The privacy and security of your personal data is very important to us. We take the responsibility seriously and want you to be confident in how we process your information.
This Privacy Policy explains how and why we, The Campaign for Real Ale (CAMRA), use your personal data, your rights and our obligations to you.
This Privacy Policy applies if you’re a member, volunteer, customer, employee or supporter or use any of our services, visit our online facilities such as websites or apps, email, call or write to us. We may, in certain circumstances, provide specific privacy notices related to individual items but they will always refer to this privacy policy.
We will never sell your data and will only share it with companies when it is necessary, there is a legitimate interest, or where explicit consent has been given and the privacy and security of the data is assured.
We will continue to monitor our processes and if, in certain circumstances, we need to update our privacy policy we will notify you.
CAMRA is considered one of the most successful consumer campaigns ever. Our aim is to have good quality real ale, ciders and perries and to have thriving pubs and clubs in every community. We are independent, not-for-profit and non-party political.
CAMRA (the data controller) is a not-for-profit company, limited by guarantee, registered in England and Wales: 01270286. We are a registered data controller with the Information Commissioners Office. Our ICO register number is: Z7458368. Any reference to ‘us’, ‘we’, ‘our’, ‘data controller’ is in reference to CAMRA. Any reference to ‘data subject’ is in reference to individuals whose data we process.
If you have any Data Protection concerns you can direct them to our Data Protection Officer at dataprotection@camra.org.uk or call 01727 798437
Our three key reasons for collecting data to then be processed are listed below.
We will ask for relevant information to enable us to fulfill our obligation to you or provide the service requested.
Personal Data – Personal data is information that can be used to identify a living individual or as part of a set of information that, used together, can identify an individual. This will normally include title, name, address, age and contact details which includes email, postal address and telephone number. Your CAMRA membership number, once assigned to your member record, is personal data. We will also process payment details in accordance with the relevant regulations.
Sensitive Personal Data – This includes, but is not limited to, racial or ethnic origin, political belief, sexual orientation. We do not request or hold this type of data. We do hold some medical information relevant to a role being undertaken e.g. a beer festival may request any medical information you feel is relevant before working at a beer festival.
During the process of data collection we will ask for your consent to enable us to contact you with information about our campaigns, industry-related news, products and services available to you, festivals, information about real ale (cider and perry and pubs), to be contacted by your local branch, fundraising and keep you informed about related products, services and events from our partners. These choices form your marketing communication preferences and will determine the type of information we send you.
Your consent will be, where possible, requested at the point you supply the data. We may request your data for a single specific use, such as staffing at a beer festival or supplying your email address to support a campaign, but will always refer back to this privacy policy.
Your activities related to your involvement with us will result in personal data being created and held. This could include details of how you have volunteered or how you are involved with our campaigns and activities.
We will analyse the data that you provide so that we can communicate with you more effectively and better understand your preferences and ability to support the campaign.
We may request data from you specifically related to volunteer activities you undertake (e.g. references, criminal records, details of emergency contacts, medical conditions etc.). The data requested will be related to the activity undertaken. The information will be processed for legal or contractual reasons and are in place to safeguard both us and you.
All personal data provided as part of volunteering will be treated in line with GDPR and will not be passed to third parties. Where data has been provided by an individual for volunteering purposes, related to a specific event, CAMRA reserves the right, under the lawful reason of legitimate interest, to contact you about future instances of that event, specifically related to volunteering. This does not affect any individuals rights and any individual can request to be removed from that list.
CAMRA does not allow members under the age of 18 to join CAMRA. We therefore request, as part of the joining process, for a Date of Birth which will be held on your member record.
In order to process your information we must have a lawful reason for doing so. The four most common reasons why we process your data are as follows;
CAMRA will only process (use) your personal information if we have:
This is the legal ground for us to process your personal information if we have a genuine and legitimate reason for doing so. Legitimate interests do not harm your rights and interests as an individual.
Examples of where CAMRA would use grounds of legitimate interest to process your data would include the following.
We will process your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) as outlined by the Data Protection Act 2018 (DPA 2018)
Personal data provided to us will be used for the purposes as outlined at the time of collection in a fair processing notice.
We will use your data in accordance with the lawful basis we collected it. Below are the main uses of your data which depend on the type of relationship we have with you and how you interact with our services, websites and activities.
We use the personal data you provide at the point of joining to help us provide you the services linked to membership. This includes the following;
All customers purchasing a product such as a book or service e.g. subscription to a CAMRA digital application will have personal data collected. This includes the following
To enable us to process your purchase
To allow us to provide the product or service requested
To contact you about your purchase
If consent is provided, to contact you about other items that you have consented to be contacted about.
We may request your personal data in order for us to provide you with a single use service. This may include, but is not limited to, information about an event or campaign. We will request consent at the time of collection and will provide an opportunity to opt out in all future correspondence. We will only contact you about this specific use and the initial consent gives us the right to send you further communications about this single issue. We may also request explicit consent for other items such as contacting you about membership or other products.
In accordance with GDPR we can only send you communications that you have consented too. You can manage your preferences on what you would like to hear about on your membership record in the member area of the national website.
We will only contact you with relevant content, as defined by your preferences, about campaigns, events, news, member benefits, fundraising and products. We will never pass your personal data, outside of contracted services, to any company outside of CAMRA.
You can amend your preferences at any time and stop communications. Update your preferences by visiting the national website, sign in, go to Edit your membership information, Enter/amend my record and go to preferences.
We want you to get the most out of your relationship with us. If you are updating your details online please allow up to 5 working days for all our internal systems to be updated. If you contact us via email or post please allow for 10 working days from request to action.
In order for us to provide the most relevant information to you we do profile our data to best suit the audience.
We use specific tools to profile how you interact with us online e.g. we use Google Analytics to collect aggregated data to enable us to optimise the user experience.
All profiling is undertaken to enhance the user experience.
We may gather additional information about you from external sources. We run data checks at intermittent occasions as required to check for updates to addresses and for mortality screening in order to ensure our data is as accurate as we can make it.
In order to provide membership and / or any customer service we do share your data to fulfill these requirements.
We use external companies who have all been required to provide evidence of Data Protection Compliance. Your information will not be used for anything other than the required service detailed in the Data Sharing agreement between CAMRA and the third party Data Processor. A list of third parties is a follows;
You can update your personal data at any time. This includes the right to withdraw your consent to any of our marketing communications. If you are updating your details online please allow up to 48 hours for all our internal systems to be updated. If you contact us via email or post please allow for 10 working days from request to action.
If you want to update or amend your personal data or marketing preferences you can do so in the following ways:
Online: Visit https://account.camra.org.uk and sign in. Click on Marketing Preferences and edit as required.
Email: You are able to manage marketing communications via a quick and easy to use preference centre which can be accessed in a link sent in each email. Alternatively you can write to membership@camra.org.uk. Please confirm your membership number and your request. We will store this email on your member record as proof of consent for any amendments to your record.
Call us: (Office opening hours week days 9am to 5pm) 01727 798440. We can amend your contact details. Marketing preferences must be done in writing or by yourself online.
Write to:
(We will update your member record within 10 days of receipt of request)
You have a number of rights under GDPR and this section briefly highlights them. For more information visit www.ico.org.uk
If you would like to make a request, please contact the follow email dataprotection@camra.org.uk or write to us at Data Request, 230 Hatfield Road, St Albans, Herts, AL1 4LW. You will be asked to provide the following details:
We will also need to provide information for use to be able to confirm your identity. If we do hold personal data about you we will give you a copy of the information in an understandable format together with an explanation of why we hold and use it.
We will only use and or store your information for as long as it is required for the purpose it was collected. The purpose will determine how long it will be kept. This can sometimes be to meet a statutory or legal requirement. If we have explicitly informed you of the length of time we will securely destroy the data in question.
To read about CAMRA’s Cookie policy, please visit CAMRA cookies . For additional information on how you can manage which cookies are used by CAMRA, please see cookiechoices.org.
Some CAMRA websites use Third party vendors, including Google, which use cookies to serve ads based on a your previous visits to our website or other websites.
Google’s use of advertising cookies enables it and its partners to serve ads to you based on your visit to our sites and/or other sites on the Internet.
Users may opt out of personalised advertising by visiting Ads Settings.
CAMRA Apps – Please visit Apps for more information. IOS and Android platforms have their own privacy terms which are subject to be accepted by the user.
Links to other websites – Our website may, from time to time, feature links to websites of partners, advertisers and affiliates. If you follow these links please note these websites have their own privacy policies and that we do not accept any responsibility or liability for them. This privacy policy relates only to the personal data collected by CAMRA.
Information system and data security is imperative to us to ensure that we are keeping our customers, members, volunteers, employees and contractor safe.
We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever changing threat landscape. Our staff complete mandatory information security and data protection training as part of an induction process and annually thereafter to reinforce responsibilities and requirements set out in our information security policies.
When you trust us with your data we will always keep your information secure to maintain your confidentiality. By utilising strong encryption when your information is stored or in transit we minimize the risk of unauthorised access or disclosure; when entering information on our website, you can check this by right clicking on the padlock icon in the address bar.
CAMRA has an active PCI-DSS compliance programme in place. This is the international standard for safe card payment processes. As part of our compliance to this very stringent standard, we ensure that our IT systems do not directly collect or store payment card information; for example the full 16 digit number on the front of the card or the security code on the back. We regularly undergo compulsory system scans to ensure our compliance.
Our online payment solutions are carried out using a ‘payment gateway’ (e.g. Sagepay) which is a direct connection to a payment service provided by a bank. This means that when you input card data into the payment page, you are communicating directly with the bank and the bank passes your payment to us, this means that your payment card information is handled by the bank and not processed or held by us
We run a number of events in locations that are not owned by us and their Closed Circuit Television (CCTV) is managed by those properties. Where CCTV is installed by CAMRA we will clearly display that you may be recorded when you visit them.
CCTV is used to provide security and the detection of crime. It is there to protect both our members and visitors and CAMRA. CCTV will be only be viewed when necessary (e.g. to detect or prevent crime) and footage is stored for a set period of time after which it is recorded over. CAMRA complies with the Information Commissioner’s Office CCTV Code of Practice and we put up notices so you know when CCTV is used.
If you are unhappy with anything related to your personal information please contact us directly so that we can resolve any problem or query. You can contact us directly on 01727 798440 or dataprotection@camra.org.uk
You also have the right to contact the Information Commissioners Office (ICO) if you have any questions about Data Protection. They are contactable via the phone on 0303 123 113 or visit their website www.ico.org.uk.
We will amend this Privacy Policy from time to time to ensure that it remains up to date and reflects clearly how we use your personal data. Please visit our website to keep up to date with any changes. We will not amend anything that will affect your rights. The current version will always be posted on our website.
Amended (22/02/22)
We do not have policy of preventing under 18’s from joining CAMRA. CAMRA offers a concessionary membership for anyone under the age of 26 and therefore require a date of birth to be held on member records. Anyone under the age of 18 will not be included in any direct marketing.
To (22/02/2022) (Typo amended 25/05/2022)
CAMRA does not allow members under the age of 18 to join CAMRA. We therefore request, as part of the joining process, for a Date of Birth which will be held on your member record.
Amended paragraph to clarify lawful reason for volunteers to be contacted regarding events they have previously volunteered.
Removed – We will only use your personal data on the relevant lawful grounds as detailed above. We will do this in accordance with the EU General Data Protection Protection Regulations (GDPR) which come into effect on the 25th May 2018 and the Privacy and Electronic Communications Regulations (PECR)
Added – We will process your personal data in compliance with the UK General Data Protection Regulation (UK GDPR) as outlined by the Data Protection Act 2018 (DPA 2018)
This Privacy Policy was last updated on the 25 May 2022.