What information do we collect?
How do we collect information?
How do we use your information?
Sharing of your information
Holding and storing your information
Job applicants and current and former employees
Your rights to accessing your personal data held by ADA
Payment card information
Any personal information collected is protected under the Data Protection Act 2018, which incorporates the General Data Protection Regulations (GDPR). Its purpose is to protect the “rights and freedoms” of natural persons (i.e. living individuals) and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent.
For more on the Data Protection Act 2018 and GDPR, visit the Information Commissioner’s Office website.
ADA is a membership body for those involved in land drainage, flood risk and water level management. Our purpose is to champion and campaign for the sustainable delivery of water level management, offering guidance, information and support to our members across the UK, and informing the public about our members’ essential work.
To enable us to achieve this, we hold information about our members, collaborators and contacts. Data we hold will be used confidentially, and to help us run our services and keep you informed – for example, to collect subscriptions, mail out publications and let you know about relevant conferences, training, services and events.
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you, which we have grouped together as follows:
Generally, we do not collect special categories of personal data, which includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. However, there are occasions when you might provide information to us that falls within this category. This might be for the purposes of event and course organisation where you provide your dietary requirements and access needs which we pass to third parties (our caterers and external venue suppliers) to ensure all of your needs are met.
Where we need to collect personal data by law, or under the terms of an agreement we have with you and you fail to provide that data when requested, we may not be able to perform the agreement we have or are trying to enter into with you. In this case, we may have to cancel a service you have with us, but we will notify you if this is the case at the time.
We may collect some, or all, of this information when you visit our website, depending on how you use it. We also monitor how people use our website so we can improve it. However, you can use our website without giving us any personal information. If you visit our site anonymously, we may however still record information about:
We do this by using cookies, which you can learn more about in the Cookies section below.
We may also receive information about you from third parties, such as credit reference agencies, who are legally entitled to disclose that information.
Data is collected from you and about you in a variety of different ways in order to process your requirements and deliver the services you have requested, including through:
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
You have the right to withdraw consent at any time by contacting ADA. All of our communications provide a clear route for you to opt out and should you wish to change your communication preferences, you can do this at any time, either by emailing email@example.com, or writing to us at Rural Innovation Centre, Avenue H, Stoneleigh Park, Warwickshire, CV8 2LG.
We have set out below a description of all the ways we plan to use personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data. Please contact our data protection officer if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
Type of data
Lawful basis for processing including basis of legitimate interest
|To register you as a member, and inform you via email of privileges relating to membership (if applicable)||
|To manage our relationship with you which will include:
||Necessary to comply with a legal obligation
Necessary for our legitimate interests (to keep our records updated)
|To provide a newsletter via email containing information about, events, training, policy and other ADA related news||
|To provide a magazine via post containing information about, events, training, policy and other ADA related news||
|To register you on one of our events, meetings, workshops, or similar||
|To invite you to speak at one of our events, meetings, workshops, or similar||
||Necessary for our legitimate interests to ensure that we have industry experts speaking at our events|
|To invite you to contribute to our magazine, newsletter, website, or other communications||
||Necessary for our legitimate interests to ensure that our members receive magazines/newsletters that contain relevant articles written by industry experts|
|To respond to any queries that you submit via our websites, or by corresponding with us via post, telephone, or email||
|To enable you to enter a competition or award||
|To administer and protect our business and our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||
||Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
Necessary to comply with a legal obligation
|To use data analytics to improve our website, services, and consumer experiences||
||Necessary for our legitimate interests (to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
We would like to keep you up to date with news about ADA and any activities that will be of interest and benefit to you. We may use your Identity and Contact Data to deliver our electronic newsletter and magazine to you if you have provided your consent.
You have the right to ask us to stop sending you communications at any time by following the opt-out links on any communications sent to you or by contacting firstname.lastname@example.org.
ADA does not share or sell personal information about any member, contact, or customer with third parties for the purposes of marketing.
ADA may disclose your personal information to third parties when permitted by law including:
ADA requires all suppliers with access to personal information collected or maintained by ADA to demonstrate compliance with the relevant legislation.
We retain personal information we collect from you where we have an ongoing legitimate business need to do so, for example, to provide you with a service you have requested, provide access to membership benefits, meet contractual agreements, or to comply with applicable legal, tax or accounting requirements.
When ADA has no ongoing legitimate business need to process your personal information, we will either delete or anonymise it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information until deletion is possible.
We store our data on our own secure server, and on secure cloud based systems.
We have put in place technical and organisational security measures to prevent the loss or unauthorised access of your personal information. However, whilst we have used our best efforts to ensure the security of your data, please be aware that we cannot guarantee the security of information transmitted over the Internet.
If you apply to work at ADA, we will only use the information you give us to process your application and to monitor recruitment statistics. If we want to disclose information to someone outside of ADA, for example if we need a reference, we will make sure we tell you beforehand, unless we are required to disclose this information by law.
If you apply for a job opportunity we will also collect information so we can assess your suitability for the role.
If you are unsuccessful in your job application, we will hold your personal information for a maximum of six months after we’ve finished recruiting the post you applied for. After this date we will destroy or delete your information.
If you begin employment with us, we will put together a file about your employment. We keep the information in this file secure, and will only use it for matters that apply directly to your employment.
Once you stop working for us, we will keep this file according to our record retention guidelines. You can contact us to find out more about this.
You have a right to ask us to stop processing your personal information, and if it’s not necessary for the purpose you provided it to us for (e.g. registering you for an event) we will do so. Contact us on +44 (0)2476 992 889 or email@example.com if you have any concerns.
You have a right to ask for copies of the personal information we hold about you, and details of how we use that information. If there are any discrepancies in the information we provide, please let us know and we will correct them.
You have a right to be ‘forgotten’ by ADA. This will involve us identifying and deleting all data held about you by us where this does not affect ADA’s ability to comply with applicable legal, tax or accounting requirements.
In relation to all of these rights, please email us at firstname.lastname@example.org in the first instance, outlining your specific request. We will then advise you of the process. This will, as a minimum, involve supplying us with proof of your identity to ensure that we only provide personal information to the right person.
In certain circumstances (e.g. where required or permitted by law) we might not be able to provide you with access to some of your personal information, but where appropriate we will notify you of the reasons for this.
You have a right to complain to a data protection authority about our collection and use of your personal information.
If you use your credit or debit card to buy something or pay to register your place at an event online or over the phone, we will ensure that this is done securely.
Following the completion of your transaction, we do not store your credit or debit card details. All card details and validation codes are securely destroyed once the payment has been processed. Only staff authorised and trained to process payments will be able to see your card details.
If we receive an email containing any credit or debit card details, it will be immediately deleted, no payment will be taken and you will be notified about this.
We use SagePay as our payment gateway and you can find out more about this at www.sagepay.co.uk/policies/security-policy.
Cookies are small, often encrypted text files, located in your browser directories. They are used by web developers to help users navigate their websites efficiently and perform certain functions. Due to their core role of enhancing/enabling usability or site processes, disabling cookies may prevent users from using certain websites.
There are different types of cookies, the most common are often referred to as ‘session’ cookies. These are used to keep track of information needed by a user as they travel from page to page within a website. These cookies have a short lifetime and expire within a few minutes of the user leaving the site.
Other types of cookies can be used to track internet activity after the user has left a website. These are either sponsored by organisations external to the website being visited (known as ‘third party’ cookies) or can originate from the website organisation itself (‘first party’ cookies). These usually have a long lifetime with several months being quite common. They are ‘harvested’ and ‘refreshed’ whenever the user visits a page where the same or a similar cookie is being used.
The only third party cookies we use are those required for Google Analytics, a web analytics service provided by Google Inc. (Google). This allows us to track the site’s performance by seeing visitor numbers for example and other tools that allow us study and improve visitor behaviour and interaction. This data is totally anonymous and we cannot identify our visitors or tell anything about them. It allows us to:
If we start using any other third party cookies, we’ll let you know in this statement.
ADA’s website uses Google Analytics. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States.
Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for ADA and providing other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google will not associate your IP address with any other data held by Google. By using our website, you consent to the processing of data about you by Google in the manner and for the purposes set out above.
Internet browsers normally accept cookies by default; however, it is possible to set a browser to reject cookies. If this is done it is important not to exclude the benign and useful session cookies or first party cookies. If you decide to do this you should choose an option that rejects all third parties.
The Data Controller for ADA is Innes Thomson, Chief Executive.
FAO: Data Controller
Address: Rural Innovation Centre, Avenue H, Stoneleigh Park, Warwickshire, CV8 2LG
Tel: 02476 992 889
By continuing to use our website you will be deemed to have accepted such changes.
This policy was last updated on 05 October 2018.