Dalton Genealogical Society Privacy Statement

Dated 19 May, 2018

The 2018 European Union General Data Protection Regulation (GDPR), the UK Data Protection Act, Australian Data Protection, the US Data Protection Act and the Canadian Privacy Law all are designed to protect personal data, and define how that data may be shared or exploited. Currently, we believe that the DGS complies with all of the regulations and rules within the Laws and Acts as listed above.

The DGS protects all personal information volunteered previously by Members and stores this information electronically. Access to personal information is restricted to Country Secretaries, the Web master (also acting in the role of Data Protection Officer) the DGS Treasurer, the DGS Chairman and the DGS Journal Editor. No credit card information is ever stored on any DGS property. Each Member’s data contains: name, mailing address, email, Member Number, and other optional data such as telephone number or Gift Aid, as provided by each DGS Member. This information is retained ad infinitum unless the Member or former Member specifically requests deletion of the data.

Additional data voluntarily provided by DGS Members may include family tree and DNA information, which DGS Members can elect to share with other Members via password-secured websites. The sharing of this data is solely determined by the DGS Member and may be deleted via a request to the Web master.

DGS Members may request a complete record of all information about them collected and stored by the DGS as part of their Membership. DGS Members may request complete deletion (The right To Be Forgotten) of all their data upon cancellation or non-renewal of their annual Membership. Such requests must be sent to the Country Secretary, Treasurer and Web master inclusive in order for the data to be deleted.

The DGS is NOT responsible for any Member or non-Member contributions to the Databank, the DGS Facebook pages or any other public Internet sharing mechanism. Information voluntarily provided by persons to public venues is the responsibility of said person(s) to resolve with the owner of the public service.


Who we are
The Dalton Genealogical Society (DGS) North America is a US headquartered provider that offers two different services:
Methods of communications regarding Dalton genealogy research for our Members; and
General, publically available Dalton surname information.

What personal information do we collect?
Information you provide to us
When requesting to join our Society, we may ask you to provide personal information to us. For example, when your account is created, we will ask you for your postal address and email address. We may also ask for your phone number for purposes such as two-factor verification or for sending you service alerts. If you choose to sign up for one of our services, we will send you a username and password.
During your interaction with the Dalton Genealogical Society, you may choose to provide us with personal information when you email us, chat with us, answer a survey, comment on our private web site, or communicate with us through social media services like Twitter or Facebook.
If you refer a friend to us, we will ask you for their email address. The DGS will then contact your referred friend to determine whether your friend consents to us contacting them.

Information that we collect automatically
When you use any DGS service we may collect certain information automatically from and about your device. This includes data about your software, the operating system you use when accessing our service, your Internet Protocol address and the date and time of each request you make to the DGS.
Collecting this information enables us to provide Member support more effectively, inform you about operating systems we no longer support as well as ensure the continuous functionality of our communications services to our Members.

Information that we collect from third parties
We may collect additional information about you from third parties primarily to assist us in understanding how we can maintain and improve the services we offer to better serve you. Third party tools that we use for this are from: Google Analytics which informs the DGS about page visits which in turn allows the DGS to decide if it needs to update certain pages.

What we do with your personal information
Under no circumstances do we rent, trade or share your address or e-mail address with any other company for their marketing purposes. We may use the information we collect through our products for a number of reasons, including to:
provide, operate, optimize and maintain our online platforms, products and services;
understand how you use our products and customize your experience;
set up online accounts;
process, fulfill and provide any updates on online Membership purchases or Renewals;
send you marketing communications we think you'll find valuable, where it is in accordance with your preferences;
deal with your online enquiries and requests sent by email;
and provide you with information and access to resources or services that you have requested from us;
improve the layout, navigation and content of our online products;
identify any server problems or other IT or network issues;
prevent abuse of the products and services we offer;
and carry out other legitimate business purposes, such as to improve our products and services, as well as other lawful purposes about which we will notify our users and clients.

Email Communications
From time to time, the DGS will communicate with you via email. There are two types of email you may receive:
Update Emails: These are emails such as confirmation of password change, updated infromation on oir Members only Web site, or a reply to a support issue. You can opt out of receiving these messages as they are part of the Membership which the DGS provides to you. You can manage certain Service Emails by signing in to your Account. To stop receiving all Service Emails, you must cancel your Membership.
Marketing Emails: These will include DGS community news and similar types of material. Upon creating a DGS Membership Account you will be able to manage your email preferences, including opting out of receiving all Marketing Emails. You will also be able to unsubscribe at any time by using the unsubscribe link provided in any given email.
We will only process personal information in ways that are compatible with the purpose we collected it for or for the purposes you later authorise. Before we use your personal information for a purpose that is materially different than the purpose we collected it for or that you later authorised, we will provide you with the opportunity to opt-out.

Who we share your information with
We may share and disclose your personally identifiable information only in the limited circumstances described below:
To vendors and other third party service providers who require access to your personal information to assist in providing and improving our products. The third parties that access and use your information only on our behalf include companies such as Google Analytics, Facebook, Twitter, and ZenDesk.
We may also disclose your information to third parties: (a) where required by law or regulatory requirement, court order or other judicial authorization, (b) in response to lawful requests by public authorities, including for the purposes of meeting national security and law enforcement requirements; (c) in connection with the sale, transfer, merger, bankruptcy, restructuring or other reorganization of a business; (d) to protect or defend our rights, interests or property, or that of third parties; (e) to investigate any wrongdoing in connection with our products and services; and (f) to protect the vital interests of an individual.

Legal basis for processing your personal information
(EEA visitors/customers only)
If you are a visitor/customer located in the European Economic Area ("EEA"), our legal basis for collecting and using the personal information described above will depend on the personal information concerned and the specific context in which we collect it. We will normally collect personal information from you only where we have your consent to do so, where we need the personal information to perform a contract with you, or where the processing is in our legitimate business interests. In some cases, we may also have a legal obligation to collect personal information from you.
If we ask you to provide personal information to comply with a legal requirement or to enter into a contract with you, we will make this clear at the relevant time and advise you whether the provision of your personal information is mandatory or not (as well as of the possible consequences if you do not provide your personal information). Similarly, if we collect and use your personal information in reliance on our legitimate business interests, we will make clear to you at the relevant time what those legitimate business interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal information, please contact us using the contact details provided under the 'How to contact us' heading below.

Cookies and similar tracking technology
Like all web sites we use cookies and similar tracking technology (collectively "Cookies") to collect and use personal information about you. For further information about the types of Cookies we and our partners' use, why and how you can control Cookies, please see our Cookie Information above.

International data transfers
Your personal information is stored and processed by us in the U.S. Specifically, your personal and non-personal information will be transferred to the DGS North America for storage and processing in the U.S.
You can direct any questions or complaints about the use or disclosure of your personal information to us at webmaster@daltondatabank.org. We will investigate and resolve any complaints or disputes regarding the use of personal information within forty-five (45) days of receiving your complaint.
We have committed to using the American Arbitration Association (AAA) to provide an independent recourse method. AAA will handle any complaints the DGS is unable to resolve.

How we protect your information
The security of your personal information is very important to us. When you enter personal information such as your name, address, phone number and email adress on our website, we secure that information using secure database technology. For purchases made online via PayPal, we rely on PayPal's security systems to receive your credit card, bank or PayPal account information in encrypted form. Our employees do not have access to this information. We do not store PIN data or 3-digit security codes.
We use appropriate technical and organizational security measures to protect your personal information from loss, misuse, and unauthorized access, disclosure, alteration and destruction, both during transmission and once we receive it. However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. Therefore we cannot guarantee its absolute security.

Your data protection rights & choices
You have the following rights:
If you wish to access your personal information that the DGS collects, you can do so at any time by contacting us using the contact details provided under 'How to contact us' heading below. You can correct, update or request deletion of your details in your Account by logging in to your Account. You can also contact us using the contact details provided under 'How to contact us' heading below in order to request that your data is deleted.
If you are a resident of the EEA, you can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information where it is technically possible. Again, you can exercise these rights by contacting us using the contact details below.
Similarly, if we have collected and processed your personal information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent. You have the right to complain to a data protection authority about our collection and use of your personal information. Contact details for data protection authorities in the EEA, Switzerland and certain non-European countries (including the U.S. and Canada) are available here.)
You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” link in the marketing e-mails we send you. Alternatively, please contact us at webmaster@daltondatabank.org. Please include your complete name and e-mail address. Note that it may take up to 3 business days to remove you from our database and other web sites, and after this point you will still receive Service Emails from us.
We respond to all requests we receive from individuals wishing to exercise their data protection rights in accordance with applicable data protection laws.

How we link to other websites
Our Website contains links to other DGS properties, third party websites and third party plug-ins (such as social media sharing buttons) operated by other companies. We are not responsible for the privacy practices of such other websites. We encourage you to be aware that when you leave our site you read the privacy notices of such other websites. This Privacy Notice applies solely to information collected by the DGS's Membership data.

Data retention
We will retain your personal information for the period necessary to fulfil the purposes outlined in this Privacy Notice unless a longer retention period is required or permitted by law, for legal, tax or regulatory reasons, or other lawful purposes.
When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.

Changes to our Privacy Notice
Changes to this Privacy Notice will be made when required in response to changing legal, technical or business developments. When we update our Privacy Notice, we will take appropriate measures to inform you, consistent with the significance of the changes we make. We will obtain your consent to any material Privacy Notice changes if and where this is required by applicable data protection laws.
You can see when this Privacy Notice was last updated by checking the “last updated” date displayed at the top of this Privacy Notice. The new Privacy Notice will apply to all current and past users of the website and will replace any prior notices that are inconsistent with it.

How to contact us
If you have any questions or concerns regarding the use or disclosure of your personal information, you can contact us by sending an email to webmaster@daltondatabank.org or by contacting us at:
Dalton Genealogical Society, North America
6552 Green Acres Blvd.
New Port Richey, FL 34655
+1 727-277-5769

Please note that for the purposes of EU data protection legislation, the Dalton Genealogical Society North America is the controller of your personal information.