Privacy Policy

CAA/NATS Retired Staff Association (henceforth called "RSA") on the basis that it is a membership organisation without any profit or commercial activities, is exempt from the GDPR registration and payment of fees. (General Data Protection Regulation - 25 May 2018). The RSA is never the less required to inform members of the data that is collected and how it is used.

All data held on members is provided by those members and is updated when members inform the RSA of changes to it. Personal details are only kept for the purpose of establishing and maintaining membership and support of the RSA. Information will be held in electronic form including both data from application forms and all written correspondence.

We may collect and process the following data about members:

  • Name, Address, email, staff/pension numbers, subscription and contact preferences provided by members on their application form;

  • letters sent to update contact or subscription details which are scanned with the image held electronically;

  • emails sent to update contact or subscription details;

  • contact details related to attendance at RSA social or organisational events (deleted after the event);

  • if members contact us by telephone, we may keep a record of that information together with the name, address, email address and phone number;

  • we may also invite members to complete research surveys designed to improve the association.

This data held is used to:

  • maintain accurate and complete membership records;

  • provide mailing lists for Contrail through the printers or email distributor;

  • notify members about updates to the Website, the RSA organisation or its events (eg. AGM)

  • maintain membership of our social media groups;

  • provide contact information to local branch secretaries of their specific membership;

  • identification when setting up subscriptions, making changes or communicating with Pensions Branch.

We hold all the personal information electronically due to storage constraints. To prevent unauthorised access we use password protection and encryption on all personal data files. These are held on a removable memory stick and accessed from a computer using the latest MS Office software with 2 forms of up to date virus and hacking protection.

A backup of the database is held remotely from the main membership database. This backup will not necessarily contain the latest membership records and updates. The backup database is held by the web master.

The Branch contact records are also held electronically in a password protected file and consist of contact details only (membership number, type of member, name and title, postal address, telephone No. (if not ex directory) and email (where available). The date of joining, leaving and date of any change is also included. These are updated twice yearly.

Consent and Members Rights

All members:

  • give their consent to the holding of the data by completing and submitting an application form. This has been made explicit on application forms since 2017;

  • have the right to update that information at any time by contacting the Membership Secretary;

  • have the right to obtain disclosure of their membership record by applying to the Membership Secretary;

  • have the right to ask for their data to be removed from the membership records by contacting the Membership Secretary;

However, since the Association requires a record of all its members, a request for deletion of the data has to be treated as a resignation from the RSA.

CAA – NATS RSA GDPR Contrail Reminders.

The RSA use a third party organisation to carry out the e-mail distribution of Contrail in a similar way as we have, for years, used Creeds to distribute the hard copy version. One of the benefits of the electronic distribution is that the distributor sets a flag in their system when Contrail is downloaded by the recipient. This allows a reminder to be send after a short period of time to those who have not made the download.

A very small number of members (less than 0.4%) raised this reminder process as a nuisance or a misuse of their personal data. As a consequence the reminder process was discontinued pending an investigation.

The result of the investigation, by reference to the Data Protection Act 2018 and the UK General Data Protection Regulations updated to 2021, is as follows:
Purpose Test
The data, individual e-mail address, is provided by members to the RSA to facilitate communication between the RSA and the membership of both a general and a specific nature and to allow the distribution of Contrail either quarterly or yearly depending on the type of membership.
Necessity Test
The RSA needs to monitor the success in delivering Contrail to members.
Balancing Test
The monitoring of the downloaded status is entirely within the distributors system and does not involve any form of monitoring of individual e-mail addresses. The alternative would involve asking members to confirm delivery individually

It is therefore within Article 6(1)(f) Legitimate Interest.
However, The RSA acknowledges the right for members to object to the process.
Members may opt out of the Reminder Process by sending an e-mail instruction to membership@caa-rsa.org.uk
The RSA has a duty to remind the membership of the legal obligations to protect the personal data of members that is held in order to keep in touch. The data held is the minimum required to maintain the communication path.