The Eriskay Pony Society

"Protecting and Promoting Scotland's Ancient Hebridean Ponies"

Privacy Statement of the Eriskay Pony Society

In this statement ‘we’, ‘us’, ‘our’ or similar refers to EPS. ‘You’ or similar refers to the data owner.

Background

The General Data Protection Regulation (GDPR) is a new regulation designed to strengthen and unite the data protection processes for all individuals within the EU. GDPR applies to any organisation processing an EU citizen’s personal data irrelevant of where the company is based.

GDPR has placed new obligations on organisations processing personal data and has conferred additional rights on data owners. This document describes how EPS complies with the requirements of GDPR.

Personal information we collect.

Information we collect from you is :

  • Name and preferred contact name.
  • Contact address and post code.
  • Telephone number (landline and / or mobile).
  • Email address.
  • Bank details.
  • Breeding prefix (if applicable).
  • Photographs (if applicable).
  • Taxpayer status (as required for Gift Aid processing).

Bank details are only acquired where we have been supplied with a paper banker’s standing order. In this case, they are only held for the period that the document is on our premises prior to despatch to the relevant bank.

Sensitive personal data.

EPS does not record sensitive personal data relating to physical or mental health, or criminal records.

Council Members and others are required to comply with certain requirements set by Company Law and other regulations in order to fulfil their roles in the society. EPS does not require individuals to submit sensitive information to the society, but rather asks them to review and confirm they comply with relevant requirements (e.g. Fit and Proper Person) as part of their consideration of whether they may wish to undertake the role.

How we collect data.

Data is only collected from the data owner. Some information may be submitted to us indirectly but must be supplied and signed by the data owner. For example, if a passport is applied for by a person who is not the breeder, they will be required to obtain the breeders details and signature.

The main channels through which we collect information are :

  • Paper forms
  • Our website
  • Email and / or instant messaging systems
  • Telephones, voicemail, or mobile phones.
Data we collect may be enhanced using the following third-party resources :

  • Post Office PostCode and Address Finder on the internet

When you use our website, we may gather information through cookies and other technical means. ‘Cookies’ are text files placed on your computer to collect Internet log information and user behaviour information. These are only used to track website usage and monitor website activity.

Some of the cookies we use are essential for parts of the site to operate and have already been set. You may delete and block all cookies from this site, but parts of the site may not work.

What we do with your personal information.

EPS only uses personal data to meet its obligations as a PIO, to meet the needs of members, and to interact with suppliers, equine industry contacts and other relevant individuals. The principle ways data is used are to :

  • Meet our legal responsibilities as an Equine Passport Issuing Organisation (PIO) as defined in the relevant legislation.
  • Provide information as required by regulatory, statutory or enforcement bodies.
  • Provide member services and support that members receive as a benefit of membership.
  • Provide members with our newsletter and year book (from time to time). Member details are published in the yearbook which is only supplied to current members.
  • Promote activities incidental to the operation of a rare breed pony society and our members interests (e.g. local rare breeds events).
  • Facilitate the general operation of the society, such as providing information about the society, its activities and undertakings, and general communications with data owners by post, email or telephone.
  • Carry out identity verification, complaint investigation, and detection of potential fraud.
  • Enable full use of our website.
  • Understand members needs and how they may be met
  • Maintain records as required to meet the reasonable expectations of our members and contacts.
  • Carry out current and historical analysis of the breed and membership to provide information to support decision making.

What we do not do with your personal information.

EPS only uses data where directly required for the operation of the Society. EPS does not :

  • Use personal data for marketing purposes that are not incidental to the operation of the breed society (e.g. informing members of local shows).
  • Make personal data available to third parties (save those specified below) or marketing organisations.
  • Use personal data for modelling, profiling, or in automated decision making.

Who we share your personal information with.

The organisations with whom we do or may share personal data with are :

  • Regulatory, statutory or enforcement bodies as required to meet our statutory requirements as a PIO.
  • Grassroots Systems Ltd. Grassroots Systems Ltd are our software supplier and provide us with offsite data security facilities and backup member support. We have a General Data Protection (GDPR) regulations compliant data processing agreement in place with them to ensure personal data is managed in compliance with GDPR.
  • The Rare Breeds Survival Trust (RBST) for the purposes of breed analysis. Note that only skeleton personal information is passed to the RBST for the purposes of geographic analysis.
  • In the event of EPS ceasing trading, our PIO operations will be taken over by The Clydesdale Horse Society. This is a statutory requirement and only the specified statutory information will be passed to them. There is no data sharing at any other time.

How we process data.

Data is processed using an industry standard software package. This package is used to store and process data and to produce the outputs supplied to members, passport holders, and bodies with whom we share data.

This system is held on a password protected PC. Encrypted backups are held locally, on the Cloud and by our support provider.

All outputs shared electronically to other bodies are encrypted.

Some data may be held on emails or spreadsheets where required for internal EPS functions. These may be held at Council members home addresses on password protected PCs. This data will be destroyed when it has served its use.

Children

There is special protection for the personal data of a child. The age when a child can give their own consent is 16. If EPS requires consent from young people under 16, consent will be obtained from a parent or guardian in order to process the child’s personal data lawfully.

How long do we retain personal information.

  • Information relating to the breeder of a pony, and anyone who owned a pony, will be retained for a minimum of 35 years, or until 2 years after the death of the pony as required by legislation.
  • Information relating to members who are neither breeders nor pony owners will be retained as long as they are members, and thereafter for research and analysis purposes unless we are requested to remove it.
  • Personal data relating to deceased ponies, will be kept indefinitely for the purposes of historical research and to maintain the historical integrity of the studbook.
  • Other information such as that relating to suppliers, press, equine industry contacts and others who we contact or who contact us in the course of the society’s operations will be kept as long as its retention and use is in ways the data owner could reasonably expect us to use their data.

Your rights.

1.    Access to information.

You have the right to be supplied with a copy of the personal data that we hold about you. Where such a request is made we will provide the information within 30 days.

2.    Correcting information.

EPS will endeavour to make sure that all personal data is correct and current. You have the right to ask us to correct any data that you believe is not correct or current, and we will make the required changes.

3.    Deletion of personal data.

You have the right to ask us to delete your personal data where :

  • You consider that it is no longer required to meet statutory or contractual needs. Note that such data can only be deleted if the statutory of contractual need has lapsed
  • You consider that the personal data held is in excess of what is required to meet statutory or contractual needs, in which case the excess information can be requested to be deleted.
  • We are using information with your consent and you withdraw that consent.

You have lodged a valid objection to our use of that information.

4.    Data portability.

You can ask us to pass your information to another organisation. We can only pass such data where doing so it does not conflict with our legal obligations as a PIO.

5.    Right to Object.

In addition to the right to have personal data deleted, individuals have the right to object on the basis of ‘grounds relating to his or her particular situation’ to:

  • Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)
  • Processing for purposes of scientific/historical research and statistics.

You can ask us to pass your information to another organisation. We can only pass such data where doing so it does not conflict with our legal obligations as a PIO.

Changes to this privacy statement.

EPS will keep this privacy statement under regular review and will place any updates on this website. Paper copies of the privacy statement may also be obtained by using the contact form.Click to add text, images, and other content