The NIFHS is committed to respecting and protecting your online privacy. This includes your need and your right to know what we do with the personal information you share with us. It also guides our Society’s policies regarding the management of this data, including how the information is collected, processed, and for what purposes.
In return, the NIFHS gives the commitment that we will use the personal data you provide only in ways that are compatible with this policy.
The North of Ireland Family History Society
1.1 In this policy document the North of Ireland Family History Society explains how we collect, use, store and disclose personal information which we hold.
1.2 As a Family History Society, in order to achieve the objects stated in our constitution, we hold a considerable amount of personal data both in relation to our members and their interests but also resources such as civil, church and school records which are used by our members to help with their research. As a Society we are fully committed to ensuring that the privacy of this personal information is protected.
1.3 The Society is registered with the UK Information Commissioner as a data controller under the Data Protection Act 1998 (our data protection registration number is Z9229213) and the Society is committed to compliance with the 8 principles of the Act. These specify that personal data must be:
(a) processed fairly and lawfully.
(b) obtained for specified and lawful purposes and not processed in a manner which is incompatible with those purposes.
(c) adequate, relevant and not excessive
(d) accurate and, where necessary, up-to-date.
(e) not kept any longer than necessary for the purpose for which it was obtained.
(f) processed in accordance with the data subject’s data protection rights.
(g) kept securely.
(h) not transferred to any other country without adequate protection in situ.
Special restrictions apply to the processing of sensitive personal data.
1.4 This policy document and related procedures show how the Society complies with these principles. It applies to all of the Society including its Branches.
1.5 Definitions of terms used in this document are provided in an appendix and the terms are highlighted in bold to indicate that a definition is available in the appendix.
2. The personal information which we hold
2.1 We collect, store and use the following kinds of personal information:
(a) membership information – information provided on our membership application/renewal form which we use to process membership applications;
(b) profile information – information provided by our members on our profile form of a member’s interests which we publish to make connections between researchers;
(c) financial transaction information – information provided to us to enable the purchase of goods or services from the Society which includes personal information such as bank details;
(d) enquiry and related information – information contained in or relating to any communications that is sent to us through our website, email, mail, social media, etc.;
(e) genealogical records – records that we gather to aid members in their genealogical research;
(f) any other personal information that members or others choose to send to us.
2.2 Before personal information relating to another living person is disclosed to us, the onus is on the discloser to obtain that person’s consent to both the disclosure and the processing of that personal information in accordance with this policy. This applies, in particular, to family trees which may be lodged with the Society for sharing with other members or for posterity.
3. What we do with the personal information which we hold
3.1 Personal information provided to us will be used for the purpose(s) for which it was collected.
3.2 We may use the personal information to:
(a) process membership applications and subscriptions – details of how we handle the information are provided on the application form;
(b) claim Gift Aid from HM Revenue & Customs, if agreement to do so is obtained from the member;
(c) communicate with members regarding Society activities;
(d) distribute Society journals and newsletters to members;
(e) enable the use of services provided by the Society;
(f) process payments and send goods purchased from the Society;
(g) respond to enquiries and other items of communication relating to research or other items of genealogical interest;
(h) enable members to make connections with other researchers in their area(s) of interest or to carry out reciprocal research – contact information is published in the Society’s journal (and on the Society’s website if agreed by the member).
3.3 The Society also holds genealogical records containing personal information that it has obtained from many sources. Most of this information has been transcribed by volunteer members of the Society and is made available to fellow members in a format which is easily searchable in order to aid their family history research. Records are made available to members as a look-up service via email, on the Society’s website or at the Society’s Research Centre.
3.4 Some of this information is publicly available but where it is not, appropriate consent must be obtained from the data owner and retained for inspection in the Society’s Research Centre. A form is provided by the Society for this purpose.
3.5 To respect the privacy of living people and in line with the policy of the General Register Office (Northern Ireland) and many other providers of personal information for genealogical research, the Society has limited the transcription of records as follows:
(a) birth/baptism records – over 100 years old;
(b) marriage records – over 75 years old;
(c) death/burial records – over 50 years old.
Some historical records transcribed prior to the introduction of this policy fall outside this age range but will, in time, comply. The 50 year rule for death records will not apply to graveyard inscriptions. This aligns with websites such as Find A Grave and BillionGraves.
3.6 In some circumstances the Society may transcribe more recent records when acting as an agent/sub-contractor for an organisation which has a legal obligation to provide such records, but a specific contract to cover this work must be agreed with the data controller concerned.
4. Accuracy, security and disclosure of personal information
4.1 The Society is committed to ensuring that the personal information that we hold is secure. In order to prevent unauthorised access or disclosure we have put in place appropriate physical, electronic and administrative procedures to safeguard and secure the information in our possession.
4.2 We may disclose personal information to any of our volunteers, officers, members, suppliers and subcontractors insofar as reasonably necessary to undertake the purpose(s) for which the information was collected and no other purpose. Where a third party is involved we will ensure appropriate security is maintained by way of a written contract.
4.3 We will disclose personal information where we are required to do so by law and where a court or authority orders disclosure of the personal information.
4.4 Except as provided for in this policy, we will not disclose personal information to any third party.
4.5 Members have an onus to let us know if the personal information that we knowingly hold about them or which they have provided to us needs to be corrected, updated or deleted.
4.6 When using the Society’s services the user must not pretend to be anyone whom they are not.
4.7 The genealogical records which we hold and make available to members must not be copied, reproduced, published, downloaded or transmitted in any way except for a member’s own personal non-commercial family history research. They must not be adapted, altered or a derivative work created from them.
4.8 All transcribed material is copyright of the North of Ireland Family History Society and is protected by the UK copyright laws, international treaty provisions and all other applicable national copyright laws and database rights.
4.8 The data must not be used for unlawful purposes.
4.9 The data is provided on an ‘as is’ basis, but every effort will be made to ensure that it is an accurate representation of the existing record.
4.10 In no event will the Society be liable for any damages including, without limitation, indirect or consequential damages, or any damages whatsoever arising from the use of the data.
4.11 We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of personal information.
4.12 We will store all personal information provided to us on secure (password- and firewall-protected) computers.
4.13 All electronic financial transactions entered into through our website will be protected by secure technology.
4.14 Transmission of information over the internet is inherently insecure and therefore we cannot guarantee the security of data sent over the internet.
4.15 Members are responsible for keeping the password they use for accessing our website confidential.
4.16 Under the Data Protection Act any individual may instruct us to provide them with any personal information we hold about them (known as a subject access request) and provision of such information will be subject to:
(a) the payment of a fee (currently fixed at GBP 10); and
(b) the supply of appropriate evidence of the individual’s identity (for this purpose, we will usually accept a photocopy of a passport certified by a solicitor or bank plus an original copy of a utility bill showing the individual’s current address).
5. Retention of personal information
5.1 Our data retention policies and related procedures are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal information.
5.2 Personal information that we process for any purpose or purposes will not be kept for longer than is necessary for that purpose or those purposes.
6. Website and Social Media
6.1 Our website may hold personal information and we will ensure that it is held as securely as is appropriate and that it complies with this policy document.
6.2 The website includes hyperlinks to, and details of, third party websites. We have no control over, and are not responsible for, the privacy policies and practices of third parties.
6.4 This policy will apply to our presence on social media (Facebook, Twitter, etc.). It is recognised that social media has weak privacy controls and our administrators will regularly promote good practice reminding users of their privacy obligations and will take appropriate and speedy action, including the removal of posts and the banning of users, when breeches occur.
6.5 The widespread use of social media has brought the issue of copyright to the fore. Images on social media hold the same copyright as other images. Just because they are posted in a public domain where sharing is encouraged does not mean they are not protected by copyright. If we have not taken the photograph we will make sure that we get permission from the owner to use it and we will make sure that we credit the image correctly – the photographer will often give guidance on how they want the photograph credited.
7. International data transfers
7.1 Information that we collect may be stored, processed and transferred in accordance with this policy between any of the countries in which we operate. We have members in most continents across the globe.
7.2 Some of the countries concerned do not have data protection laws equivalent to those in force in the European Union. Personal information that we publish on our website or in our publications or that is submitted by members on social media may be available, via the internet, around the world. Therefore we cannot prevent the use or misuse of such information by others in those countries. However we will take speedy and appropriate action should we discover that information is being misused.
8. Our contact details
8.1 If you have any queries regarding the handling of personal information by the Society you can contact us by writing to the Data Protection Officer, North of Ireland Family History Society, Unit C4, Valley Business Centre, 67 Church Road, Newtownabbey, Co Antrim, Northern Ireland, BT36 7LS or by email to firstname.lastname@example.org with the subject heading ‘For the attention of the Data Protection Officer’.
Copyright – the grant of an exclusive legal right to produce or perform a literary work, film, work of art, musical composition, software or similar product which is given to the originator of the product for a fixed number of years. In the UK the current copyright law is the Copyright, Designs and Patents Act 1988, as amended, mostly as a result of EU Directives. Copyright law is a minefield, but of particular relevance in the context of this document is the copyright protection given to computer databases (where the Society holds its transcribed records). UK copyright law recognises the element of labour and skill used in compiling them, even though they are not original works, being derived from existing records. The ownership of the data still remains with the originator of the data but copyright law applies to the compiled database. The duration of copyright varies with the product. For example, for literary works in the UK it is 70 years from the end of the calendar year in which the last remaining author of the work dies. For works made by an officer of the crown, Crown Copyright will last for a period of 125 years from the end of the calendar year in which the work was made.
Database right – for databases which were created after 27 March 1996 a separate database right exists in the UK in addition to literary copyright. Database right exists if a substantial amount of work was required by the compiler of the database to obtain the data, to verify it, and/or to present the contents of the database. Database right is independent of any copyright in the data contained in the database. Database right lasts for 15 years from the completion of the compilation of the database or if the database was made available to the public during that period, then the 15 year period lasts for 15 years from the time the database was available to the public. The 15 year period begins again if any major changes are made to the database, as the amended database is regarded as a new creation. Thus databases which regularly undergo significant changes effectively enjoy perpetual database right protection.
Data controller – The Data Protection Act 1998 defines a data controller as “a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed”.
Data Protection Act 1998 – the main UK legislation which governs the handling and protection of information relating to living people.
Data subject – an individual who is the subject of personal data.
Personal data – information which relates to a living individual who can be identified.
Sensitive personal data – personal data consisting of information relating to:
- The racial or ethnic origin of the data subject
- His/her political opinions
- His/her religious beliefs or other beliefs of a similar nature
- Whether he/she is a member of a trade union
- His/her physical or mental health or condition
- His/her sexual life
- The commission or alleged commission by him/her of any offence
- Any proceedings for any offence committed or alleged to have been committed by him/her, the disposal of such proceedings or the sentence of any court in such proceedings.
The presumption is that, because information about these matters could be used in a discriminatory way, and is likely to be of a private nature, it needs to be treated with greater care than other personal data. It must only be processed when one of the following conditions have been satisfied
- The data subject has given explicit consent;
- It is required by law for employment purposes;
- It is needed in order to protect the vital interests of the individual or another person. For example, an individual with a medical condition has an accident at work; it would be in the individual’s vital interest to disclose this condition to medical staff treating the individual; or
- It is needed in connection with the administration of justice or legal proceedings.
The most common condition for processing sensitive personal data is that the data subject has given explicit consent. By explicit consent, it is meant that the consent of the data subject to process their personal information is made absolutely clear. This consent is usually in writing.