Privacy Policy
You matter to us
The privacy and security of your personal data is very important to us. We take the responsibility seriously and want you to be confident in how we process your information.
This Privacy Policy explains how and why we, The Campaign for Real Ale (CAMRA), use your personal data, your rights and our obligations to you.
This Privacy Policy applies if you’re a member, volunteer, customer, employee or supporter or use any of our services, visit our online facilities such as websites or apps, email, call or write to us. We may, in certain circumstances, provide specific privacy notices related to individual items but they will always refer to this privacy policy.
We will never sell your data and will only share it with companies when it is necessary, there is a legitimate interest, or where explicit consent has been given and the privacy and security of the data is assured.
We will continue to monitor our processes and if, in certain circumstances, we need to update our privacy policy we will notify you.
About us
CAMRA is considered one of the most successful consumer campaigns ever. Our aim is to have good quality real ale, ciders and perries and to have thriving pubs and clubs in every community. We are independent, not-for-profit and non-party political.
Who we are
CAMRA (the data controller) is a not-for-profit company, limited by guarantee, registered in England and Wales: 01270286. We are a registered data controller with the Information Commissioners Office. Our ICO register number is: Z7458368. Any reference to ‘us’, ‘we’, ‘our’, ‘data controller’ is in reference to CAMRA. Any reference to ‘data subject’ is in reference to individuals whose data we process.
If you have any Data Protection concerns you can direct them to our Data Protection Officer at dataprotection@camra.org.uk or call 01727 798437
What data we collect and how we use it
Our three key reasons for collecting data to then be processed are listed below.
- Administration and technical support of your membership
- Fulfilment of a purchase
- To provide information requested about a specific interest
We will ask for relevant information to enable us to fulfill our obligation to you or provide the service requested.
Personal Data – Personal data is information that can be used to identify a living individual or as part of a set of information that, used together, can identify an individual. This will normally include title, name, address, age and contact details which includes email, postal address and telephone number. Your CAMRA membership number, once assigned to your member record, is personal data. We will also process payment details in accordance with the relevant regulations.
Sensitive Personal Data – This includes, but is not limited to, racial or ethnic origin, political belief, sexual orientation. We do not request or hold this type of data. We do hold some medical information relevant to a role being undertaken e.g. a beer festival may request any medical information you feel is relevant before working at a beer festival.
During the process of data collection we will ask for your consent to enable us to contact you with information about our campaigns, industry-related news, products and services available to you, festivals, information about real ale (cider and perry and pubs), to be contacted by your local branch, fundraising and keep you informed about related products, services and events from our partners. These choices form your marketing communication preferences and will determine the type of information we send you.
Your consent will be, where possible, requested at the point you supply the data. We may request your data for a single specific use, such as staffing at a beer festival or supplying your email address to support a campaign, but will always refer back to this privacy policy.
Personal data created by your involvement with us
Your activities related to your involvement with us will result in personal data being created and held. This could include details of how you have volunteered or how you are involved with our campaigns and activities.
We will analyse the data that you provide so that we can communicate with you more effectively and better understand your preferences and ability to support the campaign.
Volunteers
We may request data from you specifically related to volunteer activities you undertake (e.g. references, criminal records, details of emergency contacts, medical conditions etc.). The data requested will be related to the activity undertaken. The information will be processed for legal or contractual reasons and are in place to safeguard both us and you.
All personal data provided as part of volunteering will be treated in line with GDPR and will not be passed to third parties. Where data has been provided by an individual for volunteering purposes, related to a specific event, CAMRA reserves the right, under the lawful reason of legitimate interest, to contact you about future instances of that event, specifically related to volunteering. This does not affect any individuals rights and any individual can request to be removed from that list.
Date of Birth
CAMRA does not allow members under the age of 18 to join CAMRA. We therefore request, as part of the joining process, for a Date of Birth which will be held on your member record.
Legal basis for processing your data
In order to process your information we must have a lawful reason for doing so. The four most common reasons why we process your data are as follows;
- Contractual
- Legitimate interest
- Consent
- Legal Obligation
CAMRA will only process (use) your personal information if we have;
- a contract with you to provide a service or product. We will use your personal data accordingly e.g. to send you your membership card, an item you have purchased.
- a legitimate interest in order to provide the service or information required e.g. we will pass your details to our data processors, agreed by contract, to print and send your membership cards.
- your express consent that we have on record to allow us to send you specific communications.
- a legal obligation e.g. to process payments and store data in accordance with financial regulations.
What is Legitimate Interest
This is the legal ground for us to process your personal information if we have a genuine and legitimate reason for doing so. Legitimate interests do not harm your rights and interests as an individual.
Examples of where CAMRA would use grounds of legitimate interest to process your data would include the following.
- To send you your Membership Card
- Confirm your membership to enable log in confirmation to our websites
- To issue renewal notices
- To send you notice of the Annual General Meeting.
We will process your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) as outlined by the Data Protection Act 2018 (DPA 2018)
Personal data provided to us will be used for the purposes as outlined at the time of collection in a fair processing notice.
We will use your data in accordance with the lawful basis we collected it. Below are the main uses of your data which depend on the type of relationship we have with you and how you interact with our services, websites and activities.
Membership
We use the personal data you provide at the point of joining to help us provide you the services linked to membership. This includes the following;
- Welcome pack with your membership card.
- Any required information about payment notifications such as Direct Debit notices
- Renewal notifications
- Information we are obligated to sending you detailed in the Memorandum and Articles of Association such as information related to our Annual General Meeting.
- Your data is used to verify your access to log into our member only areas of websites
- We may scan your membership card at CAMRA events to check your entitlement to free or reduced entry. This information may then be used in relevant communications such as asking for feedback about a festival you attended.
- Research and surveys related to your membership experience
- Live calls – related to membership renewal and / or your membership
- Social media channels – Facebook, Twitter, YouTube
- Updates on membership benefits
- Changes to the terms and conditions of your membership e.g. price changes
Customer
All customers purchasing a product such as a book or service e.g. subscription to a CAMRA digital application will have personal data collected. This includes the following
- To enable us to process your purchase
- To allow us to provide the product or service requested
- To contact you about your purchase
- If consent is provided, to contact you about other items that you have consented to be contacted about.
Single Issue Use
We may request your personal data in order for us to provide you with a single use service. This may include, but is not limited to, information about an event or campaign. We will request consent at the time of collection and will provide an opportunity to opt out in all future correspondence. We will only contact you about this specific use and the initial consent gives us the right to send you further communications about this single issue. We may also request explicit consent for other items such as contacting you about membership or other products.
Marketing Communications
In accordance with GDPR we can only send you communications that you have consented too. You can manage your preferences on what you would like to hear about on your membership record in the member area of the national website.
We will only contact you with relevant content, as defined by your preferences, about campaigns, events, news, member benefits, fundraising and products. We will never pass your personal data, outside of contracted services, to any company outside of CAMRA.
You can amend your preferences at any time and stop communications. Update your preferences by visiting the national website, sign in, go to Edit your membership information, Enter/amend my record and go to preferences.
We want you to get the most out of your relationship with us. If you are updating your details online please allow up to 5 working days for all our internal systems to be updated. If you contact us via email or post please allow for 10 working days from request to action.
Profiling
In order for us to provide the most relevant information to you we do profile our data to best suit the audience.
We use specific tools to profile how you interact with us online e.g. we use Google Analytics to collect aggregated data to enable us to optimise the user experience.
All profiling is undertaken to enhance the user experience.
We may gather additional information about you from external sources. We run data checks at intermittent occasions as required to check for updates to addresses and for mortality screening in order to ensure our data is as accurate as we can make it.
Who we share your data with
In order to provide membership and / or any customer service we do share your data to fulfill these requirements.
- CAMRA staff
- CAMRA volunteers with the relevant permissions to process personal data
We use external companies who have all been required to provide evidence of Data Protection Compliance. Your information will not be used for anything other than the required service detailed in the Data Sharing agreement between CAMRA and the third party Data Processor. A list of third parties is a follows;
- Contracted data processors
- Service providers providing services to us
- Agents
How to update your data and marketing preferences
You can update your personal data at any time. This includes the right to withdraw your consent to any of our marketing communications. If you are updating your details online please allow up to 48 hours for all our internal systems to be updated. If you contact us via email or post please allow for 10 working days from request to action.
If you want to update or amend your personal data or marketing preferences you can do so in the following ways:
Online: Visit account.camra.org.uk and sign in. Click on Marketing Preferences and edit as required.
Email: You are able to manage marketing communications via a quick and easy to use preference centre which can be accessed in a link sent in each email. Alternatively you can write to membership@camra.org.uk. Please confirm your membership number and your request. We will store this email on your member record as proof of consent for any amendments to your record.
Call us: (Office opening hours week days 9am to 5pm) 01727 798440. We can amend your contact details. Marketing preferences must be done in writing or by yourself online.
Write to:
Membership Services
230 Hatfield Road
St Albans
Hertfordshire
AL1 4LW
(We will update your member record within 10 days of receipt of request)
Your Rights
You have a number of rights under GDPR and this section briefly highlights them. For more information visit www.ico.org.uk
- The right to be informed – We need to inform you what we are collecting and why. This privacy policy and any related fair processing notice provides this information.
- The right of access – You have the right of access to your personal data and supplementary information. This information is free unless there is unreasonable effort upon which a charge may be made by the Data controller. A request is required in writing and must be specific to a set of data and or a time frame for when the data is required. CAMRA must provide you with this information within one month; this may be extended to two months dependent on the nature and complexity of the request.
If you would like to make a request, please contact the follow email dataprotection@camra.org.uk or write to us at Data Request, 230 Hatfield Road, St Albans, Herts, AL1 4LW. You will be asked to provide the following details:
- The personal information you want to access
- Where it is likely to be held
- The data range of the information you wish to access
We will also need to provide information for use to be able to confirm your identity. If we do hold personal data about you we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.
- The right to rectification – The right to have your personal data rectified if it is incomplete or inaccurate.
- The right to erasure – The right for the deletion of data where there is no compelling reason for its continued processing.
- The right to restrict processing – The right to suppress or restrict processing. The data controlled could retain the data but no longer process it.
- The right to data portability – The right to retain their own personal data and use it across multiple services.
- The right to object – The right to object to process for legitimate interest, direct marketing and scientific purposes.
- Rights in relation to automated decision making and profiling – Right to object to automated decision making.
Keeping your information
We will only use and or store your information for as long as it is required for the purpose it was collected. The purpose will determine how long it will be kept. This can sometimes be to meet a statutory or legal requirement. If we have explicitly informed you of the length of time we will securely destroy the data in question.
Cookies, Tracking and Websites
To read about CAMRA’s Cookie policy, please visit CAMRA cookies . For additional information on how you can manage which cookies are used by CAMRA, please see cookiechoices.org.
Some CAMRA websites use Third party vendors, including Google, which use cookies to serve ads based on a your previous visits to our website or other websites.
Google’s use of advertising cookies enables it and its partners to serve ads to you based on your visit to our sites and/or other sites on the Internet.
Users may opt out of personalised advertising by visiting Ads Settings.
CAMRA Apps – Please visit Apps for more information. IOS and Android platforms have their own privacy terms which are subject to be accepted by the user.
Links to other websites – Our website may, from time to time, feature links to websites of partners, advertisers and affiliates. If you follow these links please note these websites have their own privacy policies and that we do not accept any responsibility or liability for them. This privacy policy relates only to the personal data collected by CAMRA.
How we secure your data
Information system and data security is imperative to us to ensure that we are keeping our customers, members, volunteers, employees and contractor safe.
We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever changing threat landscape. Our staff complete mandatory information security and data protection training as part of an induction process and annually thereafter to reinforce responsibilities and requirements set out in our information security policies.
When you trust us with your data we will always keep your information secure to maintain your confidentiality. By utilising strong encryption when your information is stored or in transit we minimize the risk of unauthorised access or disclosure; when entering information on our website, you can check this by right clicking on the padlock icon in the address bar.
Payment card security
CAMRA has an active PCI-DSS compliance programme in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example the full 16 digit number on the front of the card or the security code on the back. We regularly undergo compulsory system scans to ensure our compliance.
Our online payment solutions are carried out using a ‘payment gateway’ (e.g. Sagepay) which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us, this means that your payment card information is handled by the bank and not processed or held by us
CCTV
We run a number of events in locations that are not owned by us and their Closed Circuit Television (CCTV) is managed by those properties. Where CCTV is installed by CAMRA we will clearly display that you may be recorded when you visit them.
CCTV is used to provide security and the detection of crime. It is there to protect both our members and visitors and CAMRA. CCTV will be only be viewed when necessary (e.g. to detect or prevent crime) and footage is stored for a set period of time after which it is recorded over. CAMRA complies with the Information Commissioner’s Office CCTV Code of Practice and we put up notices so you know when CCTV is used.
What to do if you are not happy
If you are unhappy with anything related to your personal information please contact us directly so that we can resolve any problem or query. You can contact us directly on 01727 798440 or dataprotection@camra.org.uk
You also have the right to contact the Information Commissioners Office (ICO) if you have any questions about Data Protection. They are contactable via the phone on 0303 123 113 or visit their website www.ico.org.uk.
Changes to this Privacy Policy
We will amend this Privacy Policy from time to time to ensure that it remains up to date and reflects clearly how we use your personal data. Please visit our website to keep up to date with any changes. We will not amend anything that will affect your rights. The current version will always be posted on our website.
- Amended (22/02/22)
Children’s Personal Data
We do not have policy of preventing under 18’s from joining CAMRA. CAMRA offers a concessionary membership for anyone under the age of 26 and therefore require a date of birth to be held on member records. Anyone under the age of 18 will not be included in any direct marketing.
- To (22/02/2022) (Typo amended 25/05/2022)
Date of Birth
CAMRA does not allow members under the age of 18 to join CAMRA. We therefore request, as part of the joining process, for a Date of Birth which will be held on your member record.
Volunteers (20/04/22)
Amended paragraph to clarify lawful reason for volunteers to be contacted regarding events they have previously volunteered.
Amendment (25/05/2022)
Removed – We will only use your personal data on the relevant lawful grounds as detailed above. We will do this in accordance with the EU General Data Protection Protection Regulations (GDPR) which come into effect on the 25th May 2018 and the Privacy and Electronic Communications Regulations (PECR)
Added – We will process your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) as outlined by the Data Protection Act 2018 (DPA 2018)
This Privacy Policy was last updated on the 25 May 2022.