PRIVACY POLICY

The Mercian Regimental Charity is committed to protecting your privacy. When you contact us or visit our websites, your personal information is stored securely and processed fairly as required by the Data Protection Act 2018.

This Privacy Policy explains the following:

  • What information the Mercian Regimental Chairty may collect about you
  • How we will use your information
  • How long your information may be held on our systems
  • Your choices regarding the personal information you provide to us
  • How cookies are used on our websites and the options available to reject these


CHANGES TO OUR PRIVACY POLICY

We may update our privacy policy from time to time, so you may want to check the latest version before providing personal data on our website.


HOW WE COLLECT INFORMATION

We collect personal information when you:

  • Register online, request information or submit an application through our websites
  • Complete a printed form, questionnaire or coupon
  • Contact us by phone, post, email or text message


In addition, information is automatically captured each time you visit our website. We use cookies and collect IP addresses (that can uniquely identify a specific computer or network device on the internet) to track visitors to our websites and prepare management reports.


WHAT WE DO WITH THIS INFORMATION

We use the personal information you provide to answer your requests for information, to make improvements to our website and to engage with you if you are purchasing our products.


WHO WILL HAVE ACCESS TO YOUR INFORMATION

Your personal information may be handled by the companies we use as data processors to provide marketing services and process your applications. These companies must comply strictly with our privacy policies that prohibit the use of personal data for their own business purposes.  We will not share your information with other organisations (unless we are required to do so by law).


If you agree, the information contained in targeting cookies may be shared with other websites so the advertising displayed on these sites is more relevant to you. No personal data will be shared with other websites – only IP addresses, which identify a specific computer or network device.


HOW LONG DO WE KEEP YOUR INFORMATION?

Your information will be held on our systems for as long as is necessary to answer your requests and maintain a dialogue with those individuals who remain interested in the Mercian Regimental Charity.


WILL I BE CONTACTED BY THE MERCIAN REGIMENTAL CHARITY FOR MARKETING PURPOSES?

We will only contact or send information about the Mercian Regimental Charity to those people who have given us permission to do so.


We will only provide information that is relevant to you. If you choose to receive marketing communications, you can change these preferences whenever you contact us or at any time.


WHAT INFORMATION DO WE HOLD ABOUT YOU?

You can request a report detailing all the information we hold about you by writing to the address on our Contact Us page.


WHAT TO DO IF YOU DON'T WANT US TO CONTACT YOU IN THE FUTURE

Write to the address below asking us not to contact you again or send an email to communications@mercianregiment.co.uk


DATA PROTECTION

More information about the Data Protection Act 2018 and your rights can be found on the Information Commissioner's Office website.

OUR COMMITMENT TO GDPR

The EU General Data Protection Regulation (GDPR) replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC), strengthening the rights that EU individuals have over their data, and creating a uniform data protection law across Europe.


Under the direction of HQ Infantry and the MoD; RHQ, The Mercian Regiment comply with applicable GDPR regulations as a data controller.


GDPR ‘LEAD’

The designated GDPR lead is the Regimental Secretary. You can contact the Regimental Secretary through our 'Contact Us' pages.


WHERE DO WE STAND?

We are committed to address EU data protection requirements applicable to us as a data controller.


DATA CONTROL

Our ability to fulfil our obligations as data controller of our ‘customer’s’ personal data is part of our compliance with GDPR.  Our responsibility is to contact all parties we hold personal data on and ensure agreements and procedures contain appropriate provisions for personal data we store.  We pledge to balance the risks and responsibilities as a data controller.


THIRD-PARTY AUDITS AND CERTIFICATIONS

RHQ, The Mercian Regiment will, as directed, undertake routine ‘independent’ third party audits from HQ Infantry and/or appointed MoD departments responsible for GDPR.  The audit is likely to cover internal governance, routine operations, change management and data backups.  The audits will confirm we have the appropriate controls and processes in place and that they are actively functioning appropriately.


Third-party audits will offer independent verification that our practices deliver a ‘mandated’ standard of security measures.  Furthermore, assuring our system is designed to cover key elements of data processing and integrity.  As all ‘customers’ are concerned with their data and its security, RHQ, The Mercian Regiment has integrated controls into our operating procedures. These procedures span the organisation. The key components include: 


  • Corporate Governance: How we provide oversight of our business and people.
  • Change Management: How we make sure changes are tracked and properly reviewed.
  • Access Control and Management: Who has access to our platform operations and how this access is managed.
  • Data Redundancy and Backup: How data is kept safe and stored in the event of adversity.


DATA PORTABILITY

The GDPR includes certain requirements on data controllers for the portability of personal data. RHQ, The Mercian Regiment does not transport or export ‘customer’ data, therefore, Data portability is Not Applicable.


STAY INFORMED

The organisation pledges to ‘Stay abreast’ of updated regulatory guidance as it becomes available and will consider consulting a legal expert to obtain applicable guidance if deemed necessary.  All staff are recommended to (routinely) review the Information Commissioner's website, which is the UK representative within the EU working group: Article 29.