Privacy Policy





1 The General Data Protection Regulation (GDPR) became law on the 25th, May 2018 and brought in the biggest change in Data Protection laws for 20 years.

The UK left the EU on 31 December 2020. At 23.00 hours on this date the UK GDPR replaced the existing EU GDPR. This is the same as the EU GDPR in all material respects. Differences between the two are only reflected by the changes required to make it work in a UK only context.

As of 1 January 2021, the UK GDPR together with the amended Data Protection Act 2018 and the Privacy and Electronic Communications Regulation will make up the personal data protection legislation in the UK.

Whilst much of the Regulation is familiar, there are some significant changes, most notably the penalties for non-compliance which is now £17.5 million.

2 The new law has been put into place to give our members and others a clearer understanding of the following seven principles of Data Protection which assert that personal data is: –

  1. Processed lawfully, fairly and in a transparent manner in relation to the data subject.
  2. Collected for specific, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
  4. Accurate and where necessary kept up to date – every reasonable step must be taken to ensure that personal data that is inaccurate is erased or rectified without delay.
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes.
  6. Processed in a manner that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical and organisational measures.
  7. The controller shall be responsible for and be able to demonstrate compliance that the data has been processed lawfully, fairly and in a transparent manner in relation to individuals.

3 UK GDPR also gives data subjects a number of rights over their data, with which the British Transport Police History Group needs to comply.

  1. The right to be informed – transparency over the use of personal data, typically through a privacy policy.
  2. Right of access – a copy of their data must be provided within one calendar month of the request being received.
  3. Right of rectification in the event that the data is inaccurate or incomplete.
  4. Right to erasure of all personal data held on a subject, where certain conditions apply.
  5. Right to restrict processing to storage of data only.
  6. Right to data portability – data subject has a right to a copy of their data in a common format.
  7. Right to object to processing based on a legitimate interest.
  8. Right not to be subject to automatic decision making, including profiling.

4 The security of your data is of the utmost importance to us. We use all reasonable measures to protect your information.

5 We hold your information because you provided it to us when you joined the British Transport Police History Group. We keep the details of your name and address, email address, telephone numbers to send publications and other relevant notifications to you.  Your service details on your Personal Service Record form are kept and only released after your death unless you previously advise us not to.

6 We keep your information secure. Access to your information is restricted to a small number of committee members. We never buy or sell information.

7 Financial laws mean that all financial information, including donations must be kept for 7 years. After this time the information will be archived or safely destroyed. We cannot by law, destroy this information before this time.

8 Under the new regulation you have the right to know what personal information we hold about you. Should you wish to opt out of any of our correspondence you can do this by contacting the General Secretary / Data Protection Officer in writing to the address below.

9 Individual members are responsible for keeping their own personal data up to date. Any changes to the data you have previously supplied to us please inform the General Secretary / Data Protection Officer  address below.

10 This document gives a brief outline of the new UK General Data Protection Regulation applicable to the British Transport Police History Group. Should you wish to have a copy of our comprehensive UK GDPR policy please write to the General Secretary / Data Protection Officer at the address below*.

11 If you have a specific concern or complaint about the way (BTPHG) handles your personal data, you can contact the (BTPHG) Data Protection Officer and team at the address below or,

12 If you are unhappy with how we have processed your information, you have the right to lodge a complaint with the Office of the Information Commissioner, on 0303 123 1113. We have a duty to report a breach within 72 hours.

General Secretary /Data Protection Officer, British Transport Police History Group                                                                                                                                                                                  Version 3  01/07/21  Review 01/07/23


*A postal address is shown on every edition of our History Lines newsletter (distributed quarterly to members) or is available on request via the above email address.