Privacy Notice – Members including applicants and referees

Privacy Notice

BAGIS Members (including during membership application and renewal) and Referees for BAGIS membership

Data Subjects

This Privacy Notice applies to all BAGIS Members, including full, prospective and affiliate Members, including during the application and renewal process (“Members”) and Referees for BAGIS membership (“Referees”).

Purpose of the processing and the lawful basis for the processing

The British Association of Gender Identity Specialists (“BAGIS”, “the association”) will only hold and process personal data on bases which are lawful.

The same personal data may be held and processed for different purposes and, therefore, under different lawful bases, as identified on the form used to collect the data from the subject.

The lawful bases and purposes under which personal data may be processed by the association are as follows.

Legal Obligation {LO}

BAGIS holds and processes the personal data, identified as LO, to enable BAGIS to comply with relevant legislation.

Data held under legal obligation will only be processed for the relevant purposes as is required by law and will only be shared with other organisations as is allowed by law and which are compliant with the General Data Protection Regulation.   This will include the sharing of personal data which are, by law, destined for the public domain.

Legitimate Interest {LI}

BAGIS legitimately needs to hold the personal data, identified as LI, about its Members and Referees for the purpose of administering BAGIS efficiently, effectively and economically in pursuit of its stated objectives.

This will include, but is not limited to, the communication of information relevant to the governance and administration of the association to and between Members, and the sharing of knowledge and expertise between Members specifically to further the legitimate interests of BAGIS Council for the benefit of BAGIS.

Subject Consent {SC}

In your wider role as a Member, we may, subject to your consent, use your personal data to keep you informed of the wider activities of BAGIS, particularly those in which you have special experience and/or expertise or in which you have expressed a particular interest.   This will include providing you with information relating to any events run by BAGIS.

Your personal data will also be used to ensure that any activities which you are required, or are invited, to participate in are appropriately tailored to any specific needs that you have and, where appropriate, any potential for embarrassment is avoided.

BAGIS will not share your personal data with any other individual, group or organisation for any purpose other than those which are directly related to the activities and legitimate interests of BAGIS.

The right to withdraw consent at any time

You have the right to withdraw your consent for BAGIS’ use of your personal data which are provided by you with your consent for use by BAGIS for promoting its general activities and purposes.

You do not have the right to withdraw your consent for BAGIS’ use of your personal data when the lawful basis for BAGIS holding and processing the data is either “Legal Obligation” or “Legitimate Interest”.

The right to require the erasure of your data (right to be forgotten)

You have the right to require BAGIS to erase any or all of your personal data which are held by BAGIS for processing on the lawful basis of Legitimate Interest or Subject Consent.

You do not have the right to require BAGIS to erase any of your personal data held by BAGIS when the lawful basis for holding and processing the data is “Legal Obligation”.

The right to restrict processing

You have the right to require BAGIS to stop processing your data if you reasonably believe that there are significant inaccuracies in the data that we hold or that the way in which we process your data produces inaccurate results

The right to portability

You have the right to require BAGIS to provide you with a printed or computer-readable copy (i.e.: in a standard format which will allow the data to be transferred to another computer) of your personal data that it holds for processing on the basis of Legitimate Interest.

You do not have the right to require the association to provide you with portable copies of data which it holds for the lawful purposes of Legal Obligation or Subject Consent.

The legitimate interests of the controller or third party, where applicable

Legitimate interests of the controller

The legitimate interests of the Controller are:

To ensure that the resources available to the association – volunteers (including members) and income – are used effectively, efficiently and economically to pursue the objectives of BAGIS;

To promote and facilitate communication, cooperation and the sharing of experience and expertise between Members

Legitimate interest of third parties

The legitimate interests of third parties are to ensure that the interests and well-being of the data subject are properly met when activities are carried out on behalf of BAGIS by the third party (e.g.: providing events, providing food).

Any recipient or categories of recipients of the personal data

We may share your personal data:

  • With HM Revenue & Customs, the Police, local authorities, the Courts and any other central or local government bodies where they request it and we may lawfully disclose it, for example for the prevention and detection of crime.
  • With professional advisors (g.: our lawyers, accountants) when they need it to provide appropriate advice on BAGIS’ activities. We will seek your permission before sharing your personal data in this way.
  • Where we are legally obliged to do so, g.: to comply with a court order.
  • With other people who make a reasonable subject access request to us, provided that we are allowed to do so by law. It will be possible for members of the public to verify your membership status, by making an enquiry through the website.  If an individual’s full name is submitted to the association’s administrators, they will search the database of members and inform the enquirer whether the person is a full member, provisional member, affiliate member or not a member at all (LI).
  • With Referees, in relation to the Member to whom the references apply, for the purpose of verification of information contained within a membership application, in order to process said application on behalf of the Member (LI).

Retention period or criteria used to determine the retention period

Your personal data processed on the basis of Legal Obligation and shared with HM Revenue & Customs are retained for the prevailing statutory period (currently 6 years).

Your personal data processed on the basis of Legal Obligation are retained for 3 years after you cease to be a Member.

Your personal data processed on the basis of Legitimate Interest are retained for 2 years after you cease to be a Member.

Your personal data processed on the basis Subject Consent are retained for 3 months after you cease to be a Member.

Details of transfers to third country and safeguards

BAGIS does not transfer any personal data to third countries.

The existence of each of data subject’s rights

Other than the right to withdraw consent and the right to erasure you have all the data subject rights, as prescribed by the General Data Protection Regulation, namely:   The rights:

  1. to be informed about your personal data held by the Data Controller on behalf of the association, the purpose(s) for which they are held; the manner in which they are processed; the recipients (if any) of the data;
  2. to be given access to your personal data;
  3. to rectification – the correction of any error in the data and/or the completion of any incomplete data;
  4. to restrict processing – while you have legitimate justifiable concerns about the accuracy, validity or legality of data held by the associate or the way in which the data are being processed. Data process may be resumed once either the cause(s) of the concern has(have) been rectified or your concerns are demonstrated to be unjustified.
  5. to object to processing – while you have reasonable grounds relating to their impact on your particular circumstances and where the legal basis of the processing is Public Task or Legitimate Interest. However, the processing of your data can be resumed if the Data Controller can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims;

The source the personal data originates from and whether it came from publicly accessible sources

Members’ personal data are not obtained from anyone other than yourself.  Referees’ personal data are provided by Members as part of membership application.

Whether the provision of personal data is part of a statutory or contractual requirement or obligation and possible consequences of failing to provide the personal data

The provision of your personal data for this is not a statutory requirement under UK legislation.

The existence of automated decision making, including profiling and information about how decisions are made, the significance and the consequences.

The association does not use any automated decision-making software in the processing of your personal data.   Nor will the association make your personal data available to any other organisation for such purposes.

The right to lodge a complaint with a supervisory authority

You have the right to lodge a complaint with the Information Commissioner’s Office, the supervisory authority for the UK, if you are dissatisfied with the way that the association is collecting, holding, processing and using your personal data and you feel that your reasonable attempts to raise the issues and get them addressed have failed.

Is your information secure?

We take the security of your information very seriously.

We comply with the relevant prevailing legislation which requires us to have in place appropriate security measures at all times, including where we share your information with others.

What additional information do we collect and when?

In addition to the information that we collect, hold and process for the purpose of managing the association’s legal obligations and legitimate interests, we also collect and hold:

  • All information you choose to submit to us when you communicate to us by post, e-mail, messaging, or other form of image-based (eg: photographs), sound-based (eg: sound files) or text-based communication, whether physical (eg: ink & paper) or electronic including within the BAGIS chat facility.
  • Copies of any notes that we take, whether physical (g.: ink & paper) or electronic, during verbal communications between us.
  • Information on what we communicate to you by post, e-mail, messaging, or other form of image-based or text-based communication whether physical (g.: ink & paper) or electronic, including information in all ancillary materials (e.g.: attachments, images, brochures).

Updates to our Data Protection Policy

  • BAGIS commits to regularly review and, where necessary, update privacy information.  If we plan to use personal data for a new purpose, we will update our privacy information and communicate the changes to individuals before starting any new processing.
  • BAGIS reviews its policies annually to ensure compliance with data protection legislation. Policies may be reviewed more frequently in the event of a significant change in legislation.

Identity and contact details of the controller

BAGIS Council is the Data Controller.  The Controller can be contacted via the secretary-general of BAGIS who is currently Dr Michael Shaw: