CFI is committed to protecting your personal information, and this privacy statement explains how we handle and treat your data. Our policy is in full accordance with the General Data Protection Regulation (GDPR), which comes into effect on 25th May 2018.
We (CFI) are Conservative Friends of Israel Limited, a company limited by guarantee with company number 08114952 whose registered office is at c/o Blick Rothenberg Limited, 1st Floor, 7-10 Chandos Street, London W1G 9DQ.
You can find out more about us from our website at https://cfoi.co.uk/
You can contact us at firstname.lastname@example.org
WHICH PERSONAL DATA WE COLLECT FROM YOU
CFI collects and retains a very limited amount of personal information to facilitate our communication with you.
- Full name
- Postal address
- Phone numbers
- Email address
Sensitive Personal Data
We do not collect “sensitive personal data” from you e.g. health status.
HOW YOUR PERSONAL DATA WILL BE PROTECTED
Who has access to your personal data?
Your personal data is stored on our secure database which is password protected, and access is limited to trained CFI staff and each of our subcontracted partners, who facilitate CFI’s ongoing activities (e.g. banks and website developer), all of whom work in accordance with GDPR regulations.
How will we keep your personal data secure?
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and sub-contractors.
How long do we keep your personal data?
We will retain your personal data for as long as necessary for the purposes it is collected as set out in this policy and for any longer period necessary for it to comply with statutory retention obligations and/or for the purposes of defending or making legal claims. To determine the appropriate retention period, we consider the amount, nature and sensitivity of the personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means and the applicable legal requirement.
What happens if you choose not to give us your personal data?
You can choose not to give us personal information. We may need to collect personal information by law, or to enter into or fulfil a contract we have with you, such as the provision to you of membership benefits. If you choose not to give us this personal information, it may mean that we cannot fulfil our contract with you, or do what we are required to do by law.
WHAT DO WE USE YOUR PERSONA DATA FOR?
Our lawful basis for processing your data is via ‘legitimate interests’ in accordance with GDPR regulations. On the basis of your expressed interest in CFI, we will send you briefings and invitations to our events, and to achieve this it is necessary for us to use (process) your data, in keeping with your interests, rights and freedoms.
CFI uses your information for a number of purposes which help us engage with you, including the following:
- To provide you with information about our work and our activities. This might include sending you email briefings, invitations to events and volunteering opportunities during election campaigns;
- For administration purposes e.g. we may contact you about a donation you have made or event you have expressed an interest in or registered for;
- For internal record keeping, including management of any feedback or complaints;
(each of these is necessary for our legitimate interests in the provision of membership benefits to you and for the running of our organisation)
- For statutory and regulatory compliance.
(this is necessary for us to comply with our legal obligations)
If you do not fall within our legitimate interests it may be that you have given us your express consent to process your personal data, for example, if you have ‘opted-in’ to receive marketing communications from us.
You can withdraw your consent at any time. This will only affect the way we use information when our reason for doing so is that we have your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. This will not affect the lawfulness of our use of the data before your consent was withdrawn.
What is my right to be informed?
Our purpose for using your data is based on your previous involvement with CFI, and to achieve this it is necessary for us to use (process) your data, in keeping with your interests, rights and freedoms. We have not, and will never sell your personal information with a third party.
What is my right of access?
Should you wish to access your personal data stored on our database in order to be aware of, and verify the lawfulness of, our processing of your data, you have the right to do so. You can also request a digital file of certain of your personal information which you can keep to use yourself, or give to other organisations
Do I have a right to rectification?
Yes, you have the right to question any information we have about you that you think is incorrect, so that we can take reasonable steps to check and correct it.
What is my right to erasure (or ‘to be forgotten’)?
You have the right to ask us to delete, remove or stop using your personal data if there is no need for us to keep it. Please note that there may be legal or other official reasons why we need to keep or use your data.
Do I have the right to restrict processing of my data?
You have the right to restrict the use of your personal data, so that it can only be used for certain things, such as legal claims or to exercise legal rights.
Do I have a right to object?
You have the right to object to us keeping or using your personal data.
Personal data breaches
We have put in place appropriate security policies, rules and technical measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised or improper way, altered, lost or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you, and any applicable regulator, of a breach where we are legally required to do so.
You can obtain further information about Data Protection and privacy laws by visiting the Information Commissioner’s website at: https://ico.org.uk/for-the-public/
How to complain
Please let us know if you are unhappy with how we have used your personal information. You can contact us email@example.com. You also have the right to complain to the regulator, and to lodge an appeal if you are not happy with the outcome of a complaint. In the UK this is the Information Commissioner’s Office https://ico.org.uk/
Sending data outside the European Economic Area (the ‘EEA’)
We will only send your data outside of the EEA to comply with a legal duty or work with our suppliers in providing products and services to you. If we do transfer your personal information outside the EEA to our suppliers, we will make sure that it is protected to the same extent as in the EEA. We will use one of these safeguards:
- Transfer it to a non-EEA country with privacy laws that give the same protection as the EEA and have been deemed to provide an adequate level of protection for personal data by the European Commission.
- Put in place a contract the form of which has been approved by the European Commission with the recipient that means they must protect it to the same standards as the EEA.
- Transfer it to organisations that are part of Privacy Shield. This is a framework that sets privacy standards for data sent between the US and EU countries. It makes sure those standards are similar to what is used within the EEA.