Data Protection: Privacy Notice – Fair Processing Notice
In order to meet its responsibilities Spelthorne Business Forum (SBF) collects, holds and processes members’ data. Personal data you supply to the SBF is processed in accordance with the Data Protection legislation.
Data Protection Officer
The role of a Data Protection Officer is to manage the compliance with Data Protection legislation by providing advice, guidance and training on the handling and sharing of personal information.
Spelthorne Business Forum’s Data Protection Officer may be contacted by emailing firstname.lastname@example.org .
This page tells you about what we do with your data.
Personal data is information that relates to a living individual who can be either:
- identified from that data or
- can be identified from the information combined with any other information that is in the possession of the person or organisation holding the information
Basic personal data includes name, address, date of birth, telephone numbers, and bank account details. Special category data (sensitive personal data) includes racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic or biometric data, physical or mental health conditions, sex life or sexual orientation.
Data controller means the organisation that determines how data is processed. Spelthorne Business Forum is the data controller for personal data that it processes. We are legally required to comply with the Data Protection Principles.
Processing of personal data is defined very widely in Data Protection legislation. It covers all actions and processes involved in obtaining, recording, holding and carrying out any set of operations on, storing or destroying personal data.
Data subject is any living individual who is the subject of personal data.
You have the following rights:
- you have the right to be informed via Privacy Notices such as this
- you have the right to request access to and to receive a copy of any information free of charge we hold about you (including in an electronic format) – to request a copy of this information you must make a subject access request to our Data Controller
- if you find that the information the SBF holds about you is no longer accurate, you have the right to ask to have this corrected
- you have the right to ask us to erase your personal data
To exercise any of these rights contact the Data Protection Officer.
You also have the right to make a complaint to the Information Commissioner’s Office (ICO). This is an independent body responsible for making sure that organisations comply with Data Protection legislation.
The ICO will always expect you to have raised your concerns with us before submitting a complaint.
Using your personal data:
The SBF will only use your personal information when it has a legitimate basis for doing so and will process it in a fair and lawful way, including in the following circumstances:
- to allow us to be able to communicate with you and provide the events and communications that the business forum offers
- to plan, monitor and improve the performance of those services
- to reply to emails from you
- Supplying you with emails which you have opted in to ( you may manage your preferences surrounding this at any time)
- Analysing our membership and your use of our site to allow us to continually improve our members’ experience.
Sharing your personal data:
Spelthorne Borough Council are patrons of the SBF. As a result members of the Economic Development Team have access to your data and use it support the operation of the SBF. You can find details of the Spelthorne Borough Council Data Protection Policy here. To provide you with an efficient and effective service we will also sometimes need to share your information with our other partner organisations.
We may disclose your information to others, but only where this is necessary, either to organise an event or as permitted by Data Protection legislation. This includes where it is necessary to allow a third party working for or acting on behalf of the SBF, to provide a service to its members.
We will never share your information for marketing purposes. In certain circumstances we may be legally required to share your data , which may include your personal data, for example to comply with a legal requirement, a court order or a governmental authority.
Collecting your personal data:
We may collect personal information from you, in all of the following ways:
- paper, electronic or online forms
- website, or
- face to face
Keeping your personal data:
We do not keep your data for any longer than is necessary to perform the services you have requested as part of your membership of the SBF. Data will be retained on the Mail Chimp website as per their own Privacy Notice. Data collected and sent to us via email will be retained to allow us to track our membership and attendance at events for an indefinite period unless you ask us to remove it.
Using our website:
Please note that we have no control over how your data is collected, stored, or used by other websites and we advise you to check their privacy policies before providing any data to them.
If you email us we will make a record of your contact and your email address. For security reasons we advise you keep the amount of confidential information you send to us via email to a minimum.
How and where do we store your data?
Your data is stored using third parties processors that we have approved and chosen to help to provide these services. We use UK based hosting services for our website and Google mail for our email services. We also use Google Analytics to allow us to track how our website is used.
Data security is very important to us and to protect your data we have taken suitable measures to safeguard and secure data collected through our website. Where we use providers based in the US we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between Europe and the US. For further details please see European Commission: EU-US Privacy Shield.
We use secure and encrypted communications when using email, website and synchronising of data, using HTTPS.