The Army Catering Corps Association’s Privacy Policy
I
n
order
to
comply
with
the
General
Data
Protection
Regulation
(GDPR),
effective
from
25th
May
2018,
the
Army
Catering
Corps
(ACC)
Association
has
revised
and
updated
its
privacy
policy
in
order
to
strengthen
data
protection
and
to
ensure
members
have
control
over
their
personal
data
and
its
use.
GDPR
places
greater
emphasis
on
the
documentation
that
data
controllers
must
keep
to
demonstrate
their
accountability.
Offences
with
serious consequences can have fines of up to 20 million Euros
.
Index to the Document
(Click on a topic to jump to that section)
•
Background Information
•
Who is Responsible for the Data Security
•
What is required to comply with General Data Protection Regulations
•
How we collect the information we hold
•
Use of cookies
•
What information do we hold about you
•
What we do with personal information
•
How we ensure the accuracy of the informatio
n
•
How we ensure the security and privacy of the data
•
Who do we share information with?
•
What if you would like us not to contact you in the future
•
What if you would like your details removed from our records
•
Deceased Members ‘ Information
•
Further Enquiries
Background Information
The
ACC
Association
is
fully
committed
to
ensuring
the
privacy
of
its
members
and
users
of
the
www.accassociation.org
website.
This
Privacy
Policy
explains
how
we
use
personal
data
to
deliver
services
provided
to
members
and
the
measures
taken
to
secure
this
data.
This
policy
may
change
occasionally so please check this statement from time to time.
The ACC Association has a number of subordinate branches, currently these include:
•
ACC Officers’ Club
•
ACC & RLC Chefs (Past & Present) Sergeants' Association
•
ACC Golfing Society
•
Airborne Chefs Association
All subordinate branches of the ACC Association are covered and bound by this privacy policy.
In
1980,
as
part
of
the
preparations
for
the
40th
anniversary
of
the
founding
of
the
ACC,
a
database
was
compiled
of
"Old
Comrades".
This
information
was
used
as
the
foundation
for
the
current
Association's
Membership
Database,
which
has
grown
to
around
3,000
as
new
members
have joined.
Who is Responsible for the Data Security
The
Secretary
of
the
ACC
Association
is
designated
as
the
organisation’s
‘Data
Controller’.
The
Data
Controller
is
responsible
for
ensuring
the
ACC
Association
and
its
subordinate
branches
comply
with
the
provisions
of
GDPR.
The
Association’s
Executive
Council
member
responsible
for
Communications & Media is designated as the ‘Data Protection Officer’.
What is required to comply with General Data Protection Regulations
Article 5 of GDPR requires that personal data shall be:
a) processed lawfully, fairly and in a transparent manner in relation to individuals;
b)
collected
for
specified,
explicit
and
legitimate
purposes
and
not
further
processed
in
a
manner
that
is
incompatible
with
those
purposes;
further
processing
for
archiving
purposes
in
the
public
interest,
scientific
or
historical
research
or
statistical
purposes
shall
not be considered to be incompatible with the initial purposes;
c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
d)
accurate
and,
where
necessary,
kept
up
to
date;
every
reasonable
step
must
be
taken
to
ensure
that
personal
data
that
are
inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay
e)
kept
in
a
form
which
permits
identification
of
data
subjects
for
no
longer
than
is
necessary
for
the
purposes
for
which
the
personal
data
are
processed;
personal
data
may
be
stored
for
longer
periods
insofar
as
the
personal
data
will
be
processed
solely
for
archiving
purposes
in
the
public
interest,
scientific
or
historical
research
purposes
or
statistical
purposes
subject
to
implementation
of
the
appropriate
technical
and
organisational
measures
required
by
the
GDPR
in
order
to
safeguard
the
rights
and
freedoms
of
individuals;
and
f)
processed
in
a
manner
that
ensures
appropriate
security
of
the
personal
data,
including
protection
against
unauthorised
or
unlawful
processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Article 5(2) requires that:
A Data Controller shall be responsible for, and be able to demonstrate, compliance with the principles.
How we collect the information we hold
The
ACC
Association
collects
personal
information
from
you
through
your
Membership
Application
Form
and
any
other
forms
that
you
have
submitted and through any e-mails that you send us.
We
also
collect
information
automatically
each
time
you
visit
the
www.accassociation.org
website.
This
information,
which
records
what
parts
of
the
website you visited, is only used as aggregate information, not as identifiable individual information.
Use of cookies (
View our Cookie Policy
)
If
we
use
‘cookies’
to
identify
you
when
you
visit
the
ACC
Association
website
we
will
display
the
regulatory
message
informing
you
what
we
are
doing.
A
cookie
is
a
small
amount
of
information
which
is
sent
to
your
browser
and
stored
on
your
computer's
hard
drive,
which
then
enables
our
web-server
to
collect
information
back
from
your
browser
each
time
you
visit
our
website.
You
can
find
out
more
about
the
use
of
cookies
at
https://ico.org.uk/global/cookies/.
No information is collected that can identify any one individual user of the website.
What information do we hold about you
We
hold
basic
contact
details,
rank
(where
known),
name,
initials,
postal
and
email
addresses
and
landline
and
mobile
telephone
numbers.
For
some
members
we
have
a
few
additional
elements
such
as
date
of
birth,
service
number,
dates
of
military
service
where
provided.
Those
who
are
members
of
any
subsidiary
branch
are
annotated
as
such.
None
of
the
data
we
hold
would
be
classified
as
‘Sensitive
Personal
Data’
as
this
generally relates to bank & medical details.
We
also
use
the
aggregate
information
about
visitors'
site
usage
patterns
to
enable
us
to
see
how
popular
different
parts
of
the
website
are
with
our visitors, helping us decide how best to further develop the website.
What we do with personal information
We
use
the
personal
information
that
you
give
us
to
keep
a
record
of
ACC
Association
membership
and
to
be
able
to
contact
individual
members.
The
postal
address
is
required
so
that
we
can
send
you
your
copy
of
the
twice
yearly
published
Association
Newsletter.
We
will
also
use
this
data
to
contact
you
from
time
to
time
via
email,
telephone
or
postal
mail
to
inform
you
of
Association
events
and
other
items
deemed
to
be
of
interest
to
members.
Date
of
birth,
service
number,
dates
of
military
service
is
used
to
uniquely
identify
an
individual.
In
the
case
of
date
of
birth,
this
is
used
in
an
aggregate form to gather demographic data on the membership as a whole.
How we ensure the accuracy of the information
To
ensure
the
accuracy
of
the
information
we
hold
we
will
from
time
to
time
request
individual
members
of
the
ACC
Association
to
update
the
information
we
hold
on
them
and
confirm
it
is
accurate.
We
also
request
and
rely
upon
members
to
inform
the
Secretary
of
any
changes
to
their
personal details by completing the form on the website, writing, emailing or telephoning the Secretary.
Who do we share the Information with
The
Association
shares
what
information
it
holds
about
identifiable
individual
members
with
those
who
have
a
legitimate
reason
to
have
access
to
the
data
in
their
capacity
as
managers
or
controllers
of
the
ACC
Association
or
one
of
the
subordinate
branches.
The
ACC
Association
will
not
share
any information we store about you with any other individuals or members of the Association without the express consent of the individual.
From
time
to
time
the
Association
will
engage
external
‘Data
Processors’
to
carry
out
such
work
as
printing
and
distributing
the
Association’s
Newsletter and to carry out necessary data cleansing to ensure the accuracy to the data.
The
Association
has
written
agreements
with
any
external
‘Data
Processor’
given
access
to
the
information
we
hold,
that
requires
them
to
comply
with the GDPR and abide with the principles laid out in this document.
How we ensure the security and privacy of the data
The
data
is
stored
on
a
server
and
access
to
that
part
of
the
system
where
data
is
physically
stored
is
via
a
User
ID
and
Password
login
process.
The
number
of
personnel
who
have
been
issued
with
a
User
ID
and
Password
is
strictly
limited
to
people
who
would
have
a
valid
requirement
to
process personal data.
The
data
file
is
encrypted
and
can
only
be
opened
and
read
by
the
input
of
a
secure
password.
The
number
of
personnel
who
have
been
issued
with the password is strictly limited to people who would have a legitimate requirement to process personal data.
What if you would like us not to contact you in the future
You can write, email or call us at the address below to request us not to contact you again in the future.
What if you would like your details removed from our records
Once again, write, email or call us at the address below and we will, at your request, delete your details from our records.
Deceased Members’ Information
The
Association
does
retain
limited
person
data
of
deceased
members
including
name,
rank,
date
of
birth,
service
period
and
date
of
death
for
historical purposes unless specifically requested otherwise.
Further Enquiries
If you have any further enquiries you can contact the Association’s Secretary, who is the Data Controller, at:
Army Catering Corps Association, RHQ The Royal Logistic Corps, Worthy Down Barracks, Winchester, Hampshire, SO21 2RG
Phone: 01962 887767
E-mail:
For more information about General Data Protection Regulations and your rights visit the following site