The Arc 1950 Owners’ Association (OA) is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently. This privacy notice sets out, in line with GDPR, the types of personal data that we collect and process about our members and web-site visitors. It also sets out how we use that information, how long we keep it for and other relevant information about your data.
Who we are
The OA is a voluntary membership Association for the benefit of owners of apartments in the village of Arc 1950, France. Our registered surface address is:
The Arc 1950 Owners’ Association, 252 Refuge du Montagnard , Arc 1950 le Village, France 73700
note: please where possible email email@example.com, as the above postal address is only intermittently checked for physical mail.
Data protection principles
In relation to your personal data, acting in our capacity as a data Controller, we will:
- process it fairly, lawfully and in a clear, transparent way
- collect your data only for specified and specific purposes
- only collect the minimum information we need to meet the purpose
- only use it in the way that we have told you about
- ensure it is correct and up to date
- keep your data only for as long as we need it
- process it securely, reducing the risk of it being lost or stolen
What data we collect about you
Personal data means any information capable of identifying an individual. It does not include anonymized data. We process certain types of personal data about you as follows:
- Identity Data : first name, surname, address in Arc 1950
- Contact Data : email address, telephone number, ‘home’ city and country
- Transaction Data will include details about payments between us
- Technical Data may include your login data, internet protocol addresses, browser and other technology on the devices you use to access the Site
- Profile Data including your username and survey/ voting responses, and AGM attendance
Where we are required to collect personal data under the terms of the contract between us if you do not provide us with that data, we may not be able to perform the contract (for example, to enable access to the members only areas of the website).
Why we process your data
There are 6 lawful reasons for processing personal data, which are:
- You give consent for us to process your data
- It is necessary to fulfill a contractual obligation with you
- There is a regulatory obligation on us to do so
- It is in the legitimate interest of the Association to do so
- It is in the public interest to do so
- It is in your vital interest to do so.
Our reasons for processing your data, types as above, are:
|Purpose/Activity||Type of data||Lawful basis for processing|
|To register you as a member, validation of right to membership, and specific access dependent on residence within the Village||(a) Identity
|Performance of a contract with you (i.e. provide membership services)|
|To manage payments, fees and charges associated with your membership||(a) Identity
|Performance of a contract with you|
|Necessary for our legitimate interests to keep our records updated and to provide the services|
|To administer and protect our Association and our site (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity
|Necessary for our legitimate interests for running the association, provision of administration and IT services, network security|
|To make suggestions and recommendations to you about member services that may be of specific interest to you||(a) Identity
|Necessary for our legitimate interests to develop the Association|
|Ensuring that we meet our legal obligations to observe the statutes of the Association with regards to voting majorities, and keep a record of decision making||(a) Identity
How we Collect Your Data
We collect personal data about you through:
- Direct Interactions: You may provide data when filling in forms on the Association web-site, including applying for membership; by communicating with us by post, phone, email, or otherwise
- Automated technologies or interactions: As you use the Association website, we may automatically collect Technical Data about your equipment, browsing actions and usage patterns. We collect this data by using cookies, server logs and similar technologies
- We do not collect any sensitive or special category data
It is not our intent to process data from anyone under the age of 16. If you are aware of anyone having submitted data to us relating to an individual under the age of 16, please let us know at firstname.lastname@example.org and will immediately stop processing and delete any personal data relating to that individual. If we become aware of having been provided data relating to an individual under the age of 16 (without parental consent) we will immediately stop processing and delete any personal data relating to that individual.
Sharing your data
Your data will be shared within the committees of the Association where necessary for the elected representatives to undertake their duties. We do not share your information with other members without your express and recorded permission.
In the normal course of events we do not share your data with any other third parties. However, we may share your data with third parties should the Association be disbanded, or for other reasons to comply with a legal obligation upon us.
Your data is held in our CRM, Salesforce for Non Profits, and is retained within their EU datacentres.
Our website is hosted by Birch Hosting which will hold cookie information about your logins.
Protecting your data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We have implemented processes to guard against such losses including instructions on the storing and sharing of personal data to all Association officials handling such data. We also used trusted third parties for the processing of your data
Where we use third parties to process your data, we and they are bound by written contracts ensuring that your data are held securely and in line with GDPR requirements.
Third parties must implement appropriate technical and organisational measures to ensure the security of your data. You can link to their specific Data Privacy Polices here:
We do not share your data outside the European Economic Area.
How long we keep your data for
In line with data protection principles, we only keep your data for as long as necessary. Personal Data is retained for the duration of membership, and then identity and contact data (as specified above) for a period of 10 years from the end of the year of leaving unless you request that delete it.
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold on you. These are:
- the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice
- the right of access. You have the right to access the data that we hold on you. To do so, you should make a Subject Access Request. Please send any SAR to email@example.com, copying our data manager firstname.lastname@example.org
- the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you can require us to correct it
- the right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it
- the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct
- the right to portability. You may transfer the data that we hold on you for your own purposes
- the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests
- the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects you.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Note that within the OA there are no usages of data that rely on the legal basis of “consent” for processing.
If you wish to exercise any of the rights explained above, please contact our Data Manager at email@example.com
How to complain
We strive to meet the highest standards when collecting and using personal information. Complaints are taken very seriously, and data subjects are encouraged to bring any issues to our attention.
To do this either e-mail or write to:
The OA Data Manager, c/o JEM Data Privacy, Sun House, 24 Castle Hill, Maidenhead SL6 4JJ
If you think your data protection rights have been abused or breached in any way by us, you are able to make a complaint to your national Supervising Authority for data protection matters.
The Supervisory Authority in France is CNIL. https://www.cnil.fr/
Commission Nationale de l’Informatique et des Libertés
3 Place de Fontenoy
75334 PARIS CEDEX 07
Tel: +33 (0)126.96.36.199.22
Fax: +33 (0)188.8.131.52.00
The Supervisory Authority in the UK is the Information Commissioner’s Office (ICO). https://ico.org.uk/concerns/
Or by post, telephone or email:
Information Commissioner’s Office
Tel: +44 (0) 303 123 1113
If resident elsewhere with the EU, you may choose to register a complaint with your own National Supervising Authority.
Issue date: 16/5/20
Next Review date: 1/5/21