circle

Third Age Trust Trading Limited Privacy Policy

1. Document Control

2. Introduction

2.1. In this Privacy Policy:

2.1.1   references to we, us or our means Third Age Trust Trading Limited a limited company registered in England and Wales (company number: 11899419), whose registered office is Unit 104, The Foundry Business Centre, Blackfriars Road, London, England, SE1 8EN. You can contact us by post at the above address, by email at This email address is being protected from spambots. You need JavaScript enabled to view it. or by telephone on 020 8466 6139.

2.1.2     references to you or your means the person accessing and using the Website (as defined below) or to whom we supply products or services, or contacts;

2.1.3     references to the Website means the websites found on the .u3a.org.uk and .u3abeacon.org.uk domains.

2.2. Scope

Relevant to all data subjects.

2.3. Related documentation

U3A-ISMS-DOC-023 Third Age Trust Privacy Policy

3. This Privacy Policy

This Privacy Policy (together with our Terms of Use (available at https://beacon.u3a.org.uk/terms and any other documents referred to in it)) sets out the basis on which we collect and use personal data about you through your use of the Website and when we supply products and services to you.

3.1   This Policy describes:

3.1.1     who is responsible for the personal data that we collect about you;
3.1.2     the personal data we collect about you;
3.1.3     how we will use it;
3.1.4     who we may disclose it to; and
3.1.5     your rights and choices in relation to your personal data.

This is to make sure you have a full picture of how we collect and use your personal data.

3.2   Personal data

In this Privacy Policy where we use the words personal data we use these words to describe information that is about you and which identifies you.

4. Who is responsible for the personal data that we collect?

We are the data controller for the purposes of data protection law, in respect of your personal data collected and used by us.

5. What personal data do we hold about you?

5.1   Collection and use

We collect and use personal data about you for the purpose of communicating with you as representative of your U3A. The personal data we hold includes:

5.1.1     Information that you provide to us / we collect from you:

Type of Personal Data Examples
General
Contact information Name, title, address, email address, social media name and telephone number
U3A membership Name of your U3A
U3A role

Whether you perform one of the following roles for your U3A for example:

Chairman

Secretary

Treasurer

Membership contact

Direct Mail contact

Website editor

Newsletter editor

Accessibility contact

Trust Volunteer Role Details of role(s) performed
Marketing
Marketing preferences (including subscriptions to our national newsletter and magazine) Details of any marketing preferences that you express including any opt outs you provide.
Other
Online activity information (to the extent that it constitutes personal data)
  • Technical information, through your internet browser or electronic device: Certain information is collected by most websites or automatically through your electronic device, such as your IP address (i.e. your computer’s address on the internet), screen resolution, operating system type (Windows or Mac) and version, internet browser type and version, electronic device manufacturer and model, language, time of the visit and pages visited.
  • Technical information, using cookies and online tracking: Cookies are pieces of information stored directly on the device you are using to access our Website. Cookies allow us to recognise your device and to collect information such as IP address, internet browser type, time spent using the Website and the pages visited.
Project activity Information about U3A activity or personal activity that you contribute as part of a U3A learning or communications event

          This information may be provided:

         (a) in the course of communications between you and us (including by phone, email or otherwise);
         (b) when you provide personal data via our Websites or using other systems which we provide to you;
         (c) via our social media pages, other social media content, tools and applications;

5.1.2 Information we receive from other sources

         (a) Information we receive through the Beacon system
         (b) Information we receive from our service providers and business partners
         (c) Information we receive from public websites and social media accounts belonging to U3As

 

6. Information about third parties

6.1   Third parties

In the course of us communicating with you, you may provide us with personal data relating to third parties.

6.2   Consent and third parties

We will use this personal data in accordance with this Privacy Policy.  If you are providing personal data to us relating to a third party, you confirm that you have the consent of the third party to share such personal data with us and that you have made the information in this Privacy Policy available to the third party.

 

7. How do we use the personal data we collect about you?

7.1   Purposes

We use your personal data for a variety of different purposes during the course of us providing services to you. The purposes for which we use your personal data are set out below.  Under data protection law, we can only use your personal data if we have a legal basis to do so. Examples of where we have a legal basis to process your personal data, includes when:

7.1.1     we have your consent;
7.1.2     it is necessary to enter into or perform a contract we have with you (or to take steps at your request prior to entering into that contract);
7.1.3     it is necessary to comply with a legal obligation; or
7.1.4     it is in our legitimate interests to process your personal data.

7.2   Legal Basis

We have set out our reasons for using your personal data in the table below under the heading Legal Basis. Where we rely on our legitimate interests, we have set out those interests in the table below. 

Purpose Legal Basis
Setting up and managing the information we hold about you

Contract

Legitimate interests

Managing, developing and making improvements to the Beacon system

Legal obligations

Legitimate interests

Communicating with you about our products and services

Contract

Legitimate interests

Providing our newsletter Legitimate interests
Providing our magazine "Third Age Matters"

Contract

Legitimate interests

Survey participation

Contract

Legitimate interests

Publicity

Contract

Legitimate interests

To comply with any legal or regulatory obligations (including in connection with a court order Legal obligation
To enforce or apply the agreements concerning you (including agreements between you and us).

Contract

Legitimate interests

To manage any service or quality related issues, complaints, feedback and queries in relation to the supply of products and services.

Contract

Legitimate interests

8. Automated processing

We do not use your personal data to make any automated decisions that might affect you.

9. Who may we disclose your Personal data to?

9.1   We may share your personal data with:

9.1.1     the Third Age Trust and
9.1.2     other third parties who process data on our behalf.    

For more information please refer to Schedules 1 and 2.

9.2   We may also disclose your personal data to other third parties, for example:

9.2.1     if we or substantially all of our assets are acquired by a third party, personal data held by us will be one of the transferred assets; and

9.2.2     if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our the agreements concerning you (including agreements between you and us).

10. Where will we transfer your personal data?

If we transfer personal data outside the UK or the European Economic Area (EEA), we will implement appropriate and suitable safeguards to ensure that such personal data will be protected as required by applicable data protection law.

11. How long will we keep your personal data?

11.1   Retention periods

We will keep your personal data for different periods depending on the nature of the information, the purpose for which it was collected, any legal obligation and/or business reason to retain.

11.2   Extensions

Please note that the above retention period may be extended where we need to preserve and use personal data for the purposes of bringing or defending a legal claim.  In such cases, we will continue to hold and process your personal data for as long as is necessary to deal with the legal proceedings.

12. Your rights

You have certain rights with respect to your personal data.  The rights will only apply in certain circumstances and are subject to certain exemptions.  Please see the table below for a summary of your rights. Details of who to contact to exercise these rights can be found in paragraph 16. 

  Summary of your rights
Right of access to your personal data You have the right to receive a copy of your personal data that we hold about you and information about how we use it, subject to certain exemptions. 
Right to rectify your personal data You have the right to ask us to correct your personal data that we hold where it is incorrect or incomplete.
Right to erasure of your personal data

You have the right to ask that your personal data be deleted in certain circumstances.  For example:

  • where your personal data is no longer necessary in relation to the purposes for which it was  collected or otherwise used;
  • if you withdraw your consent and there is no other legal ground for which we rely on for the continued use of your personal data;
  • if you object to the use of your personal data (as set out below);
  • if we have used your personal data unlawfully; or
  • if your personal data needs to be erased to comply with a legal obligation.
Right to restrict the use of your personal data

You have the right to suspend our use of your personal data in certain circumstances.  For example:

  • where you think your personal data is inaccurate but only for so long as is required for us to verify the accuracy of your personal data;
  • the use of your personal data is unlawful and you oppose the erasure of your personal data and request that it is suspended instead;
  • we no longer need your personal data, but your personal data is required by you for the establishment, exercise or defence of legal claims; or
  • you have objected to the use of your personal data and we are verifying whether our grounds for the use of your personal data override your objection.
Right to data portability

You have the right to obtain your personal data in a structured, commonly used and machine-readable format and for it to be transferred to another organisation, where it is technically feasible.

The right only applies:

  • to personal data you provided to us;
  • where we rely on the following legal bases:
  • consent; or
  • for the performance of a contract; and
  • when the use of your personal data is carried out by automated (i.e. electronic) means.
Right to object to the use of your personal data

You have the right to object to the use of your personal data in certain circumstances and subject to certain exemptions. For example:

  • where you have grounds relating to your particular situation and we use your personal data for our legitimate interests (or those of a third party); 
  • if you object to the use of your personal data for direct marketing purposes; and
  • where we use your personal data to take a decision which is based solely on automated processing where that decision produces a legal effect or otherwise significantly affects you.
Right to withdraw consent You have the right to withdraw your consent at any time where we rely on consent to use your personal data.
Right to complain to the relevant data protection authority

You have the right to complain to the relevant data protection authority, which is in the case of us, the Information Commissioner's Office (ICO), where you think we have not used your personal data in accordance with data protection law. The ICO's contact details are:

Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

 

14. Cookies
 

The Website uses cookies to distinguish you from other users of the Website.  This helps us to provide you with a good experience when you browse the Website and also allows us to improve the Website. 

Our Cookie Policy is as follows: When you use our website to view the information we make available, a small number of cookies are used by us and by third parties to allow the website to function, to collect useful information about visitors and to help to make your user experience better.

Some of the cookies we use are strictly necessary for our website to function. For example, when you log in to the advice area, we will place a cookie on your computer to keep you logged in.

As well as the cookies we use, various third parties also place them on your computer. For example, we monitor user behaviour using Google Analytics in order to improve the site.

We do not place third party advertising cookies.

If you do not wish to receive cookies, please disable them in your browser. However, this will lead to reduced site functionality.

15. Changes to our privacy policy
 

Any changes we make to this Privacy Policy in the future will be posted on this page and, where appropriate, notified to you by email.  The updated Privacy Policy will take effect as soon as it has been updated or otherwise communicated to you.

16. Queries
 

16.1   Queries regarding this policy or use of data

If you have any questions regarding this Privacy Policy or the way we use your personal data, please contact us by:

16.1.1  telephone on 020 8466 6139
16.1.2  email at This email address is being protected from spambots. You need JavaScript enabled to view it.; or
16.1.3  post at 156 Blackfriars Road, London, SE1 8EN. 

17. Schedule 1 - Who is personal data shared with?

Who is personal data shared with?
Type of third party Examples
General
Our service providers and business partners Our business partners, suppliers and sub-contractors for the performance of any contract we enter into with you (see Schedule 2)
Our professional advisers Including accountants, lawyers and other professional advisers that assist us in carrying out our business activities.
Government authorities and third parties involved in court action External agencies and organisations (including the police and other law enforcement agencies) for the purpose of complying with applicable legal and regulatory obligations.
Other organisations or companies or public bodies For the purposes of pursuing U3A learning, social and other related activity
Law Enforcement and Regulation
Police and law enforcement agencies We may share personal data with the police and other law enforcement agencies in connection with the prevention and detection of crime
Regulatory bodies We may share personal data with third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation or instructions of a regulatory body (including in connection with a court order), or in order to enforce or apply the terms of any agreements we have with or otherwise concerning you (including agreements between you and us) or to protect our rights, property or safety of our clients, employees or other third parties

18. Schedule 2 - Our main service providers and business partners

Our main service providers and business partners
Name of third party Purpose
The Third Age Trust Shared operations
Relevant U3As Member charities
PayPal Process payments
Castelli (Diaries) Ltd Fulfil bulk diary orders
Delivery companies
e.g. Mailing & Marketing Solutions Ltd and Royal Mail Group Ltd
Deliver ordered items
D M Print Ltd Print our magazine
Zoom Video Communications Video conferencing
Twilio, Inc Email delivery
Zendesk Inc Customer support
The Rocket Science Group LLC d/b/a Mailchimp Marketing platform
Google LLC Website analytics
Siftware Ltd Development and maintenance of the legacy Beacon system
SurveyMonkey Inc., SurveyMonkey Europe UC Survey and form response collection and analysis
Microsoft Corporation

Data storage and management

Communications handling

Cloudflare, Inc Web application firewall
GoDaddy Media Temple, Inc. d/b/a Sucuri Web application firewall
SolarWinds, Inc Log management
Paragon Internet Group t/a tsoHost

Web hosting

SSL certification

Trustwave Holdings, Inc

SSL certification

PCI compliance

Goodman Jones LLP Audit
Pen Test Partners LLP Audit
Sarah Hayes

Web development

Web hosting

Transpeed (Europe) Ltd IT support
Rackspace, Inc Web hosting
Fasthosts Internet Ltd Web hosting
The Sage Group, plc Data storage
DigitalOcean, Inc Data storage
Barclaycard Payment processing
Banks e.g. Barclays Bank plc Banking services
HMRC Regulatory filing
N2 (Brand IQ) Brand management and asset delivery
William Gibbons Printers
Attend2IT Technical and event support (specifically for the AGM)
Parliament Hill Member benefit services

Save
Your cookie settings
We use cookies to ensure you get the best experience on our website. These cookies allow the website to function, collect useful anonymised information about visitors and help to make your user experience better. You can choose which cookies to accept. Declining the use of cookies, may affect your experience of our website.
Accept all
Decline all
Read more
Analytics
Google Analytics uses performance cookies to track user activity on our website. This information is anonymous and helps us to improve the website.
Google Analytics
Accept
Decline
Google
Google YouTube
To view YouTube videos
Accept
Decline