AAFR Privacy Notice
1.Who are we?
It outlines how we and our websites comply with the General Data Protection Regulation 2018.
We are a Scottish based business offering Ancestral Research, Air Force and Genealogy related services.
Maintaining the security of your data is our priority and are committed to protecting your privacy and the confidentiality of your personal information, not just from a legal perspective but also as an inherent aspect of our core values.
We are resolute in respecting your privacy rights. We commit to handle your data fairly and legally always. We are dedicated to being transparent about what data we collect about you and how we use it.
This notice, which applies whether you use our services, use your mobile device or go online, provides you with information about: -
What personal data we collect
How we use your data
how we ensure your privacy is maintained
your legal rights relating to your personal data
We undertake to preserve the confidentiality of all information you provide to us and expect that you reciprocate. Our policy complies with the Data Protection Act 2018 (Act) accordingly incorporating the EU General Data Protection Regulation (GDPR).
We are registered with the ICO under the Data Protection register.
Our registration number is ZA 514905.
This privacy notice has been compiled in order to comply with the law of the EU and The United Kingdom of Great Britain & Northern Ireland. If you think it fails to satisfy the law of your jurisdiction, we should like to hear from you. However, ultimately it is your choice to engage with us or use our website.
Except as set out below, we do not share, or sell, or disclose to a third party, any information collected through our website.
2.What Personal Data we do collect?
We may, (through our website or via direct contact), collect, process, use, store and transfer different kinds of personal data about you.
This data may include: -
Personal information such as first name, last name, title, date of birth, and other identifiers.
Contact information such as billing address, delivery address, email address, telephone numbers and any other information you have given to us for the purpose of communication or meeting.
Financial data such as your bank account and payment card details.
Transaction data such as details about payments or communications to and from you and information about products and services you have purchased from us.
Technical data such as your internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website.
Marketing data such as your preferences in receiving marketing from us; communication preferences; responses and actions in relation to your use of our services.
Your correspondence and other communication with us
other publicly available personal data, including any which you have shared via a public platform (such as a LinkedIn profile, Twitter feed or public Facebook page).
Personal information held in public record archives
We may aggregate anonymous data such as statistical or demographic data for our own internal purposes such as monitoring the demographic of our clients. Anonymous data is data that does not identify you as an individual. Aggregated data may be derived from your personal data but is not considered personal information in law because it does not reveal your identity. For example, we may aggregate profile data to assess interest in a product or service we offer.
If, at any time, we combine or connect aggregated data with your personal information so that it can identify you in any way, we treat the combined data as personal information and it will be used in accordance with this privacy notice.
In some cases you may have a family tree which starts with you and will show other living people. On completion of research this will be held in our password protected archive should you wish to revisit the research at any point. If you do not agree to this information to be stored you must advise us. That data will be deleted once you have confirmed to us the research is now completed.
If your search relates to a living person their data will not be shared with you without that persons prior agreement.
Treehouse Genealogy/AAFR will not pass on your information to any party unless legally obliged to do so.
We will only email you newsletters or notifications if you have subscribed on our website; from which you can withdraw from at any point.
3.Special Categories of Personal Data
GDPR classifies Special Categories of personal information. This is data about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. It also includes information about criminal convictions and offences.
We never ask you for any special categories of personal information. From time to time clients will request that we examine results of DNA testing that they have had undertaken. Any special categories of personal data included is destroyed upon completion of our research.
3.1 What If you do not provide the personal information we need?
Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform that contract. In that case, we may not have a legal basis for providing a service to you. If so, we will notify you of this at the time.
4.How we use your data?
We are required to determine under which of six defined legal bases we process different categories of your personal information, and to notify you of the basis for each category. If a basis on which we process your personal information is no longer relevant, then we shall immediately stop processing your data. If the basis changes then if required by law we shall notify you of the change and of any new basis under which we have determined that we can continue to process your information.
4.1 Information we process because we have a contractual obligation –
When you use our website, buy a service from us, or otherwise agree to our terms and conditions, a contract is formed between you and us. “Contract” is therefore our legal basis under these circumstances.
In order to carry out our obligations under that contract we must process the information you give us. Some of this information may be personal information.
We may use it in order to: -
provide you with our services
communicate with you
provide you with suggestions and advice on products, services and how to obtain the most from using our website
We process this information on the basis there is a contract between us, or that you have requested we process the information before we enter into a legal contract.
We shall continue to process this information until the contract between us ends or is terminated by either party under the terms of the contract.
4.2 Information we process with your consent –
We ask for your consent for marketing purposes and when using cookies on our website. You are free to withdraw your consent at any time by advising us in writing, following the “unsubscribe” link in our e mails or updating your cookie preferences.
If you have given us explicit permission to do so, we may from time to time pass your name and contact information to selected associates whom we consider may provide services or products you would find useful.
We continue to process your information on this basis until you withdraw your consent or it can be reasonably assumed that your consent no longer exists.
4.3 Information we process in order to manage, operate and control our activities –
When there is no contractual relationship between us, such as when you browse our website or ask us to provide you with more information about our organisation, including our products and services.
Where we establish business management practices e.g. implementing a CRM system or creating a database to support the efficient and effective operation of our activities we will process personal information using legitimate business interest as the legal basis
4.4 Personal Data of Minors –
We do not sell products or provide services for purchase by children or those under 16, nor do we directly market to children. If you are under 16, you may use our website only with consent from a parent or guardian. We collect data about all users of and visitors to these areas regardless of age, and we anticipate that some of those users and visitors will be children. Such child users and visitors will inevitably visit other parts of the site and will be subject to whatever on-site marketing they find, wherever they visit.
You may withdraw your consent at any time by instructing us via our contact details below. However, if you do so, you may not be able to use our website or our services further.
4.5 Personal data at our classes
We collect/process personal data of attendees to our classes in order to efficiently manage or activities on the day and in the future. We deliver our classes for other organisations and therefore operate with a suitable processor agreement between ourselves and the organisation through which a booking was made.
5.Retention period for personal data
We will not retain your data for longer than necessary for the purposes set out in this notice. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 7 (seven) years.
For some ancestral research projects we may offer the option of retaining results which may containing personal data indefinitely. This may benefit future generations who wish to receive copies. We will only retain personal data under these circumstances with your express permission.
Personal data recorded on paper or other hard copy will be securely destroyed once information has been entered onto our electronic databases and within a maximum time of one month.
6.How we protect your data?
We are committed to keeping your personal data safe and secure.
Our security measures include: -
Implementing risk management and data impact analysis
Regular cyber security assessments of all service providers who may handle your personal data
Security controls which protect our IT infrastructure from external attack and unauthorised access
Internal policies setting out our data security approach and training for staff.
7.How you can help protect your data?
We will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from Treehouse Genealogy/AAFR asking you to do so, please ignore it and do not respond to it.
If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.
In addition, we recommend that you take the following security measures to enhance your online safety: -
keep your account passwords private. Remember, anybody who knows your password may be able to access your account.
when creating a password, use at least 16 characters. A combination of letters, symbols and numbers is best. Try not to use easy to guess words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your passwords.
Avoid using the same password for multiple accounts.
8.Accessing your personal data?
You have a number of rights: -
To the right to ask what personal data that we hold about you at any time
the right to ask us to update and correct any out-of-date or incorrect personal data that we hold about you
the right to opt out of any marketing communications that we may send you.
If you wish to exercise any of the above rights, please contact us using the contact details set out below.
9.International transfer of personal data?
To deliver a full range of services to you, it may be necessary for Treehouse Genealogy/AAFR to share your data outside of the European Economic Area. This will typically occur when you and/or service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection legislation and regulation.
If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice will be to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers. Those clauses can be accessed here -
10.Cookies on our website?
Cookies are small text files that are placed on your computer's hard drive by your web browser when you visit any website. They allow information gathered on one web page to be stored until it is needed for use on another, allowing a website to provide you with a personalised experience and the website owner with statistics about how you use the website so that it can be improved.
Some cookies may last for a defined period of time, such as one day or until you close your browser, others last indefinitely.
Your web browser should allow you to delete any you choose. It also should allow you to prevent or limit their use (see below).
To track how you use our website
To record whether you have seen specific messages we display on our website
Our website is hosted on the Wix platform. Wix.com provides us with the online platform that allows us to display and market our services to you. Your data may be stored through Wix’s data storage, databases and the general cookie applications. They store your data on secure servers behind a firewall. Further details relating to this platform can be found via:
You can change cookie settings you accept. The way you do this varies depending on the browser you are using. Follow these links for some of the most commonly used browsers: - the following links explain how to access cookie settings in various browsers:
To opt out of being tracked by Google Analytics across all websites, visit this link: - http://tools.google.com/dlpage/gaoptout.
Our website may contain links to other websites run by other organisations. This privacy notice applies only to our website‚ so we encourage you to read the privacy statements on the other websites you visit. We cannot be responsible for the privacy policies and practices of other sites even if you access them using links from our website.
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third party site.
If you wish to complain about any of the content on our website please write to us clearly explaining your concerns to the address below: We shall investigate your comments and if we feel it is justified or if we believe the law requires us to do so, we shall remove the content while we investigate.
Free speech is a fundamental right, so we have to make a judgment as to whose right will be obstructed: yours, or that of the person who posted the content that offends you.
If we think your complaint is vexatious or without any basis, we shall not correspond with you about it.
When we receive a complaint, we record all the information you have given to us. We use that information to resolve your complaint.
If your complaint reasonably requires us to contact some other person, we may decide to give to that other person some of the information contained in your complaint. We do this as infrequently as possible, but it is a matter for our sole discretion as to whether we do give information, and if we do, what that information is.
We may also compile statistics showing information obtained from this source to assess the level of service we provide, but not in a way that could identify you or any other person.
If you are not happy with our privacy notice or policies or if you have any questions or feel a complaint is warranted, then please contact us.
If a dispute is not able to be settled by us we expect all parties to attempt to resolve it by engaging, in good faith, in a process of mediation or arbitration.
If you are in any way dissatisfied about how we process your personal information, you have a right to lodge a complaint with the Information Commissioner's Office (ICO).
This can be done at.
Or in writing to the ICO at the appropriate office address - See https://ico.org.uk/global/contact-us/: -
We would expect that you contact us in the first instance to secure a resolution before contacting the ICO.
12.Review of this privacy notice
We reserve the right to modify this privacy notice at any time, so please check it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this notice, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
13.Communicating with us
When you contact us, whether by telephone, through our website, social media or by e-mail, we collect the data you have given to us in order to reply with the information you need.
We record your request and our reply in order to increase the efficiency of our business.
We keep personally identifiable information associated with your message, such as your name and email address so as to be able to track our communications with you to provide a high-quality service.