AndyK wrote:Psamathe wrote:(Recognising my personal strict attitude to privacy) I'd say it looks like they [Cycling UK] have passed details about you (name, contact info, maybe more) to a 3rd party [goassemble.com] without your permission. Have they already given you the Privacy policy of goassemble.com, explained the way goassemble.com protect your information, told you about the jurisdiction of goassemble.com (e.g. US vs EU have very different laws about who can get access to your information), etc. and done all this in advance os passing them your details. (I assume not as you were unaware of what it was about).
Ian
Assemble is not a company, it's an online system for volunteer management which Cycling UK makes use of. In UK GDPR terms, Cycling UK is the Data Controller and Assemble (specifically a UK company called DutySheet Ltd, I believe) is the Data Processor. So no, Cycling UK has not passed MickF's data to a third party. The communication is from Cycling UK. To send that communication, it has made use of a service provided by a technology company which complies with UK GDPR regulations on the role of the data processor.
I trust that answers your question.
Every additional server your details are uploaded to is an additional opportunity/risk they will be hacked. So everybody (maybe unconsciously) decides on their comfort levels somewhere between going off-grid and responding with bank account details to every Nigerian Princess. The relevant thing is that it is the individual who makes their own decision and when somebody provides a company/organisation with their details it is not for that company to decide how far and wide to distribute that information.
These "3rd party services" are gradually becoming more disreputable. e.g. my mainstream security blocking software now classes a e-mails from MailChimp as junk (just based on it being from MailChimp) and try and unsubscribe using a browser link and the sites are blocked.
Another server (with real name, e-mail address and who knows what else) at a different data centre with different (unknown) levels of security in the US, operated by a US Data Centre company (Securi), in my opinion the individual should be given the opportunity to opt-out in advance of their details being uploaded.
Ian