The FDA is committed to safeguarding the privacy of members data and that of any visitors to the FDA’s websites or social media sites. This policy sets out how we will treat your personal information.
The policy reflects our duties under the General Data Protection Regulation and the UK’s Data Protection Act 2018 to let you know what we do with your data, how we keep it secure, make sure it is accurate, keep it up to date and how long we will retain it for.
Under the General Data Protection Regulation, you have the following rights:
- You have the right to be informed about the collection and use of your personal data.
- You have the right to access your personal data and any supplementary information.
- You have the right to have inaccurate personal data rectified, or completed if it is incomplete.
- You have the right to have personal data erased.
- You have the right to request the restriction or suppression of your personal data.
- You have the right to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way without hindrance to portability.
- You have rights in relation to automated decision making and profiling. The FDA does not use automated processes and will make sure that rights are protected if we introduce any automated decision making.
- You have the right to lodge a complaint with a supervisory authority which in the UK is the Information Commissioners Officer www.ico.org.uk.
Right to object
You have the right to object to how we process your personal data. You can do so by contacting the Data Protection Officer at DPO@fda.org.uk.
You will find out more about making Subject Access Requests later in this policy. To find out how to exercise any other rights or for more information please contact the Data Protection Officer at DPO@fda.org.uk.
This policy may change from time to time so please check in again so that we can keep you informed of our privacy actions.
The FDA is the data controller. Our contact details are:
39 York Road
London SE1 7NQ
020 7401 5555
Data protection officer
The FDA has appointed a Data Protection Officer who can be contacted at the above address or by email on DPO@fda.org.uk.
How the FDA processes your personal data
All information that the FDA holds about you as a member is held and processed strictly in accordance with the provisions of the General Data Protection Regulation. The lawful basis we use to process your data is that we carry out processing which is necessary to conduct our legitimate activities as a trade union and in connection with our contract with our members. In relation to special categories of data, that we carry out processing in the course of our legitimate activities as a trade union.
As an individual you have a statutory right to object to the FDA processing your data. If you wish to do so you must contact the Data Protection Officer DPO@fda.org.uk.
As a visitor to our website please see our Cookies policy so you know what information is collected when you visit the site.
If you are a member of FDA, we use your data to manage your membership record and our relationship with you as a valued member. It will be used so that we can provide you with information about the FDA’s activities and for other trade union related purposes only. We will never share your data with companies outside the FDA for their marketing.
We process the data you provide to enable us to carry out our legitimate interests and activities as a trade union and to help us deliver services to you. We use some or all of the data provided for trade union related interests and activities. These include:
- Keeping your membership record up to date and accurate
- Payment of subscriptions
- Activities related to being a member of a trade union
- To access membership benefits
- Contact you about union activity, membership benefits and other important information relating to your membership
- To provide offers of membership and invite people to get involved in our activities and events
Categories of data
Trade Union membership is defined as special category data by the General Data Protection Regulation. This replaces the definition of sensitive personal data in the Data Protection Act 1998. Because we are a trade union, the FDA is able to process special category data that relates to our members and former members or to persons who have regular contact with the FDA in connection with our purposes as a union.
Sharing of information
A) Using your personal data within the FDA
Some of your personal data will be available to FDA’s employees, full time officials, branch convenors, workplace representatives and others authorised by the FDA for the purposes of carrying out trade union duties.
The type of personal data shared will be limited and relevant to the purpose for which the data is used, for example workplace representatives may be given access to your workplace contact details.
The FDA asks members to volunteer information about ethnicity, gender, sexual orientation, religion or belief and disability. Such information may from time to time be used by the FDA for the purposes of monitoring and analysis only. When this is done any information will be anonymised. It is entirely up to each individual whether to provide this data. Doing so does help us make sure that our services benefit all members.
B) Sharing your personal data with the FDA's third party providers
We use a number of third party providers to help us provide our services to you. So that these services are effective the FDA shares an appropriate level of personal data with them for the conduct of the services they provide. Organisations include those carrying out:
- Ballots administration – the FDA uses Popularis to administer members ballots.
- Election administration – the FDA uses Popularis to administer elections for the FDA.
- IT Systems support – the FDA uses BluSys, Miller Tech and C2 to provide IT and membership system support.
- PSM – the FDA uses Captiv8 and Lexographic to produce and distribute our members journal PSM.
- Mailchimp – please see Updating membership records and communications.
- Surveys – We can use SurveyMonkey to conduct membership surveys. SurveyMonkey processes data on servers located in the United States of America (USA). To make sure that this data is protected to the same standards as applied to EU organisations SurveyMonkey is a signatory to Privacy Shield which is an equivalence agreement between the USA and EU for data protection. Participation in our surveys is entirely voluntary.
The FDA provides members with a range of benefits through our dedicated programme FDA Portfolio. These services are provided by Parliament Hill on behalf of the FDA. The FDA does not share any of your personal data with Parliament Hill or with any of their benefit providers.
Benefits are accessed online. When you click onto a benefit you transfer to the website of the relevant benefit provider. FDA advises members to read the privacy notice of that provider to understand how they process any personal data they collect.
The FDA provides members with a personal development programme FDA Learn or for Keystone members Keyskills. Registration and payment for courses is handled by Eventbrite. The FDA does not share any of your personal data with Eventbrite. You should read the Eventbrite privacy notice to understand how they process any personal data you provide.
Our experience is that members will have more than one spell of membership so we retain data so it is easier for members when they re-apply for membership. We also know that there are times when we need to help ex-members for example with queries on pensions and calculation of redundancy payments. Because of this we would like to retain your data but if you do not want us to retain your data then do tell us and we will remove you from our membership system. This may mean however we are unable to provide assistance on issues that occur after we have deleted the record.
Where a member has received casework support or has been involved in legal proceedings we will retain records for at least 6 years from the date the issue is resolved. We may need to retain your record for legal reasons and will of course explain our reasons for doing so.
Updating membership records and communications
So that we can communicate with you effectively it is important that the contact details we hold for you are up to date. You can check your personal details are accurate and amend them by logging into the members' area of the FDA website.
Our system will periodically prompt you to login and check the data we hold on you is accurate and up to date. In addition we ask you to review your data when we renew your membership cards each year.
Your membership data is processed to enable to us to meet our legitimate activities and to keep you informed. We send our members regular communication by email to their designated email addresses.
To help keep in touch with you we may use Mailchimp for distributing email newsletters. Mailchimp processes data on servers located in the United States of America (USA). To make sure that this data is protected to the same standards as applied to EU organisations Mailchimp is a signatory to Privacy Shield which is an equivalence agreement between the USA and EU for data protection. You can unsubscribe from Mailchimp newsletters at any time by clicking the unsubscribe button at the bottom of these emails. Any request to unsubscribe will take place immediately.
Cookies and Cookies Policy
Social media buttons
When you browse our website and communications you will see “social buttons” such as share buttons for Twitter, LinkedIn and Facebook.
When you click on these buttons these sites will be registering that action and may use that information to improve their services.
You should check the respective policies of each of these sites to see exactly how they use your information and to find out how to delete or control such information.
External web services
We use a number of external web services on the FDA website and in email communications mostly to display content of interest to members. For example to show videos we use YouTube or Vimeo.
The FDA uses industry standard protection to safeguard the confidentiality of your personally identifiable information such as firewalls and SSL (secure socket layers). We make every effort to protect against the loss, misuse and alteration of information under our control. However, data transmission over the internet is inherently insecure and you should take steps to protect any information you send to us.
If you have elected to use the join online or use the members' area of the FDA website, your FDA membership information is password protected so that only you can access it and view the member information relevant to your account. Ultimately, you are responsible for maintaining the secrecy of your passwords. We do everything in our power to protect your information offline and only authorised personnel can view your data.
The FDA has a separate policy that explains how we handle data in paper files and other formats. A copy of this can be requested through the Data Protection Officer DPO@fda.org.uk.
Access to your personal data
You have the right to access any personal data we hold on you. This is called a Subject Access Request (SAR).
We will not charge you for providing data unless the request is manifestly unfounded or excessive or repetitive.
Our aim is to respond to your request immediately and not longer than one month after the request was made.
When you make a request, it is helpful if you can say what of your personal data you are seeking.
Subject Access Requests can be sent to the FDA’s Data Protection Officer in the following ways:
By Post: FDA, 6th Floor, Elizabeth House, 39 York Road, London SE1 7NQ
By email: DPO@fda.org.uk