The Committee of the Southern African Bulb Group (SABG) understands the importance of security when it comes to personal data. This policy sets out what we do with your information and how we keep it secure. It also explains where and how we collect your personal information and what rights you have over any information that we hold about you.

This policy applies to you if you are a member of the SABG, attend our meetings, take part in other activities such as the Bulb and Seed Exchange, use our web-site and other online resources, read our newsletters or interact with any social media accounts we may set up. When we refer to ‘we’ or ‘us’ in our privacy policy, we’re referring to the Committee of the SABG. More information about the SABG and our activities can be found at the page “About the SABG” and in our Constitution.

• Personal information that you provide to us such as your name, postal address, telephone number, email address, and any enquiries or feedback from you, including by phone, email, post, or if you communicate with us via social media;
• Information about any services (such as the Bulb and Seed Exchange) that we have provided to you in the past, including the services provided, the amount that you paid or donated, and where the item was sent (if applicable), and any other information required to carry out the transaction;
• Our web server logs include the IP addresses of the computers and other devices used to access our online services, including the SABG web-site; this information does not reveal who uses the web-site or whether they are SABG members; we do not currently use this information, but in future we might use it for statistical analysis of the use of our web-site;
• In future, we may provide optional online discussion forum and social media facilities, in which case we shall need to store your account login details, including your user identifier, email address, password and your specific preferences for which type of information that you wish to receive. In that event, we will never ask for your login password by email, telephone, or face to face.

We only collect and store the personal information you explicitly give us in connection with your membership of the SABG. We will never ask you for any personal information that is not required to carry out the specific service requested.

If you make payments to us, such as the member’s joining fee, monetary donations to the Bulb and Seed Exchange, or any other payments, we do not request, obtain or store any information about any means of payment you might use. Such payments might be made in cash, by cheque, by PayPal or directly to the SABG bank account managed by the Treasurer or another Committee member. In no case is any personal financial or account information received by us.

We store information about SABG members in three ways:

• on paper, for limited periods in order to provide services such as the annual Bulb and Seed Exchange;
• in digital form, in order to send out emails to members and, in future, to identify members contributing to the web-site and online forum:
  • on the home personal computers of the Treasurer, Membership Secretary, and Newsletter and Web Editor, protected from unauthorised use by routers, firewalls, passwords and physical security;
  • on the servers of an online web hosting company (see below).

See also our page about our use of Cookies, which contain information stored on your computer or device and under your control.

The information that we collect may be used to:

• Make our web-site and online services services available to you;
• Send email messages to members;
• Process your donations or requests;
• If necessary, ensure that our members are who they say they are;
• Conduct statistical analysis, in which members are not individually identified.

In common with many other web sites, we use the following open-source software:

• the Apache web server software to deliver web pages from our server to your computer or other online devices,
• the DokuWiki wiki software to manage those web pages and allow authorised members to edit them or add comments,
• the Admidio membership database software to manage information about our members, and
• the MariaDB database management system to support the membership database.

In future we plan to add an online discussion system to manage questions and answers from users, which may use DokuWiki or a separate online forum software.

The use of open-source, rather than proprietary, software means that the software is independently developed, inspected and reviewed, and should therefore be relatively free of undetected or concealed security concerns.

We use a web hosting company (currently Kualo Ltd., based in the UK) to provide the web servers on which our online resources are hosted, including our web-site, membership database and online forum. No information about SABG members is provided to that company, except in so far as member information is stored in a database on their servers. We are therefore reliant on, and we have every confidence in, the security of their servers. Passwords and other security information needed to access members’ personal information are not made available to the company. Kualo’s own statements on their data privacy policy include this: https://www.kualo.co.uk/blog/gdpr-shared-responsibility-for-data-security We currently do not work with any other organisations, for example to provide services to members.

We use the public-domain open-source software listed above to provide these services. No members’ personal information is provided to the originators of this software.

We may provide your personal details to outside organisations or individuals if required to by law or by due legal process, for example in response to requests seeking to protect the legal rights of members or others. As a voluntary organisation with no legal foundation, we will attempt to comply with applicable law.

We will not transfer your personal information to any individual or organisation outside the United Kingdom.

We may in future use a third-party analytics service to collect information about website performance and how users navigate through and use our site, to help us design better interfaces. We will not use this to track you individually or collect personal data.

You have various rights of access and control over your personal information, as stipulated in the European General Data Protection Regulation (GDPR). Contact us via one of the methods shown below if you wish to exercise any of these rights.

By law, you can request access to the information that we hold about you. If we agree that we are obliged to fulfil the request, we will provide it free of charge and within 30 days of receiving the request. Before doing so we may ask for further information or proof of identity so that we can correctly identify you.

If any of the information that we retain is incorrect or out of date you may ask us to correct it, or if you have a question or complaint about this policy, please contact us by one of the methods below.

You have the right to request that we stop using and/or delete your personal information if we are not entitled to use it any more or are keeping it too long, if this does not conflict with any data retention regulations.

We retain your personal information for as long as required, to provide you with membership services whenever you contact us regarding your membership or our activities. Your information is retained in accordance with the relevant laws and regulations, and not longer than necessary.

When you interact with our online forum or other social media accounts (e.g. writing posts or adding comments) please note that your information may be visible to the providers of the social media account, as well as other users. It is your responsibility to ensure your privacy settings are set to an appropriate level that you are comfortable with.

You can amend your preferences or unsubscribe by email to a member of the SABG Committee named on our Contacts page, or by post to

• the Chairman, Paul Cumbleton, The Maples, Watts Quarry Lane, Somerton, Somerset TA11 7JD, UK
• the Vice-Chairman, Jon Evans, 6 Upper Way, Farnham, Surrey GU9 8RF, UK

You also have the right to lodge a complaint with the UK regulator, the Information Commissioner. Go to https://ico.org.uk/concerns to find out more.

We are always looking to make improvements to our website to try to improve the clarity of our information policy and the quality and usefulness of your visit. We would welcome your feedback and suggestions, so please do not hesitate to email our web editor with your comments.

This version of the SABG Privacy Policy was implemented in May 2018 and last edited in July 2018.