden & Arboretum by volunteering, making a donation, buying a raffle ticket, or getting involved in fundraising activities. If you make a donation, we will use any personal information you give us to record the nature and amount of your gift, claim gift aid where you have told us you are eligible, and thank you for your gift. We need to process your data for this purpose in order to meet our legitimate interests in supporting the work of Oxford Botanic Garden & Arboretum.
All our communications with you will be by post, unless you give us permission to contact you by email. You can give us this permission by ticking the box on the form and providing your email address.
We will only use your data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another related reason and that reason is compatible with the original purpose. If we need to use your data for an unrelated purpose, we will seek your consent to use it for that new purpose.
Who has access to your data?
Access to your data within the Friends of Oxford Botanic Garden & Arboretum will be provided to those who need to view it as part of their work in carrying out the purposes described above.
We may share your data with University of Oxford, such as to enable you to attend events. The data sharing agreement we have with the University of Oxford requires them to take appropriate security measures to protect your data in line with our policies. We do not allow them to use your data for their own purposes. We permit them to process your data only for specified purposes and in accordance with our instructions.
Retaining your data
We will only retain your data for as long as we need it to meet our purposes, taking into account our legal obligations and tax or accounting rules. We will retain your financial data for 7 years, even after you have ceased to be a member. If you tell us you no longer wish to be a member, for example by cancelling your direct debit, we will retain your personal data for as long as is necessary to update our records. If you do not renew your membership we will retain your personal data for one year after you cease to be a member.
Your data will be held securely on a password-protected electronic database.
Where we store and use your data
We store and use your data on University premises, in both manual and electronic form.
Electronic data may be transferred to, and stored at, a destination outside the European Economic Area ("EEA"), for example, when we communicate with you using a cloud based service provider that operates outside the EEA such as MailChimp.
Such transfers will only take place if the country receiving the data is considered by the EU to provide an adequate level of data protection; or the organisation receiving the data is covered by an arrangement recognised by the EU as providing an adequate standard of data protection e.g. transfers to companies that are certified under the EU US Privacy Shield.
- The right to request access to your data (commonly known as a "subject access request"). This enables you to receive a copy of your data and to check that we are lawfully processing it.
- The right to request correction of your data. This enables you to ask us to correct any incomplete or inaccurate information we hold about you.
- The right to request erasure of your data. This enables you to ask us to delete or remove your data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your data where you have exercised your right to object to processing (see below).
- The right to object to the processing of your data, where we are processing it to meet our public tasks or legitimate interests (or the legitimate interests of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your data for direct marketing purposes.
- The right to request that the processing of your data is restricted. This enables you to ask us to suspend the processing of your data, for example, if you want us to establish its accuracy or the reason for processing it.
- The right to request the transfer of your data to another party
Further information on these rights is available from the Information Commissioner’s Office.
Depending on the circumstances and the nature of your request it may not be possible for us to do what you have asked, for example, where there is a statutory or contractual requirement for us to process your data and it would not be possible to fulfil our legal obligations if we were to stop.
If you wish to exercise any of the rights described above or raise any queries or concerns about our use of your data, please contact us at email@example.com or The friends of Oxford Botanic Garden & Arboretum, Rose Lane, Oxford, OX1 4AZ