GDPR Privacy Policy

Last Modified: April 2018.

  1. This personal data privacy policy covers the systematic, routine collection of personal data processed1 by RHQ RE and the Corps charities2 to support the legitimate operations of those charities. It includes data collected on Charity and non-charity (Civil Service) employees (full and part time) in support of employment activities and some data collected from customers. The policy explains why we collect your data, what we use it for and how long we keep it. It sets out your rights and our responsibilities and how you can query our holdings of your data.

    1 Includes collecting; storing; accessing; and deleting.
    2 RE Association; Institution RE; RE Museum, Library & Archive; REVETT; Central Charitable Trust.

  2. Data We Collect From You.
    We collect only data you give us and that we need to efficiently, effectively and legally discharge the duties of the charities. We collect no third-party information. We collect:

    1. Personal: We collect your name, address, email address and phone number. Where necessary we will also collect your Army number and date of birth. We will also collect management information (performance, sick and disciplinary records) of employees.
    2. Financial: Where necessary for the collection and payment of membership dues, employment and HMRC, or purchase of goods and services including donations and gift aid, we will collect details of your bank account(s), your National Insurance Number and credit card details.
    3. Career/Qualifications: Where necessary for our purposes we will collect details of your career, including assignment details, military contact details and qualifications gained.
    4. Photographs: The RE Museum uses CCTV for security purposes. Images captured by the system will normally be retained for no longer than 5 days unless we are asked to retain them for longer by legitimate authorities.
  3. How We Process Your Data.
    Some of your data will be pooled for use by all Corps charities; other data will be processed only by the organisation that collects it. Pooled data includes information needed to contact you (e.g. name, address, phone, email), collect membership fees from you and comply with current legal requirements (e.g. NI number, income tax details). Data not shared will include any benevolence matters, qualifications and membership data. Your data will be used only to support the legitimate and agreed purposes of the Corps charities. Specifically:

    1. To send you magazines (e.g.: Sapper magazine; the RE Journal; the RE List; Sapper Telegraph; FoREM magazine) from time to time.
    2. In support of benevolence activities where necessary.
    3. To retain a record of qualifications granted and held.
    4. To meet the legal requirements of an employer towards its employees.
    5. To alert you to events or activities organised by one of the Corps charities, including fundraising about which you might be interested.
    6. To process your application for Registration with the InstRE or other qualifications.
  4. How Long We Keep the Data.
    We will retain your data:

    1. If you are an employee (full time, part time or volunteer), UK law requires us to keep your basic personal data (name, address and contact details) for a minimum of 6 years after which it will be destroyed.
    2. For as long as you remain a member of the REA or Inst RE. Should we lose contact with you without specific instructions to the contrary we will retain your basic personal data for archive purposes. Information collected in the RE Lists will be retained in the Corps archives as an historical record.
    3. While you are a member of FoREM.
    4. While you are registered with REVETT and still serving.
  5. How and When We Share Your Data.
    All Corps charities will share your personal data between each other with any changes you make with one charity automatically being seen by the others where necessary and agreed. We will only share any sensitive data (e.g. bank details; family or benevolence details) with your express permission. We will only share your data with someone other than another Corps charity with your permission or where we are required to by law. We will never use your data, or allow others to use your data, for any marketing purposes other than that expressly connected with Corps charity activities.
  6. How We Keep Your Data Secure.
    1. Your data is normally held on our behalf by DATAWARE and no data is stored or processed outside the EU. DATAWARE hosts the single database that supports all Corps charities; data is fully encrypted both ‘at rest’ (i.e., when stored on the server) and ‘in motion’ (when being accessed by users). Your data only appears as ‘open’ information when being viewed by an authorised member of staff.
    2. Data held in hard copy is secured in approved, locked cabinets with access restricted to those who need to know only.
    3. All staff receive periodic training and updates on the correct method of safe and
      secure handling of personal data.
  7. Changing Our Privacy Policy.
    We may change our privacy policy from time to time to reflect changes in working practices or the law. Changes will be announced on line as necessary and available as .pdf downloads or hard copy to those wanting a copy.
  8. What Are Your Rights?
    If at any point you believe the information we process on you is incorrect you may ask to see what data we hold and in some cases to have it corrected or removed. If you want to complain about how we handle your data you should contact your data controller; if that does not help then contact our data protection officer and finally, if you still feel we are not processing your data in accordance with the law, you can complain to the Information Commissioner’s Office (ICO).
  9. Getting In Touch With Us.
    If you wish to get in touch with us, contacts are:

    1. RE Association Chief Executive
    2. Institution RE. Chief Executive
    3. RE Museum, Library & Archive
    4. RE Vocational Educational Training Trust
    5. RE Central Charitable Trust
  10. Data Protection Officer.
    The Corps Secretary ‘’
  11. Complaints Procedure.
    Complaints should be addressed in the first instance to the Data Protection Officer. Should your complaint not be settled in this way you can complain to the Information Commissioner’s Office (ICO).

Insurance Policy

Current Insurance Schedule

Insurance Schedule 2023-2024

Cyber Insurance Policy

Cyber Insurance Policy 2022/23

Employers Liability Certification

Employers Liability Insurance 2023-2024