🔒 Privacy Notice & Data Protection Policy
Email: GC.liverpool@raynet-uk.net · Website: raynet-liverpool.net
Liverpool RAYNET Group is a voluntary emergency communications organisation. We support events, exercises, incidents, training, and community resilience activity. In doing so, we handle personal data relating to adult members, adult volunteers, and adult third-party contacts.
We are committed to processing personal data lawfully, fairly, securely, and transparently in accordance with the UK General Data Protection Regulation, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations where applicable.
This document serves as both Liverpool RAYNET Group's privacy notice and its general data protection policy.
Liverpool RAYNET Group, acting through its Management Committee, is the data controller for the personal data covered by this policy.
Data Controller contact:
Ian Jones, Group Controller
Email: GC.liverpool@raynet-uk.net
Website: raynet-liverpool.net
Liverpool RAYNET Group is registered with the Information Commissioner's Office.
RAYNET-UK operates its own website, email system, and member management system under its own control. RAYNET-UK is therefore a separate data controller for that processing. Members should refer to RAYNET-UK's own privacy information for the way RAYNET-UK collects, stores, and uses personal data through its own systems.
This policy applies to personal data processed by Liverpool RAYNET Group in connection with:
- membership administration at group level
- training and learning administration
- event, exercise, and incident coordination
- operational communications and deployment
- finance and expense reimbursement
- photographs and publicity
- website cookies, analytics, embedded media, and social-media plugins
Liverpool RAYNET Group may collect, store, and use the following categories of personal data about members and volunteers:
- name
- callsign
- DMR ID
- postal address
- email address
- telephone number
- date of birth
- emergency contact details
- vehicle details, including vehicle registration where relevant
- qualifications and training records
- attendance records
- deployment logs
- incident notes and SITREPs
- health or welfare information where operationally necessary
- photographs
- APRS location data and live location data
We may also hold limited personal data about adult third parties such as marshals, first aiders, welfare staff, organisers, and agency contacts, including their name, email address, and mobile number where needed for event or operational contact.
We may also process finance-related personal data, including payer name, transaction reference, amount paid, expense claims, invoices, and bank details used for reimbursement.
We normally collect personal data directly from the individual concerned.
We may also receive limited personal data from RAYNET-UK where this is relevant to group administration or operations.
Liverpool RAYNET Group uses personal data for the following purposes:
- to maintain group-level membership and contact records
- to contact members for operational deployment, event duties, meetings, and training
- to administer qualifications, competence, attendance, and learning records
- to coordinate events, exercises, and emergency communications activity
- to maintain deployment logs, incident notes, and SITREPs
- to manage insurance-related and governance-related records
- to support welfare and safe deployment decisions
- to reimburse legitimate expenses and maintain finance records
- to manage website and training-platform access
- to publish photographs and publicity material where lawful
- to operate location tracking during authorised events, exercises, incidents, or deployments
- to comply with legal, insurance, safeguarding, and safety obligations
Liverpool RAYNET Group relies on different lawful bases depending on the activity.
- Contract — for core group membership administration that is objectively necessary to run a member's participation in the Group.
- Legitimate interests — for routine operational coordination, event administration, training records, attendance, qualifications, deployment records, limited sharing for events, finance administration, and similar day-to-day group functions.
- Legal obligation — for compliance with legal obligations, insurance requirements, safeguarding issues, and health and safety duties where applicable.
- Consent — for public-relations and social-media photographs of identifiable individuals used as featured or promotional images.
- Consent — for non-essential cookies, analytics, embedded videos, and social-media plugins on the website.
Health and welfare information is special category personal data and is handled only where genuinely necessary, with access limited to those who need to know.
Liverpool RAYNET Group will collect and use such information only where it is operationally necessary, proportionate, and lawful to do so.
Liverpool RAYNET Group may use APRS and live location tracking, including through SARstuff, during authorised events, exercises, incidents, and deployments.
Location tracking is used only for operational coordination, safety, welfare, and insurance-related purposes. It is not used for routine private monitoring outside authorised activities.
Location data and track logs may be visible to authorised personnel with a genuine operational need to know.
Liverpool RAYNET Group may use photographs for membership administration, identification, public relations, website content, and social-media content.
For featured, posed, or clearly identifiable promotional images of members or other individuals, Liverpool RAYNET Group will seek explicit consent where appropriate.
For general crowd shots or scene-setting images taken at public events, Liverpool RAYNET Group may rely on legitimate interests where use of the image is proportionate, people would reasonably expect such photography, clear notice is given, and the image is not used in a way likely to cause unfairness, harm, or distress.
Members may provide emergency contact details for operational safety purposes. Members are responsible for ensuring that the emergency contact knows that their details have been provided to Liverpool RAYNET Group for that purpose.
Emergency contact details are used only where relevant to welfare, safety, or urgent operational need.
Liverpool RAYNET Group processes limited finance-related personal data in order to record payments, maintain an audit trail, and reimburse legitimate expenses.
This may include payer name, transaction reference, amount paid, bank details for reimbursement, expense claims, and invoices.
Liverpool RAYNET Group shares personal data only where there is a lawful basis and a genuine operational, administrative, safety, insurance, or legal need to do so. We may share personal data with:
- SARstuff — for operational management, incident coordination, location tracking, and operational records
- Moodle — for learning administration, course access, attendance, assessment results, certificates, learning progress, forum posts, and assignments
- Google Workspace — where used as a document repository for membership lists, attendance records, training records, deployment logs, incident reports, finance records, photographs, and committee papers
- Website and hosting providers — where necessary to run raynet-liverpool.net and its supporting services
- Event organisers, local authorities, emergency services, and partner agencies — where operationally necessary, usually limited to first name and callsign, and in some cases mobile number or vehicle registration
- Insurers, safeguarding contacts, regulators, or law enforcement — where disclosure is required or justified by law, safeguarding duty, insurance need, or urgent risk to life or safety
Liverpool RAYNET Group uses third-party platforms and services including SARstuff, Moodle, Google Workspace, website hosting, and related tools.
Liverpool RAYNET Group expects providers handling personal data on its behalf to process it securely and appropriately under applicable contractual terms and data protection law.
To the best of Liverpool RAYNET Group's knowledge, its data is normally stored in the UK. However, some service providers may process personal data outside the UK.
Where personal data is transferred outside the UK, Liverpool RAYNET Group will seek to ensure that appropriate safeguards are in place, such as recognised contractual safeguards or other lawful transfer mechanisms required by UK data protection law.
Liverpool RAYNET Group keeps personal data only for as long as necessary for the purpose for which it was collected. Current retention periods are:
| Category | Retention Period |
|---|---|
| Membership records | 18 months after leaving, or 6 months after death |
| Qualifications records | Same as membership records |
| Health or welfare details | Same as membership records, unless shorter period appropriate |
| Attendance records | 3 years |
| Moodle learning records | 18 months after the member leaves |
| Deployment logs, incident notes, and SITREPs | 6 years |
| APRS and live location data | 3 months after the relevant event or deployment |
| Emergency contact details | 3 months after the relevant event, unless part of current membership records |
| Third-party contact details for events | 18 months |
| Third-party contacts in SARstuff operational logs | Lifetime of the relevant operational log (SARstuff arrangements) |
| Payment records, expense claims, invoices, and reimbursement records | 6 years from end of relevant financial year |
| Standalone reimbursement bank details | Only for as long as needed for active reimbursement |
| Membership ID photographs | Same as membership records |
| Public-relations and social-media photographs | Until consent withdrawn or image no longer needed, subject to annual review |
Where retention periods expire, records will be securely deleted, destroyed, or anonymised as appropriate.
Raynet-Liverpool.net uses cookies and similar technologies. Non-essential cookies, analytics tools, embedded videos, and social-media plugins that collect personal data or store or access information on a user's device will be activated only with the user's consent through our cookie consent tool. Users will have the option to reject non-essential technologies.
Liverpool RAYNET Group does not use its website for unsolicited direct marketing.
Liverpool RAYNET Group sends operational emails, calls to meetings, and event details. It does not use personal data for unsolicited marketing, fundraising promotion, or general commercial advertising.
Liverpool RAYNET Group applies technical and organisational measures to protect personal data. These include access controls, password protection, secure storage, sensible limitation of access, member awareness of responsible data handling, and secure disposal of records when they are no longer needed.
Access to personal data is restricted to those with a genuine operational or administrative need to know.
Any member who becomes aware of a personal data breach, suspected breach, loss, or unauthorised disclosure must report it promptly to the Group Controller.
Liverpool RAYNET Group will assess the incident, record it, and where legally required notify the ICO without undue delay.
Liverpool RAYNET Group will carry out a data protection impact assessment where a new technology, tracking function, database, or other change is likely to create a high risk to individuals' rights and freedoms.
Under UK data protection law, you may have the right to:
- request access to your personal data
- request correction of inaccurate or incomplete personal data
- request erasure in certain circumstances
- request restriction of processing in certain circumstances
- object to processing in certain circumstances
- request data portability where applicable
- withdraw consent at any time where consent is the lawful basis
- complain to the Information Commissioner's Office
Requests should be sent to: GC.liverpool@raynet-uk.net
Membership is administered through RAYNET-UK rather than by Liverpool RAYNET Group itself. However, if a member does not provide the personal data needed for local administration, training, deployment, reimbursement, emergency contact, or operational safety, Liverpool RAYNET Group may be unable to deploy that member, enrol them on training, contact them in an emergency, or reimburse legitimate expenses.
Liverpool RAYNET Group does not carry out solely automated decision-making or profiling about individuals.
This policy will be reviewed at least annually, or sooner if Liverpool RAYNET Group's processing activities, systems, or legal obligations change.
Liverpool RAYNET Group will try to resolve any privacy or data-protection concern fairly and promptly. If you are dissatisfied with the way your personal data has been handled, you may complain to the Information Commissioner's Office.