British Nuclear Test Veterans Association Privacy Policy  

• User privacy and data protection are human rights 
• We have a duty of care to the people within our data 
• Data is a liability, it should only be collected and processed when absolutely necessary 
• We do not spam or support this practice 
• We will never sell, rent or otherwise distribute or make public your personal information 

Along with our business and internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy: 

• UK Data Protection Act 1988 (DPA) 
• EU Data Protection Directive 1995 (DPD) 
• EU General Data Protection Regulation 2018 (GDPR) 
• Australian Privacy Act 1988 (APA) 

This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are unsure about whether this site is compliant with your own country of residences’ specific data protection and user privacy legislation you should contact our data protection officer (details of whom can be found in section 9.0) for clarification. 

This website collects and uses personal information for the following reasons: 

Should you choose to add a comment to any posts that we have published, the name and email address you enter with your comment will be saved to this website’s database, along with your computer’s IP address and the time and date that you submitted the comment. This information is only used to identify you as a contributor to the comment section of the respective blog post and is not passed on to any of the third-party data processors detailed in Section 6.0. Only your name will be shown on the public-facing website although if the supplied email address is linked to a Gravatar account, your Gravatar photo will also be displayed. 

Your comment and its associated personal data will remain on this site until we see fit to either 1.) remove the comment or 2.) remove the blog post. Should you wish to have the comment and its associated personal data deleted, please email the DPO using the email address that you commented from. 

If you are under 16 years of age you MUST obtain parental consent before posting a comment on our blog. 



NOTE: You should avoid entering personally identifiable information to the actual comment field of any blog post comments that you submit on this website. 

Should you choose to contact us using the contact form on our Contact us page or an email link, none of the data that you supply will be stored by this website or passed to / be processed by any of the third-party data processors defined in Section 6.0. Instead, the data will be collated into an email and sent to us over the Simple Mail Transfer Protocol (SMTP). Our SMTP servers are protected by TLS (sometimes known as SSL) meaning that the email content is encrypted using SHA-2, 256-bit cryptography before being sent across the internet. The email content is then decrypted by our local computers and devices. 

As detailed in section 3.2 above, if you submit a comment to a blog post published on this website some personal information will be stored in this website’s database. This is currently the only occasion where personal data will be stored on this website. This data is currently stored in an identifiable fashion; a limitation of the content management system that this website is built on (WordPress). In the near future, we aim to change the storage of this data to a pseudonymous fashion meaning that the data would require additional processing using a separately stored ‘key’ before it could be used to identify an individual. 



Pseudonymisation is a recent requirement of the GDPR which many web application developers are currently working to fully implement. We are committed to keeping it as a high priority and will implement it on this website as soon as we are able to. 

Data submitted to us for processing other than defined in Section 4.1 will be securely retained within our Outlook 365 system provided by Microsoft. All data within this system is subject to additional password protection, encryption and 2-factor authentication. We retain only the basic data required to deliver our services to you. This is typically Name, Address, Email address, Subscription start/end details and contact opt-in details. Opt-in is not infinite. We will seek a further Opt-in decision from you every three years. 

We also maintain a list of people who have opted out of receiving communications from our organisation. Should you attempt to opt-in having opted out previously we will contact you to confirm this decision and for your approval to remove you from the opt-out list. All mailings will be screened against our opt-out list. 

We fully support your right to be forgotten which can be applied by writing to our Data Protection Officer at Section 9.0 giving your identifying details and requesting removal of all material from our data systems. Our DPO will conduct a full sweep of all systems and remove your personal data, this includes our opt-out lists. Once complete the DPO will advise you of this action. 

This website is hosted on a server provided and managed by A2Hosting. Details of A2Hosting can be found in Section 6.2.

Microsoft Office 365 is the primary host of British Nuclear Test Veterans Association data storage facility, Microsoft has appointed external Data Protection Officer in accordance with the EU GDPR and the (BDSG Article 4f Para. 1). This person ensures compliance with the act and other provisions relating to data protection and handles tasks in accordance with this legislation. 

Contact Information:
Data subjects may contact the data protection officer by filling out the webform at https://aka.ms/privacyresponse.

The DPO can also be reached by post at: 

Microsoft EU Data Protection Officer
One Microsoft Place
South County Business Park
Leopardstown
Dublin 18
D18 P521
Ireland

Telephone: +353 (1) 706-3117 

The British Nuclear Test Veterans Association use GoDaddy to host their website presence. 
GoDaddy is compliant with the EU GDPR, here are their terms and conditions of service and their privacy code. 

Legal Agreements - GoDaddy UK Respects Your Privacy 

We will report any unlawful data breach of this website’s database or the database(s) of any of our third-party data processors to any and all relevant persons and authorities within 72 hours of the breach if it is apparent that personal data stored in an identifiable manner has been stolen. 

The data controller of this website is: British Nuclear Test Veterans Association, a Foundation Status Charitable Incorporated Organisation registered in Wales No 1173575, whose registered office is:

25 Derwentwater Avenue,

Acklam, Middlesbrough
TS5 7DB

Chair, British Nuclear Test Veterans Association
Telephone: 0208 144 3080
Email: office@bntva.com 

For independent advice about data protection, privacy and data-sharing issues, you can contact the Information Commissioner at: 

https://ico.org.uk/global/contact-us/ 

This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes. Specific policy changes and updates are mentioned in the Change Log below. 

27/01/2021 

Privacy policy instigated.