The data controller for all personal data collected is Herefordshire & Worcestershire Chamber of Commerce with its registered office at Severn House, Prescott Drive, Worcester, WR4 9NE. This means that we are responsible for deciding what data we collect and how we hold and use your personal data. We will implement appropriate data security measures for protecting the data from unauthorised access and loss, as laid out in the Security section of this Policy.
The Chamber collects and maintains a variety of personally identifiable information, including names, email addresses, phone numbers, payment information, social media profiles, business addresses, demographic information such as the local authority area or industry sector of the business and details of Chamber services the users may be interested in such as, but not limited to, international trade opportunities, events and training courses. The Chamber collects information directly from individuals or from the company of the individuals. The information could be collected through e-mails, phone calls, online registration forms, event registration forms and face to face meetings and any other processes. The Chamber does not collect personal data about individuals except when there is a legitimate business requirement or when such information is provided on a voluntary basis.
Purpose of Processing
The personal data collected is used by the Chamber to give you information relating to Chamber membership, the Chamber’s website, other Chamber services, customer administration, prospecting new members, account management, to process and respond to queries received from the public or other relevant stakeholders, to contact you to seek your views or comments on emerging political or economic issues and to send marketing communications on the Chamber’s behalf. The Chamber may perform statistical analyses of user behaviour and characteristics to measure interest in and the use of various sections of the website. The personal data held by the Chamber may also be used on an aggregate basis without any personal identifiers to provide third parties with information, such as the composition of membership, and to help us develop new member services and products, improve the features and content of the website or other marketing material, and to provide sponsors and others with aggregate information about our members, website users and their usage patterns in relation to services and/or the website.
If you or your company are a current member of Herefordshire & Worcestershire Chamber of Commerce, opting out of promotional emails will not stop all communication from us. By becoming a member of the Chamber, your firm is signing you up to receive certain information related to the organisation to provide contractual services to you.
If you are not a member of the Chamber or if your or your company’s membership has lapsed, you can choose to opt in or out of further contact with us. We also receive non-member data through networking (e.g. business cards, event registrations) and add these details, if relevant, onto our CRM or other data management system. We may on occasion purchase ‘opt-in’ data (lists from reputable providers) for promotional campaigns.
The British Chambers of Commerce: The Chamber is part of a network of Chambers of Commerce across the UK accredited by the British Chambers of Commerce (BCC). One purpose of the Chamber is to “influence the function of …any governmental body”. We will provide BCC with your company’s email address in order for BCC to conduct research into the impact of policies on your business.
What does the BCC do with your data? BCC will not contact your business for any other purpose other than to notify you of an opportunity to respond to a national policy survey. Each year, BCC conducts around five surveys which directly help us develop and shape Government policy across a range of areas, including business taxation, international trade, and employment. The data from these surveys are completely anonymised and aggregated so that individual responses cannot be identified. The anonymised data are then presented in closed briefings with stakeholders across UK Government, and shared publicly through BCC’s press team.
The purpose of carrying out the surveys is to produce reports, which BCC and the Chambers can then use in their activities in promoting and protecting the interests of UK businesses; in other words, they are part and parcel of the function and purpose of BCC and the Chamber. There is never any marketing or commercial purpose to the surveys, and BCC does not carry out surveys on behalf of any third party.
You can contact us if you do not wish to be contacted by BCC, and you will have the opportunity to unsubscribe from BCC’s research mailing list at any point.
The personal data collected is stored in the Chamber’s CRM system and other appropriate data management systems, both paper based and electronic. Personally identifiable information will only be disclosed to third parties where contractual non-disclosure agreements are in place or if permission has first been obtained from the user. The data will not be transferred to any agency located outside the EU. At regular intervals, we will:
- review the length of time we keep your personal data for
- consider the purpose or purposes for which we hold your personal data for in deciding whether (and for how long) to retain it
- securely delete information that is no longer needed for that purpose or those purposes
- update, archive or securely delete information if it goes out of date.
The Chamber uses reasonable measures to safeguard personally identifiable information. The implemented measures will be appropriate to the type of information maintained and compliance with all relevant legislation governing protection of personal information. Measures are implemented to preserve the confidentiality, integrity and availability of the personal information. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to employees, contractors or agents who have a legitimate business need to have access to that data. The employees, contractors or agents will process your personal data in accordance with our instructions. They will be subject to a duty of confidentiality and due care with respect to handling the personal data. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so. The Chamber’s employees are trained on data security and information protection. Relevant areas of the Chamber’s website will employ Secure Socket Layer (“SSL”) or Transport Layer Security (“TLS”) encryption technology to enhance data privacy and help prevent loss, misuse, or alteration of the information collected and retained by the Chamber.
Links to Third-Party Sites
The Chamber is a membership organisation and for its contractual and legitimate business interests, must maintain contact information on its members and the wider business community to communicate information on membership, events, training courses, policy and research, international trade and any other Chamber products or services. The Chamber also sends promotional material promoting its events, training courses, membership services, business support services, policy and research work and other relevant offerings. From time to time, the Chamber collaborates with other relevant organisations and companies to promote other programs that may be of interest to members and the wider business community. In such cases, the Chamber does not provide these organisations with any personally identifiable information but may distribute the organisation’s information on their behalf to those who may legitimately be benefited from receiving such information or have elected to receive such information. If you do not wish to receive marketing material, you may opt out. Every marketing e-mail will include an ‘unsubscribe’ link at the bottom. You may also notify the Chamber in writing as set out below.
We may use third party provided tools to manage our social media interactions. If you send us a private or direct message via social media the message may be stored by these third party tools. Like other personal data, these direct messages will not be shared with any other organisations.
Access, Review and Correction
The General Data Protection Regulations gives you the right to access your personal data held by us (“subject access request”). If you have an established business relationship with the Chamber, you may request from us a list of the categories of personal information held about you. Subject access requests must be made in writing to the details below. We will endeavour to respond to the request within a reasonable period and in any event within one month as required by the relevant provisions in the GDPR.
It is important that the personal data we hold about you is accurate and current. We will take all reasonable measures to ensure that the personal data we hold about you is accurate. We have also implemented procedures to enable you to review and correct your personal information, should there be any changes to your circumstances or errors in the gathered data. When you make a request to access or review the personal data we hold about you, we will request you to verify your identity before the request can be fulfilled.
In addition to the rights of access, review and correction, you have the right to object to your personal data being processed for any particular purpose, or to request that we stop using your information. If you wish to exercise these rights, please e-mail email@example.com or send a letter marked “Data Protection” to the Chamber’s offices at Severn House, Prescott Drive, Worcester, WR4 9NE. If you have further concerns about how we use your personal data, you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the data protection authority for the UK. Please visit https://ico.org.uk/ for more details on your data protection rights and how to contact them.