Privacy Policy

GDPR and what it means for you and the FoB

This privacy policy describes how The Bangor University Center for Mindfulness Research and Practice (CMRP) Alumni Group also knows as The Friends of Bangor and also knows as The FoB, collects, use and share service related information about you. The group is internet based and do not have a physical address but can be contact through the CMRP postal address, marked for the attention of The FoB.

When you create your account we will ask for some personal information that may include name, address, email, phone number, other information necessary for your membership.

Why we collect and how we use your data. We collect this data so we can communicate with you and user your name in all communication from us. We need to send out our newsletter using your postal address. We need to let you know about our news and events on a monthly basis and we use your email address for this.  We may need to contact you in regards to an event you have registered for and we may use your phone number for this.

We do not share your data with any third parties and we do not use your data for online advertisements. As the hosting platform is managed by the Mindfulness Network, their staff will have access to your data, but likewise, they are not sharing or using your data for advertisement.

Below are more information on how you can manage your data we hold.

Data Subject Rights

In plain English, a data subject is any EU citizen from which the FoB are collecting personal data. GDPR compliance requires data subjects be granted certain rights. What follows is not an exhaustive list, but those rights that are relevant to the collection, processing, and storage of personal data on the FoB WordPress website.

Request Consent

Explicit consent has to be obtained before data collection can take place. In other words, before the user submits the form, they must be made aware that this form is collecting personal data with the intent to store that data. The FoB is also responsible for letting the user know how that data will be stored and used.

How the FoB meets this rule:  Each data collecting form has a confirmation tick-box where the user confirms agreement with the FoB collecting, storing and using the personal data as intended and explained in the form.

Right to Access. Data subjects must be able to request and obtain confirmation that data is or is not being collected on them, and if so exactly what data is being collected, how, where, and for what purpose. That data must also be provided to them in an electronic format free of charge on request.

How the FoB meets this rule: The FoB has a Data Information Request form that the user submits to request the personal data held.  Click HERE to use this form and request the data.

Right to Be Forgotten. Data subjects must be provided a quick and painless way to withdraw consent and have collected data purged.

How the FoB meets this rule: The FoB has a Data Information Request form that the user submits to delete the personal data held.  Click HERE to use this form and request the data.

Data Portability. Similar to the Right to Access, Data Portability requires that data subjects are able to request, obtain, and/or transfer possession of collected data at any time.

How the FoB meets this rule: The FoB has a Data Information Request form that the user submits to obtain the personal data held.  Click HERE to use this form and request the data.

Breach Notification. If a breach/unauthorized access of personal data takes place that is likely to “result in a risk for the rights and freedoms of individuals”, notification must be made within 72 hours of becoming aware of the breach.

How the FoB meets this rule: The FoB will notify the user of any breach that is likely to “result in a risk for the rights and freedoms of individuals”, within 72 hours of the FoB becoming aware of such breach.