Frequently Asked Data Protection Questions

WHO IS RESPONSIBLE FOR MY PERSONAL INFORMATION?

The National Memorial Arboretum is the Data Controller of any personal information that you submit to us. This means that we are responsible for the safety of your personal information. However, other organisations that undertake work on our behalf may also see your personal information as and when this is necessary. Any organisation that works on behalf of the National Memorial Arboretum must adhere to our rules on data protection.

As Data Controller, we have a duty of care to ensure that our employees, our volunteers and those acting on our behalf, respect your right to confidentiality and ensure that information is only used for the purpose it was provided for.

HOW IS MY PERSONAL INFORMATION STORED?

Your information is held confidentially on paper or in secure computer files. We have taken steps to ensure that our systems and procedures prevent unauthorised access and unlawful disclosure.

WHY DOES THE NATIONAL MEMORIAL ARBORETUM PROCESS PERSONAL DATA?

We need to process personal data to carry out our charitable work and to raise funds. A full description of our uses of personal data is given in our register entries under the Data Protection Act. These register entries are publicly available from The Office of the Information Commissioner whose address can be found at the foot of this page.

DO I HAVE THE RIGHT TO SEE PERSONAL DATA THAT THE Arboretum HOLDS ABOUT ME?

Yes. This is an important right that you have under the Data Protection Act. You are entitled to ask us whether we hold any personal information about you and, if we do, to be told what it is used for. You are also entitled to know whether we have disclosed your information to any other persons or organisations and to receive a copy of the information we hold about you.

IS THERE ANY PART OF MY PERSONAL INFORMATION THAT I AM NOT ENTITLED TO SEE?

You are normally entitled to see any information that we hold about you, with some specific exceptions. For example, you are not entitled to personal information that contains details about someone else unless the person in question has given their permission to disclose this information to you.

HOW CAN I APPLY FOR SUBJECT ACCESS?

You must contact us in writing (which includes e-mail) and pay a fee of £10 to request a copy of any personal information we may hold about you. However, we will not be able to release any personal information until we are satisfied about your identity and current address. You will need to provide us with enough information to enable us to confirm these details. Written subject access requests should be directed to dataprotection@britishlegion.org.uk. We will respond to your request within 40 days of receiving a completed application form and £10 fee.

WILL ANY OF MY DETAILS BE PASSED OUTSIDE OF THE EUROPEAN ECONOMIC AREA?

For the majority of individuals, personal data will not be passed outside the EEA. Although the Channel Islands and Isle of Man are outside the EEA, the Information Commissioner has advised that they have adequate data protection measures in place.

Further information and advice about data protection is available from:

The Office of the Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire SK9 5AF
Tel: +44 (0) 01625 545 745

www.dataprotection.gov.uk