• Home
• Reviews
• Sales & services
• Support
• Downloads
• Contact-us
• Company

Dengie Hundred Amateur Radio Society (DHARS) Privacy Notice

Introduction.

The Guide to the General Data Protection Regulation (GDPR) forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018). The Dengie Hundred Amateur Radio Society (DHARS) believes our privacy notice conforms to these regulations. If any issues of non-compliance are bought to our attention, we will resolve them.

Our privacy notice sets out the information summarised in the list below. For a more complete explanation of the key concepts, please consult the Information Commissioner's Office (ICO) website.

1. Who we are
2. What is personal data?
3. Principles of our approach to processing personal data.
4. The categories of personal data we collect
5. How that personal data is collected
6. Our legal basis for processing your personal data and how we use that personal data
7. Who we may share your personal data with
8. Transfer and processing of your personal data outside the European Economic Area
9. How long we will hold your personal data for
10. Your rights
11. Our communications, the Website and cookies
12. How to contact us if you require clarification, or have a complaint about our Privacy Notice
13. Where to complain if you have a concern about the way the DHARS is handling your personal information, and have been unsatisfied by our response.
14. Changes to this Privacy Notice

1. Who we are

The Dengie Hundred Amateur Radio Society (DHARS), is an amateur radio club, made up from a group of people who all have an interest in amateur radio - sometimes called ham radio. Our address is:

Dengie Hundred Amateur Radio Society
Oak Tree Bungalow
The Endway
Althorne
CHELMSFORD
Essex
CM3 6DU.

The DHARS is a controller, which means we determine the purposes and means of processing personal data. We do not use a processor, which is responsible for processing personal data on behalf of a controller.

As a not-for-profit organisation, we are not required to register with the ICO, so have not done so.

2. What is personal data?

Personal data includes information relating to people who can be identified or who are identifiable, directly from the information in question, or who can be indirectly identified from that information in combination with other information. For a more complete description of what is personal data, please consult the ICO website.

A name is personal data, but there are many less obvious pieces of personal data too, such as the IP address from which a browser connects to a web server.

3. Principles of our approach to processing personal data

The following seven principles lie at the heart of our approach to processing personal data

1. Lawfulness, fairness and transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality (security)
7. Accountability

4. The categories of personal data we collect

We may collect the following categories of personal data about you. The type of personal data collected depends on our relationship with you.

4.1 If you only browse our website, and make no contact by email, telephone or post

If visiting our website, your IP address will be recorded, along with the date and time of your visit, the browser you use, your operating system, what pages you attempted to view, whether you successfully saw the pages.

4.2 If you contact us by email, telephone, by post or in person, we may additionally collect the following categories of personal information

• 4.2.i Your name and contact information such as your home address, email address and telephone number(s).
• 4.2.ii Your amateur radio callsign, if you are a licensed amateur.
• 4.2.iii Any other information which you have provided, but we will not ask for any other personal information

4.3 If you apply for membership

Depending on your age, we may collect the following information to determine the class of membership (full or student), and if there are any restrictions due to our safeguarding policy.

• 4.3.i Whether you are in full-time education if aged under 21.
• 4.3.ii Your date of birth, if you are under 16.

4.4 If you become a member of DHARS

• 4.4.i The dates and amounts of any money paid for membership.
• 4.4.ii A minimal subset of your bank account details if you choose to pay any membership fees by bank transfer and/or be reimbursed for any expenditure by bank transfer.

5. How that personal data is collected

We may collect your personal data, or you may provide it to us through various means, including:

1. You are a member and have made members of the club aware of it.
2. If you contact us by email, telephone, or post.
3. If you send us a QSL card
4. Drawn from publicly available sources or from third parties such as the websites QRZ.COM
5. Provided on an application form to join DHARS.
6. Our website runs on a server running the Debian Linux operating system, using Apache as the web server software. Apache creates log files, collecting some information. A typical line from the web server log would be as below.
   
   192.168.1.3 - - [04/Aug/2018:14:17:55 +0000] "GET /members_pages/G3VCG/G3VCGheader.gif HTTP/1.1" 200 11183 "https://www.dhars.org.uk/members_pages/G3VCG/" "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:58.0) Gecko/20100101 Firefox/58.0"
   
   The above shows the date and time someone visited our website, their IP address (which we have altered to not make public the private data), the browser they were using, the operating system they were using, in addition to some other information. For full details about the Apache Log Files then the Apache documentation should be consulted.

6. Our legal basis for processing your personal data and how we use that personal data

We may process your personal data for the following purposes:

1. All club members have been sent a form by the secretary, asking if they give consent to one or more of the following:
   
   • Have their full name, call Sign, address, email address, telephone Number and mobile telephone number available for purposes of running the society.
   • Have the Society Officials contact them by post, email or telephone about The Society’s activities.
   • Have their contact details appear on The Societys list of members which may from time to time, be circulated to members.
   • Have their bank account details known to the treasurer
   Consent is a legal basis for processing data. Consent may be withdrawn at any time.
   
2. The processing is necessary for us to comply with our legal obligations.
3. The processing is necessary for the society to be run properly.
4. For security purposes generally and to ensure the safety of our equipment.
5. Our safeguarding policy, detailed in section 4 of our constitution, requires that an adult accompanies anyone under the age of 16. If we have reason to believe you are under 16, we may require proof of your date of birth to safeguard someone who we may consider vulnerable.
6. If you are aged over 16, in full-time education, but under the age of 21, our constitution permits you to have free student membership. We will not seek proof of your date of birth but will ask you to advise us when you reach the age of 21 or leave full-time education.
7. Inspection of log files generated by web server is necessary to ensure the smooth running of the website and would be standard practice for any competent web server administrator. In particular, the log indicates "404 errors" if a page is not found. We never attempt to use the IP address to help identify an individual, despite that may be possible in some instances.

7. Who we may share your personal data with

1. Other members of the DHARS, if you have given us express consent to do so.
2. Our auditor.

8. Transfer and processing of your personal data outside the European Economic Area

We currently see no reason any data should be transferred outside the European Economic Area.

9. How long we will hold your personal data for

The nature of the data determines the period the data is retained for.

1. Logs from the Apache web server, which contain personal data, but not sensitive personal data, will be deleted within 90 days or less. This duration gives us sufficient time to perform statistical analysis but is not excessive.
2. We keep summary financial accounts essentially forever, but detailed invoices and receipts for 7 years.
3. Records of a members date of birth will be deleted when they are 16 if the data was held for safeguarding purposes, or when they reach 21 if the data was held for student member status. If a member advises us they wish to leave the club, the record will be deleted as soon as reasonably practical. If a student-member has not attended a meeting of the society for a period of at least one year, then our constitution states in section 5.ii that they shall no longer be considered a member. In this case, their date of birth would be deleted as soon as reasonably practical.
4. As a member-based organisation, we would like to keep information about members and past members forever, for historical purposes. However, we can only do this with a members consent, which may be withdrawn at any time.

10. Your rights

The GPDR provides the following rights for individuals.

1. The right to be informed about the collection and use of personal data. This is a key transparency requirement under the GDPR.
2. The right of access Individuals have the right to access their personal data.
3. The right to rectification if personal data is inaccurate or incomplete.
4. The right to erasure - often called the right to be forgotten.
5. The right to restrict processing
6. The right to data portability
7. The right to object to the processing of their personal data in certain circumstances.
8. Rights in relation to automated de.cision making and profiling. DHARS does not process data in this way.

Please email both the chairman and the secretary, using the contact details if you would like to action any of your rights above. You should note that these rights are not absolute, and we may be entitled (or required) to refuse requests where exceptions apply.

11. Our communications, the Website and cookies

1. The Terms and Conditions of use of our website are given on another page. If you do not find those acceptable, please do not use our website.
2. As stated in our cookie policy we do not currently use any cookies.
3. We do not use any javascript, which can be a security risk, allowing private data to be taken.
4. We use SSL to secure the connection, would make it very difficult for a third party to inject code that steals your personal information.
5. e-mail is inherently quite insecure, as the data is sent unencrypted across multiple computers. If someone requests an email be sent to us securely, we will consider setting up OpenPGP, but hope that will not be necessary.

12. How to contact us if you require clarification, or have a complaint about our Privacy Notice

We hope this privacy policy satisfies you, but this was written by a chartered engineer, not a lawyer. If you have any queries, please email both the chairman and the secretary of the DHARS. Details may be found on our contact page.

13. Where to complain if you have a concern about the way the DHARS is handling your personal information, and have been unsatisfied by our response

We would like to think that we can resolve any privacy concerns you have with us, but if you are unsatisfied with our response, you can make a complaint about your personal information concerns to the Information Commissioner's Ofice

14. Changes to this Privacy Notice

We may update this Privacy Notice at any time. It is your responsibility when using the website to make yourself aware of any changes. We will update the date of the privacy notice.

This privacy notice was last updated on 7^th August 2018

Kirkby Microwave Ltd is registered in England and Wales, company number 08914892. Registered office: Stokes Hall Lodge, Burnham Rd, Althorne, Essex, CM3 6DT.