General Data Protection Regulations (GDPR)

The General Data Protection Regulations enters into force in the European Union on Friday 25 May 2018.

SUEPO takes your privacy seriously. We are a ‘controller’ of the personal information that you provide to us. This privacy notice sets out how, why and for how long we will use your personal data, as well as who it is shared with. It also explains your legal rights as a data subject and how to exercise them.

What we need from you
When you apply to become a member or renew your membership we may ask you for some or all of the following personal information:
  • Contact details – name, address, email address and phone number.
  • Employment status – active, non-active (invalid), retired.
  • Grade and step at the EPO – to calculate membership category.
  • Payment details – bank account number.
If you do not provide us with all of the personal information that we need, this may affect our ability to offer you our membership services and benefits.

Why we need your personal information – contractual purposes
We need to collect our members’ personal information so that we can manage your relationship with us. We may use our members’ personal information to:
  • Provide you with core member services, including confirmation of membership, renewal notices / notices of payment.
  • Respond to your requests for assistance by the Union.

Why we need your personal information - legitimate purposes
We also process our members’ personal information in pursuit of our legitimate interests to:
  • Provide you with news and updates about the Union’s events and meetings.
  • Provide you with Union-related information and relevant information about your working conditions, and information about events of the Union.
  • Respond to and investigate your questions, comments, complaints, concerns or allegations.

Other uses of your personal information
We might ask you if we can process your personal information for other purposes, such as online surveys. Where we do so, we will provide you with an additional privacy notice explaining how we will use your information for these purposes.

Who we share your personal information with
We may be required to share personal information with statutory or regulatory authorities to comply with statutory obligations. We may also share personal information with professional and legal advisors for the purpose of obtaining advice.

Third party suppliers with access to members’ personal data
The Union may use third party suppliers to provide services, such as running online surveys. These Suppliers may process personal data on our behalf as ‘processors’ and are subject to strict contractual conditions to only process that personal information under our instructions and protect it.

In the event that we share personal information with external third parties, we only share such information strictly required for the specific purposes and take reasonable steps to ensure recipients shall only process the disclosed personal information in accordance with those purposes.

How we protect your personal information
Your personal information is accessed by our Committee members and by our Administrative Assistant(s) only for the purposes set out above. It is stored by the Union in an electronic format. Access is password protected and there are firewalls in place to protect against external breaches. All paperwork records are held in a secure filing cabinet. Your personal data is transferred electronically into our database which is password protected.

How long we keep your personal information
We only keep your personal information for as long as necessary to provide you with membership services. Unless you ask us not to, we will review and delete your personal information where you have not renewed your membership with us for 2 years, or upon resignation from the Union.

You have a right to:
  • Change your communication preferences or restrict the processing of your personal data for specific purposes
  • Request that we correct your personal data if you believe it is inaccurate or incomplete
  • Request that we delete your personal information
  • Access the personal information that we hold about you through a ‘subject access request’.

If you have any question about this notice of privacy, please contact the administration of SUEPO at

You can download the General Data Protection Regulations here.