a:gender is the support network for Trans and Intersex staff across Government. We provide support to Trans & Intersex staff as well as managers, HR, policy teams and parents and guardians of Trans & Intersex people.
Purpose for a:gender in holding your personal data
The a:gender network holds information about members of the network. We use your personal information to notify you of a:gender related activities, canvas your views, distribute our newsletter, and alert you to events or information that may be of interest to you in your capacity as a member. We use disclosure control measures to ensure anonymity of our members is maintained when engaging through mailing lists. Your personal data is not revealed to any other member or other individual.
We also use the information collected to produce statistics about our membership, for example how membership varies by region or department. We only use aggregated data to produce statistics to help track how our membership changes over time and target some of our initiatives to help recruit members in less well-represented areas.
The legal basis for holding your personal data
The data protection legislation comprising the UK General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018 are the legislative frameworks that establish rules for the gathering and processing of personal information within the UK.
a:gender relies upon consent to hold your personal data for the purposes outlined above. The GDPR outlines the criteria for consent as follows:
Consent of the data subject means any freely given specific, informed and unambiguous indication of the data subject’s wishes by which they, by a clear affirmative action, signifies agreement to the processing of personal data relating to them.
We believe you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. If you decide to join a:gender and therefore consent to us holding your personal data, the following information may be of interest to you.
Where is your personal data is held?
a:gender uses Wix.com Ltd to host our website. Membership forms completed on the website are held on Wix.com secure servers. Wix.com treat this as ‘Users-of-users Personal Information’, with a:gender as the Data Controller and Wix.com as a Data Processor (see the Wix.com Privacy Notice Section 6 for more details).
Where needed, members of the a:gender Executive Committee may download data held on Wix.com and store it on secure servers or cloud services managed by the Home Office, HMRC, or DWP. This will also be the storage location for membership data when a paper form has been completed and then digitised, with the paper form being destroyed afterwards. a:gender use data minimisation practices to ensure only the data that is needed is stored in any given location, for example personal identifiers such as names and email addresses are not required for statistical purposes so they are removed from these datasets.
Who can access your personal data?
Your personal data can be accessed by the a:gender Business Manager, who is also the a:gender Data Protection Officer, and members of the a:gender Executive Committee where a clear purpose has been determined. A user name and password are needed to access data saved on Wix.com; passwords are changed regularly for security purposes.
To contact the a:gender Data Protection Officer please email email@example.com.
Is your personal data shared with anyone else?
We will not share your data with any other person or organisation without first obtaining your consent.
How can you cancel your membership or notify us of any changes to contact details?
You can email firstname.lastname@example.org to request cancellation of your membership and to have your data removed from the Wix.com servers and any other locations it is stored. We will confirm by email that we have deleted all of your personal data. To notify us of any changes to your membership details please contact us via the same email address.
Note that you cannot contact Wix.com directly ask for your information to be removed from their servers, you will need to contact a:gender directly as the Data Controller (see the Wix.com Privacy Notice Section 6 for more details).
Your rights under GDPR
You have the following rights under the GDPR and can exercise them at any time:
The right to be informed.
The right of access to one’s own data, also known as Subject Access Rights, should you wish to request details of any or all the information that the organisation holds about you.
The right of rectification – individuals will have the right to obtain from the data controller the rectification of inaccurate personal data concerning them. Organisations must respond within one month of the request.
The right to erasure – also known as the ‘right to be forgotten’. An individual can request the deletion or removal of personal data where there is no compelling reason for its continued processing.
The right to restrict processing.
The right to object.
Rights in relation to automated decision making and profiling.
For a full explanation of your rights see Individual Rights on the Information Commissioner’s Office (ICO) website. You can also contact the ICO to raise a complaint.