Privacy notice for volunteers
The Marine Society & Sea Cadets (MSSC) is subject to the General Data Protection Regulation (GDPR) along with all other organisations in European Union. GDPR strengthens your privacy rights on the collection and use of your personal data, and makes it easier for you to access information which we hold and to which you may be entitled.
This privacy notice lets you know what happens to any personal data that you give the Marine Society & Sea Cadets, or any that we may collect from or about you. It tells you what rights you have over your personal data and what you can do about it if you wish to exercise any of those rights. This forms part of the set of specific privacy notices for different categories of data subjects, such as cadets, volunteers or parents or for particular purposes such as communications, fundraising or events which have been prepared and published in order to provide easy access, tailored to the needs of each group.
Should you wish to discuss data protection issues, report a breach of personal data or exercise a data subject right, in the first instance, please contact your Unit’s Data Controller who will normally be the chairperson. The MSSC’s Data Controller is the Director of Policy and Young People Support and can be contacted on email@example.com. The Data Protection Officer is the MSSC’s solicitor and can be contacted through firstname.lastname@example.org. Alternatively, you can write to them at MSSC HQ, 202 Lambeth Road, Lambeth, SE1 7JW.
Collection of your personal data
MSSC and your particular unit, district or area will only require you to provide personal information appropriate for the completion of specific tasks or to manage the Sea Cadet Corps. This will be when you wish to join as a member of staff and volunteer your support to a Sea Cadet Unit or other part of Sea Cadets. You will be asked to provide sufficient personal information for the MSSC to safely manage and safeguard young people within the organisation, process organisational business, manage transactions and contact you in the event of a problem or issue arising. You may provide the MSSC with additional information at your own discretion.
Purposes of processing your personal data
We process your personal information to enable us to provide a voluntary service for the benefit of the national public as specified in our constitution; administer membership records; fundraise and promote the interests of the charity.
Types/categories of information processed
We process information relevant to these purposes. This may include:
- Personal data
- Family details
- Membership details
- Goods and services
- Financial details
- Education and employment details
- Visual images, personal appearance and behaviour
We also process sensitive classes of information that may include:
- Physical or mental health details
- Racial or ethnic origin
- Religious or other benefits of a similar nature
- Offences and alleged offences
- Criminal proceedings, outcomes and sentences
- Who the information is processed about
- We process personal information about:
- Staff, volunteers
- Complainants, enquirers
- Representatives of other organisations
- Individuals captured by CCTV images
Who the information may be shared with
We sometimes need to share the personal information we process with the individual themselves and also with other organisations. Where this is necessary, we are required to comply with all aspects of data protection legislation. The types of organisation that we may need to share some of the personal information we process include:
- Family, associates or representatives of the person whose personal data we are processing
- Current, past and prospective employers
- Healthcare, social and welfare organisations
- Providers of goods and services
- Educator and examining bodies
- Financial organisations
- Employment and recruitment agencies
- Survey and research organisations
- Business associates and professional advisers
- Police forces
- Local and central government
- Other companies in the same group as the data controller
- Other voluntary and charitable organisations
Use of your information and your preferences
The MSSC will use your information to provide and personalise its services. Your details will be used to communicate with you on MSSC business only.
Personal information is collected directly from you when you complete and return forms as part of communicating with MSSC (e.g. making a donation online).
We collect this information in order to keep in touch with you and supply you with data relating to our work and how you can support us. This includes keeping you informed about issues that might potentially be of interest to you. The information which we collect in this way will typically include your name, postal and email addresses, and your bank details if you are supporting us financially. We will also sometimes obtain contact information indirectly from third parties.
The MSSC may use your information to send you news about activities, events or services and, in the event of the MSSC working in partnership with other organisations, details of those third-party associates, only when you have opted-in to receive such communications. Remember, you can change the way you hear from us or withdraw your permission for us to process your personal details at any time by changing your preferences on Westminster, or following the process in the documents we send you or emailing: either email@example.com firstname.lastname@example.org or email@example.com depending on the issue.
Please note that there may be instances where it may be necessary for the MSSC to communicate with you, in any event, for administrative or operational reasons relating to the running of the charity.
Disclosures of your information
The MSSC is registered with the Information Commissioner’s Office and provides the ICO with the key information set out in this privacy notice. The MSSC will only disclose your information in the manner permitted by its ICO registration or where required to do so by law. In particular, information may be disclosed to other parts of the MSSC, its affiliated Units and to current business associates.
We will not sell your information to third party organisations, and we do not share your personal information with third parties for their benefit.
We do sometimes ask third-party organisations to contact you on our behalf as part of our fundraising activities, but the information gathered in this way remains our legal responsibility and we ensure that data is treated with the same level of care as if we were handling it directly. We will only do this if we have your explicit consent to do so. We may use data to profile our users and research the charity’s impact on those who use its services.
Data subject rights
You have certain rights under GDPR, which you can ask the Data Controller to deal with. To make things easy for you, there are forms to explain how you can do this and we have included some examples below which demonstrate what this may look like in practical terms. The forms can be found on the Training and Admin website via this link: https://www.sccheadquarters.com/gdpr
- You have the right to be informed about processing of your personal information
- The right to restrict processing of your personal information – you may ask the MSSC or your unit to stop processing your information if you have concerns about the accuracy of the information which we hold.
- The right to have your personal information erased – this applies if for example the information which the MSSC holds is out of date.
- The right to request access to your personal information and to obtain information about how we process it – you can make a special request to see the data which the MSSC has and which relates to you. This is called a subject access request.
- The right to move, copy or transfer your personal information.
- Rights in relation to automated decision making which has a legal effect or otherwise significantly affects you.
Transfer of data outside the European Union
The MSSC has affiliated Units in the Bailiwicks of Guernsey, Jersey and in the Isle of Man, each of which is outside the European Union. Information provided through this website may be provided to Sea Cadet Units in those territories and also stored in data retrieval systems in those territories.
Units in those territories must comply with GDPR because they are liaising and sharing information with EU and EEA countries.
Your marketing and communication preferences
We may use your home address, phone numbers, email address and social media or digital channels to contact you according to your marketing and communication preferences. You can choose whether you want this to happen and can stop this at any time, either by changing your preferences on Westminster, or contacting us using the details below or by following the instructions in the communication.
How secure is the information which I give to you?
MSSC (Marine Society and Sea Cadets) takes the care of your data seriously and undertakes to protect your personal information in a range of ways. These measures include implementing specific technologies and procedures designed to protect your privacy, such as secure servers, firewalls and SSL encryption. We follow payment card industry (PCI) security compliance guidelines when processing credit card payments.
Any personal information transferred between locations will be both encrypted and password protected.
How long will you keep my information for?
will retain your information for as long as you have an active relationship with MSSC (Marine Society and Sea Cadets). If you cease to have an active relationship with us or request to receive no further contact, we may retain some basic information in order to avoid sending you unwanted materials in the future, and to ensure that we do not accidentally duplicate information.
If you volunteer with us, we will retain a limited amount of personal information when you leave – this will be name, date of birth, unit(s) attended, attendance records and qualifications and any safeguarding files. This is for law enforcement purposes for the prevention or detection of crime and will only be provided to third parties under a legal authority. Cadet data will be retained for two years from leaving cadets, unless you volunteer with Sea Cadets during this period or there is a safeguarding concern.
- To maintain information about your session on the MSSC server. For example, keeping track of items in your shopping basket or remembering who you are if you leave and then return to the MSSC web site during the same browser session. This cookie is removed automatically when either you close your web browser, or 15 minutes after you last accessed a page on this site.
- To allow the site to recognise you when you return to MSSC pages or if you login whilst you are on the site, to remember you until you close your web browser. The cookie only remains on your computer if you elect to store it in the user information page. The cookie the MSSC puts on your computer only contains a reference so that the MSSC can access your personal information. No personal information is contained within the cookie.
- To provide tracking of your activity on the website - see website tracking below. This cookie is not linked to any personal information about you and is used to provide generic statistical information about patterns of activity on the MSSC website.
Whenever you visit the MSSC website, the web server automatically records your IP address and each page you visit. It also records information including your route to this site and your operating system and web browser type.
This information is not linked to any personal information the MSSC holds about you.
Privacy of personal data
The MSSC aims to protect the security of your personal data at all times. The MSSC will accomplish this by using a combination of methods including, but not limited to:
- Ensuring your personal information will only be displayed on the screen if you are within a session for which you have provided your password.
- Ensuring that whenever your personal information is exchanged between your web browser and the MSSC web server, highly effective methods of encryption are used - this is currently 128 bit SSL (secure sockets layer) encryption. This makes it extremely difficult for someone to intercept and read the information being passed between your web browser and the MSSC web server.
Information Commissioner’s Office (ICO)
ICO is the UK’s supervisory authority responsible for providing guidance, direction and enforcement of data protection laws. ICO website provides a wealth of information and guidance. the website is: https://ico.org.uk/. You have the right to lodge a complaint to the Information Commissioner’s Office (ICO).
Changes to this privacy notice
We may need to change or update our privacy notices from time to time to reflect ICO guidance or the law. Changes will be announced on the T&A website and reflected on unit websites.