This policy reflects our duties under the General Data Protection Regulation 2016 (GDPR), the Data Protection Act (1998) and all applicable Privacy and Electronic Communication Regulations. It describes how we use personal data fairly, keep it secure, make sure it is accurate and uphold your rights as a data subject.
This policy does not apply to other organisations to which we may link and whose privacy policies may differ.
Please read the following policy to understand how your personal information will be treated. It may change from time to time, so please check back periodically. It was last updated in March 2019.
Who we are
UNISON is the data controller for the information you provide. Our address is:
130 Euston Road
UNISON’s Data Protection Officer can be contacted at firstname.lastname@example.org.
We routinely use your personal data for the following purposes:
The lawful basis for this processing is UNISON pursuing our legitimate interests as a trade union. We may also use legitimate interest as our lawful basis for the following data processing:
Accessing your personal data within UNISON
Some of your personal data will be available to UNISON’s employees, branch officials, workplace representatives and others formally instructed by UNISON for the purposes of carrying out trade union duties.
The type of personal data shared will be relevant to the purpose for which the data is used, so for example, unless you have expressly asked us not to, workplace representatives will be given your workplace details.
UNISON uses industry standard efforts to safeguard the confidentiality of your personally identifiable information, such as firewalls and SSL (secure socket layers). We make every effort to protect the loss, misuse and alteration of information under our control. However, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
If you have elected to use the “MyUNISON” service, your UNISON membership information is password protected so that only you can access it and view the information contained in your account. You are responsible for maintaining the secrecy of your passwords.
UNISON takes data security extremely seriously. Any data protection breaches are handled in line with our UNISON Breach Reporting Policy.
Sharing your personal data with third parties
By third parties, we mean organisations that are not UNISON.
We share your information with third parties such as:
When we share your data, we only share the minimum required for the purpose of the data processing (for example if the purpose is to send you a mailing by post, we wouldn’t share your email address with the mailing house, because they don’t need it). We also ensure that processes are in place so that data is always transferred to third parties securely.
The third parties we share data with are:
For all UNISON members:
For some UNISON members, depending on the membership benefits and services that you choose to access:
We very occasionally share personal data with organisations working to detect or prevent crime, such as the police.
You may be contacted and invited to participate in market research activities by third party organisations acting on UNISON’s behalf. While such research helps us to get valuable feedback on how we work well and where we can get better – and as such your participation is very helpful and always appreciated – you are not obliged to participate in such research. If you don’t want to, simply let the researcher know.
Transfers overseas and safeguards
We don’t routinely transfer your data outside of the UK. Where it is necessary, we ensure appropriate data protection measures are in place.
Retention of data
Retention means how long we keep your data for. We do this in accordance with UNISON’s data retention policy. This includes:
If you would like to know more of see UNISON’s full data retention schedule, click here. (New UNISON Records Retention Schedule – updated March 2019)
Your rights as a data subject
You have rights as a data subject. These rights are:
At UNISON we are committed to upholding your rights as a data subject. If you think we have not done so, please contact email@example.com.
You may also complain to the Information Commissioner’s Office (ICO) if you believe your rights have not been upheld. The ICO is the data protection regulator and their website is: www.ico.org.uk.
There are some types of data processing that we only do if you have given us your consent. These are:
You are in control of what consent you give us. You can withdraw your consent at any time by: logging in to MyUNISON; contacting UNISON Direct on 0800 0 857 857; or contacting your local branch. There will also be instructions on how to unsubscribe included in any direct marketing message that we send to you.
Statutory data requirements
As a trade union, we have a statutory requirement to keep an accurate register of members’ names and addresses. If you wish to be a UNISON member, you must provide this information to us.
Data collected on our website
Personal data collected by this website will only be used for the purposes (or closely related purposes) for which it was collected.
We may use your personal information to:
All emails that we send you are tracked. This helps us to ensure that you only receive emails from us that are of interest to you. You can unsubscribe from emails at anytime by clicking the ‘unsubscribe’ button at the bottom of an email.
When on our website, data may be stored on a “cookie”. This is a tiny element of data that our site can send to your browser, which may then be stored on your hard drive. This small amount of information does NOT contain any private information stored on your computer.
Our cookies policy explains which cookies we use and why, along with where you can find more information about cookies.
Social media buttons
On many of the pages of the site you will see ‘social buttons’, such as share buttons for Twitter, and Facebook ‘Like’ buttons.
When you click on any of these buttons, these sites will be registering that action and may use that information.
You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.
From time to time we may use Facebook advertising to promote UNISON events and campaigns and encourage people to join UNISON. We do not collect any personal data from Facebook profiles. We do not use your member data to target our advertising on Facebook. We do not provide or sell member data to third parties for the purposes of Facebook marketing.
External web services
We use a number of external web services on the UNISON site, mostly to display content within our web pages. For example, to display images we sometimes use Flickr; to show videos we use YouTube. This is not an exhaustive or complete list of the services we use, or might use in the future, when embedding content, but these are the most common.
As with the social buttons, these sites may use information about usage of embedded content. If you are not logged in to these external services, then they will not know who you are but are likely to gather anonymous usage information e.g. number of views, plays, loads etc.
UNISON Croyde Bay Holiday Resort
Croyde Bay Holiday Resort is run by UNISON. UNISON is therefore the data controller for any data you provide if you choose to make a booking at Croyde Bay Holiday Resort. We use this data to book your trip to and to communicate with you about your trip. If you give us your consent, we will also use your data to send you the UNISON Croyde Bay newsletter.