UNISON is committed to safeguarding the privacy of everyone who uses our services. This policy sets out how we will use your personal data.
This policy reflects our duties under the General Data Protection Regulation 2016 (GDPR), the Data Protection Act (1998) and all applicable Privacy and Electronic Communication Regulations. It describes how we use personal data fairly, keep it secure, make sure it is accurate and uphold your rights as a data subject.
This policy does not apply to other organisations to which we may link and whose privacy policies may differ.
Please read the following policy to understand how your personal information will be treated. It may change from time to time, so please check back periodically. It was last updated in May 2018.
Who we are
UNISON is the data controller for the information you provide. Our address is:
130 Euston Road
How UNISON uses your personal data
We routinely use your personal data for the following purposes:
- Registering you as a UNISON member.
- Contacting you about your membership and about essential trade union activities.
- Representing you effectively.
- Meeting our legal obligations as a trade union.
- Acting in accordance with the UNISON Rulebook.
The lawful basis for this processing is UNISON pursuing our legitimate interests as a trade union. We may also use legitimate interest as our lawful basis for the following data processing:
- Holding your data on our membership database.
- Processing your subscription payments.
- Confirming your identity when you contact us.
- Sending you statutory communications (these are communications that, as a trade union, we have to send you by law).
- Sending you the quarterly membership magazine.
- Ensuring you have a vote in all UNISON elections and ballots that you are eligible to vote in.
- Ensuring you are represented through UNISON’s democratic processes, such as conferences.
- Member representation (this could be representing you individually or collectively) and case work.
- Booking you on to any trade union courses you want to attend and ensuring accessibility.
- Equality monitoring.
- Statistcial analysis of our membership and of employers and workplaces.
Accessing your personal data within UNISON
Some of your personal data will be available to UNISON’s employees, branch officials, workplace representatives and others formally instructed by UNISON for the purposes of carrying out trade union duties.
The type of personal data shared will be relevant to the purpose for which the data is used, so for example, unless you have expressly asked us not to, workplace representatives will be given your workplace details.
UNISON uses industry standard efforts to safeguard the confidentiality of your personally identifiable information, such as firewalls and SSL (secure socket layers). We make every effort to protect the loss, misuse and alteration of information under our control. However, data transmission over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
If you have elected to use the “MyUNISON” service, your UNISON membership information is password protected so that only you can access it and view the information contained in your account. You are responsible for maintaining the secrecy of your passwords.
Sharing your personal data with third parties
By third parties, we mean organisations that are not UNISON. We share your information with third parties such as:
- Mailing houses that print and send our communications to you.
- Providers of membership benefits.
- Returning officers (who ensure our elections are run fairly) and scrutineers (who count the votes when we ballot).
When we share your data, we only share the minimum required for the purpose of the data processing (for example if the purpose is to send you a mailing by post, we wouldn’t share your email address with the mailing house, because they don’t need it). We also ensure that processes are in place so that data is always transferred to third parties securely.
The third parties we share data with are:
For all UNISON members:
- ADM – the mailing house that prints and sends our postal communications.
- Electoral Reform Services (ERS) – the organisation that acts as scrutineer for our elections and returning office for our ballots.
- Union Insurance Association (UIA) – the organisation that runs the UNISON Direct call centre.
For some UNISON members, depending on the membership benefits and services that you choose to access:
- Your employer – if you choose to pay your subscriptions as a payroll deduction. We also may use the information your employer provides us to keep our records up to date. Please note that if you do not want us to disclose your UNISON membership to your employer, you can pay your subscriptions by Direct Debit.
- The Labour Party – if you opt for membership of our Labour Link fund.
- Thompsons Solicitors – if UNISON refers a case in which you are involved for legal advice.
- Salesforce – if you opt in to email communications from UNISON. This is the company we use to send electronic mailings.
- Union Income Benefit (UIB) – if you opt in to receiving information about membership benefits from third parties.
- Liverpool Victoria (LV) – if you opt in to receiving information about membership benefits from third parties.
- Unison Insurance Association (UIA) – if you opt in to receiving information about membership benefits from third parties. Please note this transfer is separate to that for the UNISON Direct call centre.
We very occasionally share personal data with organisations working to detect or prevent crime, such as the police.
You may be contacted and invited to participate in market research activities by third party organisations acting on UNISON’s behalf. While such research helps us to get valuable feedback on how we work well and where we can get better – and as such your participation is very helpful and always appreciated – you are not obliged to participate in such research. If you don’t want to, simply let the researcher know.
Transfers overseas and safeguards
We don’t routinely transfer your data outside of the UK. Where it is necessary, we ensure appropriate data protection measures are in place.
Retention of data
Retention means how long we keep your data for. We do this in accordance with UNISON’s data retention policy. This includes:
- Application form – retained for one year after processing, then securely destroyed.
- Membership record – retained for seven years after membership lapses, then minimised.
- Case files – retained for seven years after the case is closed, then securely destroyed.
Your rights as a data subject
You have rights as a data subject. These rights are:
- The right of access – you have the right to access your personal data (e.g. data that is about you) that we hold. This is called a subject access request. We must respond to your request within one month. To request access to your data, please email firstname.lastname@example.org. It is very helpful if you tell us what of your personal data you are seeking.
- The right to rectification – if you think the data we hold on you is incorrect, tell us so we can put it right. You can do this by: logging in to MyUNISON; contacting UNISON Direct on 0800 0 857 857; or contacting your local branch.
- The right to erasure – you have the right to request that we delete your data. We will do so, provided that we do not have a compelling reason for keeping it. To request this, please email email@example.com.
- The right to restrict processing – you can change your communication preferences (therefore restricting how we communicate with you) by logging in to MyUNISON; contacting UNISON Direct on 0800 0 857 857; or contacting your local branch. There are also certain other circumstances in which you can suppress the processing of your personal data. To request this, please email firstname.lastname@example.org.
- The right to data portability – you can obtain and reuse your personal data for your own purposes across different services, for example different unions. To request this, please email email@example.com.
- The right to object – you have the right to object to
- Direct marketing from UNISON or from third parties we have shared your data with for direct marketing purposes.You can opt out of direct marketing any time by logging in to MyUNISON; contacting UNISON Direct on 0800 0 857 857; or contacting your local branch. There will also be instructions on how to unsubscribe included in any direct marketing message that we send to you.b) Any processing where our lawful basis is legitimate interest (see above).
- If you would like to formally object to any of our legitimate interest processing, please email firstname.lastname@example.org.
- Rights in relation to automated decision making and profiling – this is not something we do at UNISON. If that ever changes, this policy will be updated accordingly.
You may also complain to the Information Commissioner’s Office (ICO) if you believe your rights have not been upheld. The ICO is the data protection regulator and their website is: www.ico.org.uk.
There are some types of data processing that we only do if you have given us your consent. These are:
- Sending direct marketing messages by email.
- Sharing your data with third party providers of membership benefits.
- Sharing your data with the Labour Party.
You are in control of what consent you give us. You can withdraw your consent at any time by: logging in to MyUNISON; contacting UNISON Direct on 0800 0 857 857; or contacting your local branch. There will also be instructions on how to unsubscribe included in any direct marketing message that we send to you.
Statutory data requirements
As a trade union, we have a statutory requirement to keep an accurate register of members’ names and addresses. If you wish to be a UNISON member, you must provide this information to us.
Data collected on our website
Personal data collected by this website will only be used for the purposes (or closely related purposes) for which it was collected.
We may use your personal information to:
- Administer the website.
- Improve your browsing experience by personalising the website.
- Enable your use of the services available on the website.
- Deal with enquiries and complaints made by you relating to the website.
All emails that we send you are tracked. This helps us to ensure that you only receive emails from us that are of interest to you. You can unsubscribe from emails at anytime by clicking the ‘unsubscribe’ button at the bottom of an email.
When on our website, data may be stored on a “cookie”. This is a tiny element of data that our site can send to your browser, which may then be stored on your hard drive. This small amount of information does NOT contain any private information stored on your computer.
Cookies set by our website are:
- We use exp_last_activity so every time the page is reloaded the last activity is set to the current date and time. It is used to determine form or login expiry. This is essential for logged in users to record their data and not lose it as it is being input. The expiry time 12 months.
- exp_last_visit sets the date and time that the you last visited the site. Affects guests and logged in users. The expiry time is 12 months.
- exp_tracker tracks the last 5 pages you viewed and is used primarily for redirection after some actions on the site ie moving back to pages. This affects guests and logged in users. This cookie expires when you leave the site.
- We also use exp_csrf_token. This cookie protects against Cross Site Request Forgery (CSRF). A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. It expires from your computer after one hour.
- exp_stashid generates a unique ID that relates to session values that determine the current state of the website and any actions you have performed. Expiry time: session.
We use Google Analytics to collect standard internet log information such as patterns of visitor behaviour so that we can identify for instance the number of visitors to a specific page and so improve the navigation and layout of our website.
- This information is not collected in a way which allows us to identify any individual.
- Cookies set by Google Analytics are:
- _ga – Used to distinguish users. Expires after 2 years.
- _gid – Used to distinguish users. Expires after 24 hours.
- gat_UA-######## – Used to throttle request rate. Expires after 1 minute.
AddThis is the world’s largest content sharing platform. It gives end users a simple and easy way to share content across the social web, and provides publishers with increased web traffic and in-depth analytics. AddThis is owned and operated by Clearspring Technologies. They set a wide variety of cookies including, uvc, mus, loc, uid, ouid, _pinterest_sess to track interactions with their share tools.
We embed a feed from Facebook, as part of this Facebook set certain cookies to enable this to work. These include fr, xs, presence, pl, c_user, sb, dpr and datr. For more details about Facebook cookies please visit https://www.facebook.com/policies/cookies/
We embed videos from our Youtube channel. Youtube set multiple cookies to enable us to show these videos. For more details about youtubes cookies please visit https://support.google.com/youtube/answer/7671399?p=privacy_guidelines&hl=en&visit_id=1-636628567648265355-491600302&rd=1
Social media buttons
On many of the pages of the site you will see ‘social buttons’, such as share buttons for Twitter, and Facebook ‘Like’ buttons.
When you click on any of these buttons, these sites will be registering that action and may use that information.
You should check the respective policies of each of these sites to see how exactly they use your information and to find out how to opt out, or delete, such information.
External web services
We use a number of external web services on the UNISON site, mostly to display content within our web pages. For example, to display videos we sometimes use YouTube. This is not an exhaustive or complete list of the services we use, or might use in the future, when embedding content, but these are the most common.
As with the social buttons, these sites may use information about usage of embedded content. If you are not logged in to these external services, then they will not know who you are but are likely to gather anonymous usage information e.g. number of views, plays, loads etc.