Association of Electoral Administrators Privacy Notice

This Privacy Notice sets out how the Association of Electoral Administrators (AEA) uses and protects any information that you provide when you complete a membership application form or any other form, renew your membership and use the Association’s website. It also sets out how we will use your information provided in a data gathering exercise and how the activity of other visitors to our website will be monitored.

For any personal data you provide for the purposes of your membership, the AEA is the Data Controller and is responsible for storing and otherwise processing your data in a fair, lawful, secure and transparent way.

The AEA is committed to protecting and respecting your privacy. Should we ask you to provide certain information by which you can be identified, then you can be assured that it will only be used in accordance with this Privacy Notice.

The AEA may change this notice from time to time by updating this document. You should check the document from time to time to ensure that you are happy with any changes. The document, available on the AEA’s website, can be emailed to you, upon request.  The information contained in this notice covers the following:-

  1. What we don’t do
  2. What we collect
  3. The legal basis for collecting data
  4. What we do with the information we gather
  5. Your rights regarding your personal data
  6. How long will we hold your data
  7. Security
  8. How we use cookies, Google analytics and third party software
  9. Links to other websites
  10. Search engine
  11. People who contact us via social media
  12. People who email us
  13. People who make a complaint to us
  14. Data breach and remedy
  15. Contacting the Regulator
  16. Contacting us
  17. Changes to this notice

  1. What we don’t do

We do not:

  • sell data.
  • share data unless we are compelled by law or in the provision of a service that you have requested.
  • share data unless we have asked your permission to do so for specific electoral purposes
  • ask for personal information unless it is needed to provide a service.
  • store personal information unless it is needed for the operation of ongoing services.
  1. What we collect

We may collect the following information:

  • name
  • contact information including email address
  • other personal information such as job title or special requirements for bookings i.e. dietary needs
  • demographic information such as employer and address
  • other information relevant to customer surveys

We need this data to be able to administer your membership and provide and administer the services you are entitled to receive. Our lawful basis for processing your personal data is that we have a contractual obligation to you as a member to provide you with the services to which you are entitled under the terms of your membership.

The AEA does not store or transfer your personal data outside of the UK.

  1. The legal basis we rely on for collecting data

The law on data protection sets out a number of different reasons for which a company may collect and process your personal data, including:

Consent

In specific situations, we can collect and process your data with your consent.

For example, when you submit a training event booking form or you participate in a data gathering exercise for specific electoral purposes.

In addition, at each training course delegates will be asked if they wish to give their consent to their email address being shared with other delegates after the course for the purposes of networking and sharing good practice.  The AEA will have no involvement beyond providing the contact list to those who have given their consent and it will be the responsibility of those delegates to use that information for networking and sharing good practice.

When collecting your personal data, we will only collect data that is necessary in connection with a particular service.

Contractual obligations

In certain circumstances, we need your personal data to comply with our contractual obligations.

For example, if you book a place on a training course, we will collect your personal details to process your booking and communicate with you regarding that booking.

Legal compliance

If the law requires us to, we may need to collect and process your data.

For example, we can pass on details of people involved in fraud or other criminal activity affecting the AEA to law enforcement agencies. 

Legitimate interest

Our legitimate interest is based on your expectations of the benefits of membership so that we can better customise our offerings to you and ultimately offer products and services that better meet your needs.

In specific situations, we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. When you become a member of the Association, you become a member of the company under the terms of the Articles of Association.

For example, we will need to contact you regarding Company matters which relate to your membership or we will use your training history to send you or make available personalised offers.

We will also combine the booking history of many customers to identify trends and ensure that we can keep up demand or develop new products and services.

We will also use your address details to send you direct marketing information, telling you about products and services which we think might be of interest to you.

We may also use your personal information in a limited way to compile databases to be used for specific electoral purposes.

We have a legitimate interest in processing your personal data for both marketing and analytical purposes.

  1. What we do with the information we gather

We require this information to understand your needs and provide you with a better service and, in particular, for the following reasons:

  • To maintain our internal records – e.g. membership, qualifications, training, election management database and conference administration.
  • To improve our membership services.
  • To contact you about services you have purchased.
  • To periodically send emails about conferences, seminars, workshops, training, consultancy, job adverts. Elections of AEA officers and other services.
  • To send regular information about electoral matters to you via email including the weekly newsletter, reports, ARENA, and other relevant information using the email address which you have provided.
  • To send regular information to you about branch matters including meetings, invitations to online and other meetings and branch training.
  • To periodically send information about our services and electoral matters to individuals and organisations with an interest in electoral administration.
  • To contact you for market research purposes. We may contact you by email, phone or mail. We may use the information collected to customise the services we provide and the website according to your interests.
  • To send you promotional information about third parties which we think you may find interesting and relevant to your employment.

We may disclose your personal information to third parties:

  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms and Conditions; or to protect the rights, property, or safety of the Association of Electoral Administrators Ltd, our customers, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
  • If you have participated in a data gathering exercise for a specific electoral purpose

Access to stored data is restricted to key members of staff who abide by our privacy and security practices.

The AEA uses a data processor, Sunderland City Council, to maintain our membership database and manage our events. You will receive communications from them regarding your membership and training and other events for which you have made a booking. They will not supply your information to third parties other than in the conduct of their duties related to an individual event for which you have booked a place.

  1. Your rights regarding your personal data

As a data subject you are not obliged to share your personal data with the AEA. If you choose not to share your personal data with us we may not be able to register or administer your membership.

In general, you have the following rights:

The right to request access to your personal data

You are entitled to gain access to some of the personal data you provide to the AEA. By writing to us at exec@aea-elections.co.ukyou may request details of the information about you that we hold and process, including the purposes for which it is used.

You can also access your personal details by logging on to the website at www.aea-elections.co.uk and viewing your member profile details.

The right to amend and/or delete your personal data

You have the right to request correction, appendage, deletion or blockage of your stored personal data. You can amend your personal data at any time by logging on to your member profile on the website. If you believe that any information we are holding about you is incorrect or incomplete, email us as at exec@aea-elections.co.uk. We will promptly correct any information found to be incorrect. If, for any reason, we cannot comply with your request, we will contact you.

The right to restrict the processing of your personal data

In special circumstances, you have the right to restrict the processing of your personal data. To do so, send your request to exec@aea-elections.co.uk.

The right to data portability

You have the right to receive your personal data (concerning you only) in a structured, commonly used and machine-readable format (“data portability”), and have the right to transit this data to another data controller. To request data portability, contact us at exec@aea-elections.co.uk

The right to object to the processing of your personal data and to unsubscribe

You have the right to ask us not to process your personal data when processing is based on a legitimate interest pursued by the AEA, e.g. for marketing purposes. We will inform you in this privacy notice if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to object at any time by contacting us at exec@aea-elections.co.uk

Emails sent to you by the AEA containing newsletter or marketing content include the option to unsubscribe by following the instructions set out in the email. If you do not wish to receive emails from us, you can simply click on the unsubscribe hyperlink and we will stop sending you emails. You may also unsubscribe using the facility on your member profile on the website.

You should be aware that if you choose to unsubscribe then you will no longer receive any direct emails from us informing you of upcoming events such as training courses and other important notifications such as the election of the AEA Deputy Chair and new items posted on the website although you will have access to this information on the website.

For all other types of messages you may receive from us, such as maintenance announcements or administration notifications, the receipt of such can only be stopped by terminating your membership. These messages are a mandatory part of user accounts and the related use of our websites and (mobile) applications. Contact aea@sunderland.gov.uk to terminate your membership.

The right to withdraw your consent at any time

You are at any time entitled to withdraw your consent to our processing of your personal data. The withdrawal of consent shall, however, not affect the lawfulness of processing based on consent before its withdrawal.

If you wish to withdraw your consent to receiving promotional information and offers in general, including by postal services, email, text message, telephone or any other electronic means, you may do so at any time by updating your preferences on your member profile on the website.

Conditions and/or limitations on your rights

There may be conditions to or limitations on your aforementioned rights. We are therefore unable to guarantee your right to data portability, as it is dependent on the specific circumstances of the processing activity.

  1. How long we hold your personal data

We will hold your personal data on file for as long as you are a member with us. Any personal data we hold on you will be securely destroyed after one year of inactivity on that member’s account, in line with the AEA’s retention policy. Your data is not processed for any further purposes other than those detailed in this notice.

Data related to members who have completed the AEA Certificate or AEA Diploma will be held in perpetuity to ensure that a record of achievement can be maintained for those members or past members.

  1. Security

We are committed to ensuring that your information is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable procedures to safeguard and secure the information we collect online and through any forms that you may complete such as for membership or training.

The AEA uses a third party service to help maintain the security and performance of the AEA website. To deliver this service it processes the IP addresses of visitors to the AEA website.

The personal information which we hold will be held securely in accordance with our internal security notice and the law. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.

  1. How we use cookies, Google analytics and third party software

Cookies

This website uses cookies. The first time you visit this website, you will be asked to consent to our cookie notice. A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site.

If you choose to ignore the consent request, it will remain visible. You will still be able to visit and explore the site but may not have full access to all aspects of the site or some of them might not work for you

Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyse data about web page traffic and improve our website in order to tailor it to the needs of our members and public visitors to the site. We only use this information for statistical analysis purposes and then the data is removed from the system.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. Our cookies don’t store sensitive information such as your name or address, they simply hold the ‘key’ that, once you’re signed in, is associated with this information.

However, if you’d prefer to restrict, block or delete cookies from our website, you can use your browser to do this. Each browser is different, so check the ‘Help’ menu of your particular browser (or your mobile phone’s handset manual) to learn how to change your cookie preferences. If you do this you may be prevented from taking full advantage of the website.

If you are a member, you can modify your consent to cookies in your member profile.

Here’s a list of the main cookies we use, and what we use them for:-

Cookie Purpose Duration
PHPSESSID To allow members to stay logged in without needing to submit their credentials for each session. Backdated to prevent caching from the browser.
_ga To distinguish users and establish if they have visited the website before. 2 years from date set.
_gat To distinguish users and establish if they have visited the website before. 1 minute from set.
_gid To manage the rate at which page view requests are made. 24 hours from date set.
aea_cookie To record interaction with the cookie consent banner displayed at the top of the page. 1 year from date set.
phpbb3_8lqe6_k To allow forum members to stay logged in without needing to submit their credentials for each session. 1 year from date set.
phpbb3_8lqe6_sid To identify a session for forum members. 1 year from date set.
phpbb3_8lqe6_u To distinguish user IDs for forum members. 1 year from date set.

 

Google analytics

We use Google Analytics to generate detailed statistics about the website traffic and traffic sources. Google Analytics tracks visitors from all referrers, including search engines and social networks, direct visits and referring sites. It also tracks display advertising, email marketing and digital collateral such as links within PDF documents.

Data collected by Google may not be stored in the European Economic Area but stored worldwide and so may be subject to different regulations.

Google uses cookies to help us analyse how our visitors use the site. Find out more about how these cookies are used on the Google privacy site here.

Third Party Software

We use third party plugins for the administration of this website. We don’t own or control these third parties and they have their own rules about collection, use and sharing of information.

We use a third party service, WordPress, to maintain our website. We use a standard WordPress service to automatically collect anonymous information about users’ activity on the site, for example the number of users viewing pages on the site, to monitor and report on the effectiveness of the site and help us improve it. Find out more about the WordPress privacy notice here.

We use MailChimp for our mailing campaigns. MailChimp uses cookies to collect information about user activity following receipt of the email, for example the number of viewers using the links contained within the email. Find out more about MailChimp’s privacy policy here.

  1. Links to other websites

Our website may contain links to other websites of interest. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Notice. You should exercise caution and look at the privacy notice applicable to the website in question.

The Association uses Facebook and Twitter for social media purposes. All members are free to join.  If you join one of the Social Media platforms, please note that provider of these platform(s) have their own privacy policies and that the Association does not accept any responsibility or liability for these policies.  Please check these policies before you submit any personal data on the AEA social media pages.

  1. Search engine

Our website search is powered by Relevanssi. Search queries and results are logged anonymously to help us improve our website and search functionality. No user-specific data is collected by either the AEA or any third party.

  1. People who contact us via social media

We use a third party provider, Buffer and the official websites and application software provided by X, Facebook and LinkedIn to manage our social media interactions.

If you send us a private or direct message via social media the message will be stored for three months. It will not be shared with any other organisations.

  1. People who email us

We use Transport Layer Security (TLS) to encrypt and protect email traffic in line with government. If your email service does not support TLS, you should be aware that any emails we send or receive may not be protected in transit.

We will also monitor any emails sent to us, including file attachments, for viruses or malicious software. Please be aware that you have a responsibility to ensure that any email you send is within the bounds of the law.

  1. People who make a complaint to us

When we receive a complaint from a person we make up a file containing the details of the complaint. This normally contains the identity of the complainant and any other individuals involved in the complaint.

We will only use the personal information we collect to process the complaint and to check on the level of service we provide. We usually have to disclose the complainant’s identity to whoever the complaint is about. This is inevitable where, for example, the accuracy of a person’s record is in dispute. If a complainant doesn’t want information identifying him or her to be disclosed, we will try to respect that. However, it may not be possible to handle a complaint on an anonymous basis.

We will keep personal information contained in complaint files in line with our retention policy. This means that information relating to a complaint will be retained for one year from closure. It will be retained in a secure environment and access to it will be restricted according to the ‘need to know’ principle.

Similarly, where enquiries are submitted to us we will only use the information supplied to us to deal with the enquiry and any subsequent issues and to check on the level of service we provide.

  1. Data breach and Remedy

A personal data breach can be broadly defined as a security incident that has affected the confidentiality, integrity or availability of personal data. In short, there will be a personal data breach whenever any personal data is lost, destroyed, corrupted or disclosed; if someone accesses the data or passes it on without proper authorisation; or if the data is made unavailable, for example, when it has been encrypted by ransomware, or accidentally lost or destroyed.

If a security incident takes place, we will quickly establish whether a personal data breach has occurred and, if so, promptly take steps to address it, including telling the ICO if required.

If a breach has occurred and is likely to result in a high risk to the rights and freedoms of individuals, we will inform those concerned directly and as soon as possible so that they are able to take steps to protect themselves from the effect of a breach.

We will report a notifiable breach to the ICO without undue delay, but not later than 72 hours after becoming aware of it. On occasion, the reporting of a breach may take longer and reasons for the delay will be provided.

When reporting a breach, we will provide:

  • a description of the nature of the personal data breach including, where possible:
    • the categories and approximate number of individuals concerned; and
    • the categories and approximate number of personal data records concerned;
  • the name and contact details of our data protection officer;
  • a description of the likely consequences of the personal data breach; and
  • a description of the measures taken, or proposed to be taken, to deal with the personal data breach, including, where appropriate, the measures taken to mitigate any possible adverse effects.

If a breach occurs, we will let you know the nature of the personal data breach and:

  • the name and contact details of our data protection officer;
  • a description of the likely consequences of the personal data breach; and
  • a description of the measures taken, or proposed to be taken, to deal with the personal data breach and including, where appropriate, of the measures taken to mitigate any possible adverse effects.

We will record all breaches, regardless of whether or not they need to be reported to the ICO.

  1. Contacting the Regulator

As a data subject you will have the right at any time: to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office about the processing of your personal data.

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you can lodge a complaint with the Information Commissioner’s Office.

You can contact them by calling 0303 123 1113

Or go online to www.ico.org.uk for further information (please note we can’t be responsible for the content of external websites)

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

  1. Contacting us

Should you have any questions about our privacy notice or the processing of your personal data, please feel free to contact us at:

AEA Data Controller

Email: exec@aea-elections.co.uk

Phone: 0151 281 8246

  1. Changes to this notice

The AEA has pledged to adhere to the fundamental principles of privacy and data protection. We therefore regularly review our privacy notice in order to keep it up to date. This privacy notice will be changed from time to time in order to keep pace with new developments and opportunities relating to the Internet and to stay in line with prevailing legislation. If this privacy notice is updated in the future, it will be posted on this page and, where appropriate, may be notified to you by email.

This notice was effective from 25 May 2018. Updated on 8 January 2024.