Description of processing
The following is a broad description of the way this organisation/data controller processes personal information. To understand how your own personal information is processed you may need to refer to any personal communications you have received, check any privacy notices the organisation has provided or contact the organisation to ask about your personal circumstances.
Reasons/purposes for processing information
We process personal information to enable us to administer membership records.
We process personal information to enable comments and downloads.
Type/classes of information processed
We process information relevant to the above reasons/purposes. This may include:
financial and membership details
visual images, personal appearance and behaviour
We also process sensitive classes of information that may include:
physical or mental health details
racial or ethnic origin.
suspicious activity or behaviour
We process personal information about:
consultants and professional experts
complainants and enquirers
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themself and also with other organisations. Where this is necessary we are required to comply with all aspects of the Data Protection Act (DPA). What follows is a description of the types of organisations we may need to share some of the personal information we process with for one or more reasons.
Where necessary or required we share information with:
- police forces
- security organisations
- central and local government
- NHW, business crime reduction partnerships, shopwatches, pubwatches and similar schemes including regional and national schemes
- consultants and professional advisers
- suppliers, providers of goods and services for events
- people making an enquiry or complaint
- healthcare professionals, social and welfare organisations
It may sometimes be necessary to transfer personal information overseas. When this is needed information is only shared within the European Economic Area (EEA). Any transfers made will be in full compliance with all aspects of the data protection act and GDPR and PrivacyShield
JoomlaSussex process the following information as a requirement to being a member.
Your email address
Under the GDPR; the following rights are detailed.
We transfer data to other members, which may include police forces, and via the internet cloud service to and from servers hosted in the UK, EU and USA under the privacyshield agreement.
Rights of access:
A member who is registered on our system has the right to be provided with the personal data and information on processing, recipients, data transfers, and subsequent rights (such as the right to complain to a supervisory authority, or the right to request rectification, erasure, or a restriction on future processing).
Right to Rectification
If any change of circumstances occur, it is the members responsibility to ensure they update their details via the profile/members page or via the gdpr contact form .
Right to Erasure (Right to be Forgotten)
Subject to certain conditions, a data subject has the right to request the erasure of his or her personal data held by a data controller, via the gdpr contact form this usually occurs at the end of the membership.
We have the ability under the GDPR to decline an erasure request if it falls within one of the several exclusions in Article 17(3).
Right to Restriction of Processing
Personal Data provided by the member via the profile page may be removed via the member.
People who are confirmed to be listed on the website, and have provided sufficient proof they are listed, and on submission of full identification, may request copies of their data and their requests under their rights under Article 15 must be clearly detailed via the gdpr contact form
Notification Obligation for Controllers
We will notify each member of any event impacting data rectification, erasure, or restriction. If the data subject requests details on recipients, the data controller is required to supply it.
Right to Object
A data subject has the right to object to the processing of his or her personal data at any time where the legal basis is "the performance of a task carried out in the public interest," "the exercise of official authority vested in the controller," or for the purposes of the "legitimate interests" of the controller or a third party (Article 6(e) and (f)).
The data subject can also object to processing for the purposes of direct marketing and profiling for direct marketing activities.
Automated individual decision-making, including profiling.
We do not participate in this activity.
We do currently engage 3rd party data processors Google analytics.These are recognised as universal 3rd party processors. eg google for adsense, analytics and recpatcha
Records of Processing Activities
We keep records of applications,
Members logins time and dates (including log out)
Data adjustment requests,
IP addresses used to visit and contact forms.
Security of Processing Data
Our servers are protected by SSL encryption. Our website is members login protected, IP tracked for administrative works. Members can update data without going through the site administrator, data controller, or data processors first.
Transfers of Personal Data to Third Countries or International Organizations.
Our servers are based in the EU and USA. Our USA servers are considered to conform to EU-US Privacy Shield.
Data loss prevention.
All data is held on the website under details above.
We do not allow shared logins.
We recognise the consent requirements. Becoming a member post GDPR will require you to consent to receiving information and your details as the membership requires. You can withdraw consent but that may affect your website use.
Per GDPR date, you may in future be asked to reconfirm your cosent, however consent is not retrospective.