1. Contact Details
2.1 This Website contains links to other websites. Please note that we are not responsible for the privacy practices of other websites. This privacy statement applies solely to information collected by this Website.
3. How YAS handles personal data
3.2 We are committed to good information handling principles and the privacy and confidentiality of any personal information we deal with including that of our Website visitors and persons we deal with via other means (see above).
5. What is personal information?
5.1 “Personal Information” has the same meaning as personal data. Personal data is defined in data privacy laws applicable in your country. It includes any information relating to an identified or identifiable natural person. This means any individual who can be identified directly or indirectly by reference to an identifier such as name, identification number, location data, online identifiers (for example, IP addresses – if they can be used to identify you) or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Put simply, this includes data which either by itself or with other data held by us or available to us, can be used to identify you.
5.2 Personal information also includes special or sensitive categories of personal data. This is data about your racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning your health or sexual orientation etc.
6. The categories of personal information we may collect
6.1 Personal information collected from you may include the following:
(a) your full name, Membership number, postal address, e-mail address, telephone numbers; bank and card details where you make payments to us;
(b) any other Personal Information which you voluntarily provide to us from time to time.
6.2 We may combine or supplement this information with other information that we hold about you if you are a YorkAstro member, or have made inquiries of us before or from third party sources. We will not obtain information from publicly available sources such as the electoral roll, or other third parties.
6.3 If you communicate with us by email over the internet you should be aware that the nature of the internet may not be secure and may pass through several different countries on route to us. Please do not email us with confidential or sensitive information such as your credit card details. We comply with data privacy laws in relation to security, but cannot accept responsibility for unauthorized access to your information that is outside our control. Further information regarding our approach to the security of personal information is included in the section below on Security of personal information.
7. Third party’s personal information
7.1 If you give us personal information about another person, in doing so you confirm that they have given you their prior permission to provide it to us and for us to be able to process their personal data (including any sensitive personal data).
7.2 You must also ensure this and other relevant privacy policies are brought to their attention so they can review how their personal information may be used.
8. The purposes for which we use personal information
8.1 We will only use your personal information for the purposes that you would reasonably anticipate or that we state when we collect it and, where necessary, for which you have given us your consent.
8.2 Some of these purposes may include the following:
(a) if you choose to register to receive information or enquire about our activities;
(b) if you choose to receive newsletters and details of events;
(c) to conduct surveys to evaluate our events and membership;
(d) for the purposes of accounting and to manage and audit our operations;
(e) where you have provided your consent, or otherwise in accordance with applicable data;
(f) protection and marketing laws, to contact you occasionally to inform you of new services we will be providing or we consider will be of interest to you;
(g) processing your request for information or to exercise any rights;
(h) diagnosing any problems with our server and administer our Website;
(i) research and analysis and developing statistics;
(j) complying with legal and regulatory requirements; and establishing and defence of legal rights;
(k) the legal basis for our use and other processing of your personal information under applicable data privacy laws;
8.3 We have described above the purposes for which we may use and otherwise process your personal information in connection with the Website or for our business purposes. We are required by law to indicate to you the legal basis for this use and other processing. This will include (as relevant):
(a) in order that we may perform our services and obligations under any contract with you;
(b) processing for legitimate commercial interests provided these are not overridden by your interests and fundamental rights and freedoms;
(c) processing which is necessary for compliance with our legal obligations laid down by European Union law (where relevant) and by national laws in all of our countries.
8.4 Your consent may also be a lawful reason for processing your personal information in certain cases. This means your freely given, specific, informed and unambiguous consent which may be collected from you at the time at which it is requested including in relation to any direct marketing communications, see “Keeping you informed” below.
8.5 You should be aware that you are entitled under applicable data privacy law to withdraw your consent, where that has been given, at any time. You should be aware that if you do this and if there is no alternative lawful reason for us to rely on to justify the relevant use or other processing on your personal information, this may affect our ability to provide our services.
9. Keeping you informed
9.1 We will keep your name, address and contact details (including telephone numbers and email addresses) on our databases and (unless you have opted-out of this at the point at which we first collected your details from you) we may from time to time use that information to make you aware of our own same or similar activities which may be of interest to you. We may contact you in writing, by telephone, text message or email. If at any time you decide that you do not want your contact details used for these purposes, please contact us.
9.2 We will disclose personal information to third parties who act for us for further processing in accordance with the purposes for which the personal data was originally collected or for purposes to which you have subsequently consented. Where we are making arrangements on your behalf, we may need to pass your information to third parties to conclude those arrangements. For example, (a) to comply with the legal requirement and regulatory requirements, for the administration of justice, to protect vital interests, to protect the security or integrity of our databases or this Website, to take precautions against legal liability; (b) with regulatory authorities, courts and governmental agencies to comply with legal orders, legal or regulatory requirements and government requests; (c) we may disclose your personal information in the event of our merger, re-organisation, dissolution or similar event.
9.3 Where appropriate, before disclosing personal information to a third party, we contractually require the third party to take adequate precautions to protect that data and to comply with applicable privacy laws.
10.2 Most browsers allow you to turn off the cookie function. If you want to know how to do this, please look at the help menu on your browser. However, if you turn off the cookie function your use of the Website may be impaired.
11. Retention of your personal information
11.1 We keep your personal information for no longer than is necessary to fulfil the purposes for which it was collected as described above.
11.2 The criteria we use to determine data retention periods for personal information includes the following:
(a) Retention in case of queries. We will retain it for a reasonable period (up to 5 years) in case of queries from you;
(b) Retention in case of claims. We will retain it for the period in which you might legally bring claims against us (in the UK this means we will retain it for 6 years);
(c) Retention in accordance with legal and regulatory requirements. We will consider whether we need to retain it after the period described in (ii) because of a legal or regulatory requirement.
If you would like further information about our data retention practices please contact us (see Contact us below).
12. Security of Personal Information
12.1 We endeavour to use appropriate technical and physical security measures to protect personal information which is transmitted, stored or otherwise processed from an accidental or unlawful destruction, loss, alteration, unauthorised disclosure of or access in connection with our Website. These measures include computer safeguards and secured files and facilities. Our service providers are also selected carefully and required to use appropriate protective measures.
12.2 In particular, we endeavour to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including as appropriate: (a) pseudonymisation (such as where data is separated from direct identifiers so that linkage to an identity is not possible without additional information that is held separately) and encryption, (b) ensuring the ongoing confidentiality, integrity, availability and resilience of systems and services used to process your personal information, (c) ensuring the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; and (d) ensuring a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational security measures.
13. Individual rights
13.1 You have various rights under data privacy laws. These may include (as relevant) the right to:
(a) access information held about you. You must make your request in writing and provide us with enough information to permit us to identify your personal information. A small statutory fee may be payable and in certain circumstances under the privacy laws, we may not be required to provide all the details of personal data held;
(b) amend and rectify personal information that is inaccurate and notify any third party recipients of the necessary changes;
(c) request restriction of processing concerning you or to object to the processing of your personal information;
(d) the right to request the erasure of your personal information where it is no longer necessary for us to retain it;
(e) the right to data portability including to obtain personal information in a commonly used machine-readable format in certain circumstances such as where our processing of it is based on a consent;
(f) the right to object to automated decision making including profiling (if any) that has a legal or significant effect on you as an individual; and
(g) the right to withdraw your consent to any processing for which you have previously given that consent.
13.2 Please see the contact details in the Contact Us section below if you wish to exercise any rights. We endeavour to acknowledge requests within 72 hours and full information will be sent promptly and within the relevant statutory timescale.
14. Links to other websites
15. International Transfers
15.1 Due to the global nature of the internet and many businesses, it may be that your personal information will from time to time be transferred to, or accessed by, parties located in other countries, including outside the European Economic Area (“EEA”). These other countries will either have different data protection laws than your country of residence or they may not have data protection laws. They may not be deemed by the European Commission as providing adequate protection for Personal Information.
15.2 Where such processing may occur outside of the EEA, steps will be taken to put in place safeguards (including around security) to protect your Personal Information when it is in these other countries and ensure there is adequate and appropriate protection for any personal data outside the EEA. This includes the use of European Model Clause contracts. You can find out what these are here: http://ec.europa.eu/justice/data-protection/international-transfers/transfer/index_en.htm. If you have any questions please contact us (see Contact Us below).
15.3 Your right to lodge complaints with the data privacy supervisory authority in your country
15.4 In addition to any other administrative or judicial remedy you might have, you have the right to lodge a complaint with the relevant data protection supervisory authority if you consider that we have infringed applicable data privacy laws when processing your personal information. The data privacy regulator’s details in the UK are as follows: Information Commissioner’s Office and their website is: https://ico.org.uk/ (which includes their current contact details).
16. Access Rights
16.1 Under the Data Protection Act 1998, you may request details of personal information that YAS holds about you, which is freely available for YAS members via “update your preferences” link at the bottom of our regular (MailChimp) email Newsletters. However, if you wish to request a printed copy, please email us via our on-line Contact Us form, enclosing a bank transfer payment for £35  in respect of the statutory fee. When writing to us, please state your name and postal address and provide brief details of the information that you require.
16.2 If you believe that any information YAS holds about you is incorrect or incomplete, please update them via your “update your preferences” link at the bottom of our email Newsletters or please email us via our on-line Contact Us form and we will endeavour to correct any incorrect information as soon as possible. [Last Updated: 18/2/2021]