PRIVACY POLICY

MILITARY VEHICLE TRUST (MVT) DATA DOCUMENT   (MVT-DP11-Issue Nov 2018)

DATA PRIVACY POLICY    

                                                  

This document is part of our data protection policy statements for compliance with the Data Protection Act 2018 (DPA) & General Data Protection Regulation 2018 (GDPR). We are a charitable organisation dedicated to the conservation of ex military vehicles. We are a membership led organisation, run by volunteers for no remuneration. The MVT has procedures in place to keep member’s data as safe as possible.

Please find more details below in a Question & Answer format:-

P1.       What data do we collect?

We collect your personal data, like name and address and other contact details like telephone number and email only. We don’t collect sensitive data – like what race, religion, sexual persuasion, etc. Members are asked directly verbally for their permission or asked to sign an electronic or written statement confirming that they give their data freely, with unambiguous specific consent for the MVT to use their data.

P2.       Why do we collect your data?

We collect your personal data for membership services and administrative day to day running of the organisation and we may use your data to contact you from time to time about MVT events or member meetings. We may use your data for MVT events like vehicle tours or at any other times involving member’s vehicles when acting as exhibitors. (Other internal administrative MVT data uses and controls may be found in MVT Data Policy MVT-DP01) published with this document. We don’t use member’s data for marketing – cold calling with electronic marketing messages, like asking for donations (by phone, email, text or social media).

P3.       Who do we tell about your data?

We don’t sell members’ personal details – to be used by external organisations.

We tell nobody about your data unless they are in an approved administrative position within the MVT. This may include members of the Council of Management (CoM) but only if they require it for their role. We do not sell your data to anyone and any MVT 3rd party data processors are contractually liable to comply with the DPA 2018 & GDPR rules.

P4.       How do we use your data?

We don’t use website cookies, apart from internal website traffic reviews. We may send your data to authorised MVT 3rd party data processors like our authorised insurance company for members’ Personal Public Liability Insurance (PPLI) (which is a membership benefit included with your membership fee). Or our membership communication company who issue membership cards and keep your details updated. We may also wish to contact you to provide information concerning your membership via MVT Area Liaison to your MVT Area Secretary.

P5.       How long do we keep your data & how is it protected?

We must only keep people’s information for as long as necessary. Your data is continuously kept safe. If you do not renew your membership your data is kept for 1 year and then deleted. A member can change their details at any time via the member’s account portal on our website,  www.mvt.org.uk. We have to make sure the MVT Officers (CoM & Area Secretaries) are adequately trained in data compliance. We also have to password or encrypt all electronic portable computers & storage devices containing the data. We also use strong passwords for our stored digital collections of data. 

P6.       How can you exercise your rights?

DPA 2018 & GDPR 2018 legislation says you have a right to find out what data the MVT hold about you. The easiest way is to go on our website, www.mvt.org.uk, where you can inspect what data you have given us and change or update it, if required, like when you change your contact details etc. Or contact us direct (see below).

P7.       How do you contact the MVT direct about your data?

For individual requests about any MVT data related matters you can contact us by email,

The MVT Data Protection Officer, Email: data@mvt.org.uk.

P8.       What other Data Protection procedures do you have in place?

As an organisation we have a formal action plan in place to support GDPR actions.

We are compliant with current data protection laws and the Data Protection Officer continually reviews this legislation.

Our Privacy Notice is written with clear and simple English. We operate a transparent administrative system.

Consents for the use of member’s data are all freely given, specific and unambiguous.

The quality of our consents has been reviewed.

We can handle individual requests about data matters and erase member’s data completely.

We have procedures in place for checking people’s ages for enhanced protection for children’s personal data.

We have a data breach procedure in place which is unified with our 3rd party data processors.

We can demonstrate we take data protection seriously. We record all data breaches and report to the ICO when required.

The responsibility for ensuring compliance with DPA 2018 & GDPR2018 matters lies with the MVT trustees and CoM members in particular the CoM member in role as Data Protection Officer (DPO).

(P1. - P8. Complete)