Privacy Notice
a:gender is the support network for Trans and Intersex staff across Government. We provide support to Trans & Intersex staff as well as managers, HR, policy teams, and parents and guardians of Trans & Intersex people.
Purpose for a:gender in holding your personal data
The a:gender network holds information about members of the network. We use your personal information to notify you of a:gender related activities, canvas your views, distribute our newsletter, and alert you to events or information that may be of interest to you in your capacity as a member. We use disclosure control measures to ensure anonymity of our members is maintained when engaging through mailing lists. Your personal data is not revealed to any other member or other individual.
We also use the information collected to produce statistics about our membership, for example how membership varies by region or department. We only use aggregated data to produce statistics to help track how our membership changes over time and target some of our initiatives to help recruit members in less well-represented areas.
The legal basis for holding your personal data
The data protection legislation comprising the UK General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018 are the legislative frameworks that establish rules for the gathering and processing of personal information within the UK.
a:gender relies upon consent to hold your personal data for the purposes outlined above. The GDPR outlines the criteria for consent as follows:
Consent of the data subject means any freely given specific, informed and unambiguous indication of the data subject’s wishes by which they, by a clear affirmative action, signifies agreement to the processing of personal data relating to them.
We believe you should always know what data we collect from you and how we use it, and that you should have meaningful control over both. If you decide to join a:gender and therefore consent to us holding your personal data, the following information may be of interest to you.
Where is your personal data is held?
a:gender uses GitHub Pages to host the website, and Google to store data. The membership form is completed on Google's servers, a:gender is the Data Controller and Google is the Data Processor.
Where needed, members of the a:gender Executive Committee may download data held on Google and store it on their home department’s secure servers or cloud services, which are managed by each respective Civil Service department, agency, or public body. a:gender use data minimisation practices to ensure only the data that is needed is stored in any given location, for example personal identifiers such as names and email addresses are not required for statistical purposes so they are removed from these datasets.
Who can access your personal data?
Your data can be accessed by the a:gender Chair, Secretary and Membership Officer, and members of the a:gender Executive Committee where a clear purpose has been determined. A username, password and two-step verification are needed to access data saved on Google; passwords are changed regularly for security purposes.
To contact the a:gender Data Protection Officer please email [email protected].
Is your personal data shared with anyone else?
We will not share your data with any other person or organisation without first obtaining your consent.
How can you cancel your membership or notify us of any changes to contact details?
You can email [email protected] to request membership cancellation and to have your data removed from Google and any other locations where it is stored. We will confirm by email that we have deleted your data. To notify us of any changes to your membership details, contact us at the same email address.
Note that you cannot contact Google directly to ask for your information to be removed from their servers, you will need to contact a:gender directly as the Data Controller.
Your rights under GDPR
You have the following rights under the GDPR and can exercise them at any time:
- The right to be informed.
- The right of access to one’s own data, also known as Subject Access Rights, should you wish to request details of any or all the information that the organisation holds about you.
- The right of rectification – individuals will have the right to obtain from the data controller the rectification of inaccurate personal data concerning them. Organisations must respond within one month of the request.
- The right to erasure – also known as the ‘right to be forgotten’. An individual can request the deletion or removal of personal data where there is no compelling reason for its continued processing.
- The right to restrict processing.
- The right to object.
- Rights in relation to automated decision making and profiling.
For a full explanation of your rights see Individual Rights on the Information Commissioner’s Office (ICO) website. You can also contact the ICO to raise a complaint.