By submitting your personal information to us, you consent to the use of that information as set out in this policy.
Should you have any queries about this policy, please contact:
Data Protection Officer
Commonwealth War Graves Commission
2 Marlow Road
2. Policy Summary
We respect your privacy and we take care with the information we obtain. We will only ask for personal data when it is necessary to provide you with the service you have requested, such as answering an enquiry. We may also make your personal information anonymous to undertake statistical analysis for internal use. If we want to use your data for any purpose outside of the terms of this policy, we will ask you first.
3.What is covered by this policy?
This policy covers all web pages on our website and any correspondence (electronic or otherwise) between you and us.
This policy does not cover external sites which may have links on our website. We are not responsible for the content of these sites and any personal data collected by these organisations is not our responsibility.
4. Identity of the Data Controller
The Data Controller is the CWGC.
5. How do we collect personal information?
We may collect information from you via our website, by telephone, by e-mails and post sent to our offices or through website analytic cookies (see our Cookies policy).
6. The personal information we may collect
We may ask you to provide the following information:
- your name
- e-mail address
- postal address
- telephone number (mobile and/or landline)
- we may ask about specific interests you have in the Commission’s work
In addition, from time to time, we may run campaigns seeking volunteers to help us with various, specific tasks. In these instances additional information may be requested in order to assess the suitability of applicants.
Any personal information you provide will be transferred and stored on secure servers in a safe, confidential and secure environment. We will use all reasonable efforts to safeguard your personal information. However, you should be aware that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal information which is transferred from you or to you via the internet.
7. How we use the information you submit
The personal data we collect from you will be used to perform the service you have requested or fulfilling a business obligation, for example answering an enquiry.
In addition, it may be used for the following:
- For customer research: we may contact you to ask you about the service you have received, why you requested it and how it can be improved;
- Crowdsourcing: if you wish to have personalised information added to casualty information on our website.This data will not be available to other users of our website, unless you choose otherwise;
- Volunteer schemes
We may also use the information you provide to carry out internal research in order to:
- Gain a greater understanding of the requirements of visitors to our website and cemeteries and memorials;
- Develop more relevant and appropriate content on our website and publications;
- Provide better services.
8. Data Retention
The length of time your personal data is retained is dependent on the purpose for which it was supplied:
- Enquiries – in normal circumstances these are deleted from our systems after 12 months
- Amendments to our casualty records – your details will be held indefinitely as evidence supporting the changes made.
- Crowdsourcing – your details will be held indefinitely as evidence supporting the additional information you supplied.
- Volunteers – your details will be retained for as long as we are legally required to do so. This will be dependent on a number of factors such as any monies paid etc.
Please note that there may be additional legal requirements to hold your details for longer than specified above.
This not an exhaustive list. For further details, please contact the Commission’s Data Protection Officer at the address shown in point 1.
9. Sharing your information
As a Commonwealth organisation and by the nature of our work, we operate in a number of countries around the world. In order to deal with your enquiry or other correspondence it may be necessary for us to transfer and process your personal details to countries outside the United Kingdom. These may not have similar protection in place as provided by the UK Data Protection Act 1998 or the forthcoming EU General Data Protection Regulation. However, we have taken steps to ensure the security of your information.
The CWGC does not sell information submitted to it to other external organisations.
The CWGC does not share information, unless it is are mentioned in this policy or if there is a legal requirement to do so. The CWGC may share your information with:
- the member governments of the CWGC, or their representatives, in order to fulfil a business obligation;
- Third Party Service Providers: We employ other companies and individuals to perform functions on our behalf. Examples include fulfilling orders, delivering packages, sending postal mail and e-mail, analysing data, providing marketing assistance, processing credit card payments and providing customer service. They have access to personal information needed to perform their functions, but may not use it for other purposes. Further, they must process the personal information in accordance with this Privacy Notice and as permitted by applicable data protection laws;
- The Commonwealth War Graves Foundation, the charitable arm of the CWGC.
By submitting your information to us you consent to these transfers.
We take our commitment to Information Security very seriously. We have put in place appropriate physical, electronic and managerial procedures and safeguards to prevent unauthorised access or disclosure of any personal and other information. Any information you give to us either through our website, by e-mail or by any other means is stored securely and managed in accordance with the UK Data Protection Act 1998 and the forthcoming EU General Data Protection Regulation. In addition, we hold an ISO27001 certification.
11. Version Control
Document Owner: Information Security Manager
Effective Date: 11 May 2017