>

Data Protection and Privacy Policy

Introduction

As an association, we are committed to handling the information you entrust to us in a secure and responsible manner. This Privacy Policy relates to our use of any personal information we collect from you via our website, social media and events. It also covers any data collected via email, over the phone, via post, or in person.

The Arboricultural Association is the Data Controller and Data Processor of any personal information you provide to us. The information you supply will be used to process your application for membership/accreditation, training, event bookings, product sales, newsletter subscription, advertising or sponsorship.

The Arboricultural Association is a registered charity (company number 1083845) whose registered office is at The Malthouse, Stroud Green, Standish, Stonehouse, Gloucestershire, GL10 3DL. Our trading arm, Arboricultural Association Trading Limited is registered at the same address (company number 05180170).

The Arboricultural Association is a registered data controller with Information Commissioner’s Office UK (ICO), registration number Z1089182.

What information do we collect and how?

We collect:

  • Information you provide to us. For example this might be via the membership application/renewal/assessment process, through the booking of a training course/event or subscribing to one of our e-Newsletters. We also collect data provided via emails, telephone conversations, face to face discussion, questionnaires or postal correspondence;
  • Details of purchases from our online book store;
  • Information on what you view or access on our website or emails. Our Cookie policy is available to view on our website for more information;
  • We also collect data on devices/technology used to access our website;
  • Information from your social media account but only where you have given us permission to use it. For example, images submitted via Facebook, Instagram and Twitter;
  • We may also collect data where you have consented for other organisations to lawfully share data with us.

How do we use your information?

We use the information we collect for the following:

  • To provide you with the services included as part of your membership or accreditation subscription;
  • To provide you with services related to your training or event registrations;
  • To send you products you have purchased from us;
  • To reply to any questions, complaints, or queries, and to process refunds;
  • To update you on our work and keep you informed including Annual General Meeting dates and Trustee elections (members only);
  • To personalise our communications with you. This may include using the data we hold to create a profile for you to provide you with more tailored information e.g. highlighting courses taking place in your area;
  • To keep you up to date with activities you have indicated you are interested in;
  • To reach out to you on third party websites and social media;
  • To remember your preferences when you use our website;
  • To allow us to better understand our members and customers;
  • To gather statistics about our customers, members and their opinions so we can improve our services;
  • To allow us to maintain our statutory records to fulfil our legal and regulatory obligations and pay our taxes;
  • To plan day to day activities e.g. managing stock;
  • To help us learn more about individuals working within the Arboricultural industry so we can adapt our work to best support their needs.

Who do we share data with?

Occasionally the Arboricultural Association may provide limited data to third parties that provide membership or training related products and services. These may include:

  • Event organisers, venues, Health and Safety staff and medical staff if you are participating in an event;
  • Taylor and Francis, our Journal Publisher so they can provide eligible members with electronic access to the Journal and postal copies;
  • Payment services, such as WorldPay;
  • Email campaign providers, printers and mailing houses;
  • International Society of Arboriculture, where student members are granted dual membership;
  • Society for the Environment, where you hold a CEnv or REnvTech certification issued by us;
  • The Police, local authorities or Her Majesty’s Revenue and Customs (HMRC), the courts or any other government body if lawfully requested and where legally obliged to do so;
  • Social media – any social media posts you send to us will be shared under the terms of the platform used and could be made public. We do not control these platforms and cannot accept responsibility for your submissions being shared more widely;
  • If you are an approved member of the Arboricultural Association Accreditation Schemes, your supplied directory information will be made available to the general public via our website directories, you have control over the information shown;
  • A list of new and recently upgraded qualified (Technician grade and higher) members is printed in each issue of the magazine. The member’s name and shipping county is shown, along with their country of abode for members outside of the UK, a member may choose to opt out from this listing;
  • Approved Contractor directory and assessment data is shared with  SSiP and UKTC, and at your request, may be shared with Trustmark and Yellow Pages to promote the member’s accreditation.

Legal basis for processing

The legal basis for the processing of your data relates to the information provided and the context in which it was collected.

We will only use your information where:

  • We have your consent to do so
  • We need the personal information to perform a contract to you, e.g. membership
  • We have a legitimate interest in processing your data e.g. using your purchase informaton to produce statistics to understand industry trends

Managing communications

You can stop all email and postal communications you are sent. You can either Unsubscribe by clicking the link in our emails, or by informing us of your preferences via email, post or telephone. Whereever possible we will cease communications immediately upon being informed.

From May 2018 you will also be able to update your preferences on your online profile and select:

  • The type of communication you wish to receive;
  • And, in some cases, how you receive communications.

Managing your information

You can access, correct, update or request deletion of your personal information at any time, either through your online account or by contacting us, by phone, email or letter.

Deletion of data will be carried out on the understanding that removal of some information (e.g. addresses) during an active membership term may negatively affect the level of benefit achieved from their membership. Please note we cannot delete address information that is attached to invoices as financial information must be held for 7 years for tax purposes.

You can request that we restrict processing of your personal information, object to processing of your information or request portability of your personal information.

For these requests please email us at admin@trees.org.uk, write to us at The Malthouse, Standish, Stonehouse, GL10 3DL, or telephone 01242 522 152. We will comply with your request where your rights have been exercised in accordance with applicable laws.

If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.

If you have any worries or complaints about the way we use your information, please get in touch with us. We’ll do our best to set your mind at ease. And if you feel we’re not meeting the high standards we expect of ourselves, you’re within your rights to tell the UK Information Commissioner’s Office (ICO).

How long will we keep your information?

After three years of inactivity on your account we will cease to process your information in anyway unless you have an active subscription to our newsletters.We will keep your information for up to seven years after your last interaction. This period allows for individuals who have undertaken certain courses with us to return to recertify and allows us to support any future interaction with us. After seven years your information will be securely deleted. 

Please note that if you would like us to stop processing your data or would like your information deleted before this time, you can submit a request to us at any point via admin@trees.org.uk or by phone or post.

Where data is held

Wherever possible we will seek to store your personal information within the UK or EU. However, in some instances the information we hold may to transferred to suppliers with systems hosted outside of the EU.

Where services we use store data outside of the EU, we ensure that their policies and procedures meet the same high standards as those utilised in the EU.

Our finance package NetSuite Inc. is hosted in the USA and is certified as providing an adequate level of Protection under the EU-U.S. Privacy Shield Framework they are also working to ensure full GDPR compliance.

We occasionally use Survey Monkey to send out surveys and MailChimp to manage email campaigns, both services are hosted in the USA and are either certified as providing an adequate level of Protection under the EU-U.S. Privacy Shield Framework and are GDPR compliant.

Other systems used to hold or process your personal information are Oomi, our CRM system a product of Centerpoint Computer Services Ltd and Kentico which is our web platform, both of which are hosted within the EU and are GDPR compliant.

Security of your information

We regularly review and update our data handling procedures and ensure that appropriate technical security measures are in place to safeguard your information. We are Payment Card Industry’s Data Security standards (PCI-DSS) compliant with our payment gateway Worldpay and we securely dispose of any hardcopy personal information in accordance with industry best practice. Whereever possible we try to minimise the amount of data we hold and ensure that our devices are secure and well protected. 

Updates to this policy

We may need to update this policy from to time to time. Whenever we make changes to this policy we will endeavour to contact you in advance by your registered email address. If we do not hold email details for you, please look out for the notices on our websites and materials which indicate we have changed this policy. If you continue to share information with us or use our websites after we’ve changed our policy, we’ll take it that you accept the changes.

How we use cookies

A cookie is a small file which asks permission to be placed on your computer's hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to customer needs. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.

Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Thank you for taking the time to read our policy.

Data Protection Policy

To read our policy in full please download from the link below:

Data Protection and Privacy Policy