Produced in conjunction with Derek Mann DVMann Consulting Ltd GDPR Consultant Advisor
Updated 31st January 2018
The Horley & District ‘Chamber’ of Trade and Commerce (the ‘Chamber’) is committed to handling your Personal Information in a responsible manner, and provide the appropriate safeguards. The ‘Chamber’ follows the guiding principles of the General Data Protection Regulations (GDPR) and the Privacy of Electronic Communications Regulations 2003 when it comes to your protecting your data.
The Chairman of the ‘Chamber’ is the Data Controller as defined by the GDPR and can be contacted by email at firstname.lastname@example.org and/ or telephone +44(0)1293 894444
The ‘Chamber’ is a membership organisation for local businesses to participate and become part of a supportive local business community. A membership fee is payable upon joining and thereafter an annual subscription is payable. The member ship fee pays, in part for the inclusion of your PII on the annual business directory distributed by leaflet drop to households in the local area.
This Privacy Statement describes our practices for collecting, storing and processing your Personally Identifiable Information (PII) and the controls we provide you to manage it. Personal Information is any information that can identify you, such as your name, email or street address, or it may be information that could reasonably be linked back to you, including your genetic and biometric information.
We collect your PII at the point you complete a Contact Form requesting information about membership. We process and store your PII during the period you engage in submitting the membership form and retain that PII for the duration of your membership of the ‘Chamber’.
If you decide not to become a member after the initial contact, we will delete your PII from our servers.
We collect PII about you in order to enter into a commercial relationship, this can be at an early stage (pre-engagement) and/ or at contract stage. As such we do not rely on your consent to collect and store your data as without the data we collect, we cannot provide the membership services for you. Therefore, processing is necessary for the performance of a contract with you, or to take steps to enter into a contract with you. Additionally, processing may be undertaken for the purpose of furthering the legitimate interests pursued by the ‘Chamber’, except where such interests are overridden by the interests, rights, or freedoms of you, the data subject.
We will request your explicit consent to send you our newsletter which may contain marketing material.
We will request your explicit consent to include your PII as provided in our printed business directory which is distributed to households in the local area.
PII we collect from you
Contact Information – includes your name, business name, address, email address and your phone number(s).
Use of Your Personal Information
We use your PII to allow the ‘Chamber’ to engage with you to provide membership services, such as information regarding committee meetings or network events.
When we share your information
The ‘Chamber’ does not share your PII with third-parties without your additional consent other than as described in this Privacy Statement.
Changes to this Statement
We may modify this Privacy Statement at any time, but we will provide prominent advance notice of any material changes to this Statement, such as posting a notice on our websites or sending you an email, to provide you the opportunity to review the changes and choose whether to continue using the Services.
Any PII we collect, hold and process is retained on servers based in the UK. We maintain reasonable and proportionate security measures on our computer equipment and have a written agreement in place with our ‘cloud’ host in relation to their processing activities on our behalf. Access to data is restricted to those who have a legitimate reason to retrieve it.
We do not transfer personal data to any third-party recipient other than our Data Processor in the UK
The data we collect directly from you is the minimum we require to facilitate the lawful processing described above. PII placed on our system will be deleted as soon as practicable after termination of a commercial contract between us.
Any PII collected and processed for finance purposes will be held for the maximum time as determined by any legal requirement (normally 3 years)
Your rights as a data subject
The regulations provide a number of rights to you as the Data Subject. The ‘Chamber’ is committed to upholding those rights, and those applicable to the PII we collect and process are listed below. In addition to these rights, you have the right to escalate any concern to the Supervisory Authority, which in the UK is the Information Commissioners Office https://ico.org.uk. A full and detailed explanation of all rights can be found at https://ico.org.uk/for-the-public/
• Right of Access – you have the right to know what personal information is held, by whom and why. You can send a Subject Access Request to see what personal information and any supplementary information relating to you is held by us. We will provide you with the information we hold within one month of your request, unless the provision of that information is particularly complex. In which case, we may extend the deadline by a further two months. This information will be provided free of charge unless you require multiple copies of the same information, in these circumstances, we retain the right to charge a reasonable administrative fee.
• The Right to Rectification – If the information we have collected and processed is inaccurate or incomplete, you have the right to have it rectified. We will respond to your request for rectification within one month, unless the request is complex or multiple.
• Right to Erasure – You have the right to have your personal data erased and to prevent processing in some specific situations, these include:
o Where personal data is no longer necessary regarding the purpose for which it was originally collected
o When you withdraw consent
o When you oppose the processing and there is no superseding legitimate interest for continuing the processing
o If the personal data was unlawfully processed (i.e. otherwise in breach of the GDPR)
o If the personal data must be removed in order to comply with a legal obligation
o If the personal data is processed in relation to the offer of information/ society services to a child.
o Right to Restrict Processing – If you contest the accuracy of the personal data we hold, we will restrict the processing of your data until accuracy is verified. The restriction of processing can occur for other reasons too, such as if you require us to retain your data in the advent of a legal claim.
o Right to Data Portability – You have the right to move, duplicate or transfer your data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
How to contact us
You can write to the ‘‘Chamber’’ at this address:
The Horley & District ‘Chamber’ of Commerce
4 Greyhound Slip