AJEX Privacy Notice

AJEX Privacy Notice
Here at AJEX (The Jewish Military Association UK) we take your privacy very seriously. We do this out of respect for you, to comply with the law and because we believe it’s the right thing to do.  As part of the legal changes under GDPR we have updated our privacy policy to ensure you understand who and what we are, and how we handle, store and process personal data.

This document deals with all areas of privacy, including our website, software, databases and physical records.

Contact details can be found at the bottom of this privacy statement.

Who we are?
AJEX is a National Charity with a long and proud history.  The Charity is registered under the name: The AJEX Charitable Foundation. The Charity has three principle work streams. Firstly, to deliver remembrance events and be the custodians of the Jewish Military Museum, secondly, to deliver a first-class educational programme, and finally provide welfare support to Jewish Ex-service people and the serving Jewish community.

What information do we collect?
When you join AJEX we take a certain amount of data on you and store this electronically on internal servers for our own management and internal marketing and information purposes.  We collect names, addresses, DOB, emails, phone numbers and if applicable Service details.  We do not share your basic details with anyone else and we will not do so without your prior permission.

All email correspondence with AJEX is automatically saved as is all letters. Routinely we keep such data for a 3-year period.  If you email anyone at AJEX we then have a copy of your email address and if your email contained your contact details.  We do not request any further data on you from third parties.

Our welfare system is more complicated as we must share the data to function in your interests and provide the best service we can.  We share information, including financial information, from anyone who submits a welfare support claim.  The other organisations with which we share your data are all GDPR compliant.  Before any information is shared you will be asked in writing (and in some cases verbally) for permission to share your data.

AJEX proudly holds a large database of information containing a record of Jewish British service in the Armed Forces, this is called the Record of Honour.  This used to be available freely on the internet. Under GDPR we have had to remove free access, but we are keen for people to still use the Record of Honour for information and research.  Many of those contained within have passed away and are not subject to GDPR rules, however many are still alive and it’s our duty to protect their data. Anyone wanting information contained within the Record of Honour now must email AJEX requesting specific searches. We will then contact them to discuss the matter and if need seek the person in question to get permission to share their information.

How do we use personal information?
We use personal data primarily for internal marketing.  Every November we deliver an Annual Parade and Remembrance Ceremony at the Cenotaph on Whitehall and each June we hold a Memorial Ceremony at the AJEX Memorial Garden at the National War Arboretum. To do this we email all our members, anyone who has given us permission to contact them and many others whose emails are open source. We may also send you other documentation such as newsletters, meeting requests, our magazine and occasionally to request financial donations or support.

What legal basis do we have for processing your personal data?
Our legal basis for contacting you under GDPR is under what is known as consent and legitimate interest.  Our consent is assumed, you may have noticed that we did not contact our members prior to GDPR to request consent for us to remain in contact with you.  We interpreted, under the GDPR that we have assumed consent as you are willing fee-paying members of our club. You pay an annual commitment to be a member of AJEX and as such we assume your consent using a common-sense approach.  Further to this and supporting our approach we believe membership of the club gives you and us a legitimate interest in the affairs of the club. That said, anyone, for any reason can withdraw consent (partially or fully) at any time and we will support that request immediately.  If you wish to remove consent or unsubscribe please email headoffice@AJEX.org.uk, please also copy danny.yank@ajex.org.uk.

Where do we store and process personal data?
Any physical records AJEX hold are kept in our office in secure cabinets.  The office is regarded to be a secure location and there are a series of locked and manned access points before entry can be gained. Electronic folders are stored on password protected computers linked to a secure server also based within our office. Our software including anti-virus software is kept up to date by a third-party IT specialist.

Our website is currently undergoing a complete re-engineer.  To that end you will find it limited in scope, this is to ensure we are GDPR compliant across the board.  Our new website should be launched Spring 2019.  Our website is hosted amended/updated in-house. We hire our domain name, but it is hosted from our own server.

How do we secure personal data?
We make every effort to secure your data, but like all organisations we carry some level of risk.  We have trained our staff and volunteers into the practical application of GDPR, and have sought to minimise risks we have identified, but no system is beyond fault or exploitation.  Along with training we now lock all physical data away, we’ve moved our server into our head office, we’ve upgraded our IT software and antivirus programmes.  We have minimised the movement of data between computers and offices. We have requested all staff and volunteers remove all data they hold on AJEX members or others from their home offices and personal computers.  We expect all AJEX official communications to come from an authorised AJEX email account.  We have even taken basic steps like limiting the ability of our volunteers to print documents. We also now restrict data access to those who specifically require the data.  With limited resources we have done our utmost to apply the spirit and letter of the GDPR.  We continuously monitor the ICI website for best practice and welcome any comments or suggestions which would make our processes safer.  We welcome your input.

How long do we keep your personal data for?
We routinely keep data for approximately 3 years.  When we delete data, we do this by shredding paperwork and then sending away in a burn bag.  Electronic data is deleted professionally by our computer engineer.

Your rights in relation to personal data
Under the GDPR, you can request access to any/any/all the data that AJEX hold on you.  You can also request corrections and deletion, withdraw consent, restrict processing and you are free to lodge a complaint against us to the Information Commissioner’s office.

Subject Access Request (SAR) – a SAR is a request that AJEX must legally comply with; we will have 28 days to provide you with all the data we hold on you.

 

How to contact us?
You can contact AJEX many ways:
Phone: 0208 202 2323
Email: head.office@aje.org.uk or message the Chief Executive directly on Danny.yank@ajex.org
By post: AJEX Head Office, Shield House, Harmony Way, Hendon, NW4 2BZ
Twitter and Facebook.  Search AJEX on both and you’ll see us.