ARMD Data Protection Policy

Your Data

This policy is for all active, renewing and new members of Australasian Royal Mercenary Division (hereafter referred to simply as “ARMD”); it applies to the processing and storage of your personal data by ARMD. Your data is retained in the ARMD Member’s Database (database), in the ARMD Academy database and in other ARMD site databases with reasonable use and control to your data as outlined in this document.

Use of your data during your application to join ARMD
As a new applicant to join ARMD, you consent to the processing, retention and sharing of your personal data (see Data Index, below) for the purpose of applying for membership and providing required, and perhaps optional, data to allow ARMD the ability to send membership materials or other communications as necessary. You can withdraw your consent and request erasure of your data at any time by notifying Membership Processing or any member of the Executive Committee and submitting a ticket with the ARMD Leadership.

Use of your data as an active or renewing member of ARMD
As an active or renewing member of ARMD, your data will be retained and shared by officers of the organization for the reasonable purpose of managing your membership. Officers can include, but are not limited to, the Admiral(CO) or Commodore (XO) and certain members of his/her staff, and the Leadership Group members. Reasonable purposes can be but are not limited to:

• Processing your renewing membership application;
• Evaluating your performance in ARMD for awards or rank;
• Recording your progress in ARMD;
• Receiving communication from ARMD;
• Processing payments (new members, renewals, payments for Quartermaster purchases, etc.);
• Documentation of monthly chapter activity;
• Operational management of the Org;
• Access to the ARMD Academy

Data Retention
Your personal data is retained in perpetuity by ARMD while your membership remains active. When your membership has expired, in the absence of an immediate request for deletion, your data will be retained in the database for five (5) years for the only purpose of a possibility of your return. As an expired member, you are not included in communications, are removed from email lists and groups and are protected from unauthorized use.

Data Storage
Your personal data used for ARMD’s Member Database and other sites (ARMD Academy, the armd.com.au website, etc.) is stored in ARMD’s databases supporting each of those sites which, at this time, are wholly located in Australia.

Site Cookies

The ARMD sites use cookies for various tracking of logins, sessions and other things. Further, we use third party applications such as WordPress and Moodle that have their own usage of cookies as well. Where possible and within our control, we do not use cookies for the storage of private data.

Opting Out
You may withdraw your consent and request that we stop storage and use of your data by ARMD upon request. Note that this means a full termination of your membership with ARMD. Continued membership in ARMD involves a continued consent to storage and use of your private data.

Data Index
The ARMD Member Database collects and retains the data listed here for each member – this list includes all data kept per member and not just personal/private data. Note that data is marked as “Required,” “Optional,” and “Internal.”

• Required data: data which is required for the keeping of your membership
• Optional data: data that is collected and used only for fun. Optional data is not required to be provided for the normal processing and handling of your membership.
• Internal data: data which is kept by the database but is not provided by the member.

Note that this list is the data kept by the Membership database. The ARMD Academy and various other sites collect just a few of these same data items.

• UEE Citizen Record number (required – internally provided)
• Full name (required – provided by member)
• Physical address (required for physical mailings as needed – includes street address, city, state, zip, country – provided by member)
• Phone number (optional – provided by member)
• Email (required but can opt out of emails – provided by member)
• Date of birth (optional/sometimes required, see DoB provision below – provided by member)
• Join date (internal – created when first applying for membership)
• Membership type (internal – generated when applying for membership)
• Rank (internal – role play and merit based – generated by various means)
• Username (required, assigned, can be changed – initially generated by database)
• Password (required, assigned, can be changed – initially generated by database)
• Database permissions (internal – generated by database, changes depending on job functions)
• Last login date/time (internal – generated by database when accessing)
• Member awards and Academy class results (optional to take – generated by various events: academy classes, awards for service, etc.)
• IP (internal, provided by access to database)

Other Third Party Data Access
ARMD will not give or sell your private data to any person or entity outside of ARMD without the approval of the Central Command. This approval must be in writing, providing the name of the person or entity receiving authorization, the date the approval was granted, and, if the authorization is for a limited time, the start and end dates. The only exception to this policy is in the event the information is being provided by a member of the International Staff while performing their appointed duties, pursuant to this document and/or the Bylaws, or while ensuring the daily operations of the organization are being performed. In all cases, the membership must be informed ahead of time, when possible, and the member has the right to reasonably opt-out.

Access to Your Data
Some members of ARMD are granted elevated access rights to member information in order for them to carry out their job responsibilities. Those members are expressly prohibited from using, retaining for personal use or providing any other party or entity with member information for purposes other than their specific job requires. Any member with elevated access rights to member information who are found to have misused member information may be subject to disciplinary measures as deemed necessary and appropriate pursuant to the ARMD  Regulations 2947. The matter may also be referred to the appropriate civil or criminal authorities.

Loss or breech event
In the event of an external breach of information ARMD will, as deemed necessary and appropriate, contact our third-party vendors to determine the nature and severity of the breach and may choose to contact the appropriate authorities to resolve the incident. A full report of the incident will be provided to Central Command. Members may be contacted to advise them of the matter as deemed necessary and appropriate by the Admiral of ARMD or their representative.

In the event of an internal breach of information ARMD will, as deemed necessary and appropriate, conduct an internal investigation of the matter in order to determine the best course of to address the incident. A full report of the incident will be provided to Central Command. The Admrial of ARMD shall contact the Chief Justicar to temporarily suspend the access rights to electronic records and/or require physical records to be returned to the Admiral pending the outcome of actions, if any, by the Central Command and/or ARMD Leadership Group.

Members may be contacted to advise them of the matter as deemed necessary and appropriate by the Admiral of ARMD or their representative.

Data Protection Officer
The duties of a Data Protection Officer will be a collateral duty assigned to the sitting Secretariat.

Rev. 202211-20