Chamber of Commerce and Edeal Enterprise Agency
The UK Government introduced the EU’s General Data Protection Regulation (GDPR) on the 25th of May 2018.
Eastbourne unLtd Chamber of Commerce and Edeal Enterprise Agency are dedicated to meet these obligations and protect your personal data. We are aware of the liability we have to ensure that all our suppliers and staff meet GDPR mandates, regardless of their location.
We are committed to review and update our processes to ensure we comply with our GDPR obligations on an ongoing basis and will advise you of any changes we make to the data we manage.
In the event of a data breach we commit to advise the affected individuals within 72 hours of our discovering the breach and we will investigate the matter and take necessary action to ensure the breach does not reoccur. The affected individuals will be advised of any action and where necessary we will advise the appropriate authority (ICO).
A log of breaches is also kept within the office and any action taken.
We will always ask Chamber members how they would like their data presented on our website and in our directory / diary. We will also require permission to use their image when photographs are taken at Chamber events.
We carried out a Privacy Impact Assessment (PIA) before May 25th 2018 and will delete any data that does not need to be retained. (Financial data is retained for six years as required by HMRC.)
All data will be deleted within seven years of a member lapsing, termination of a supply agreement or a member of staff leaving the Company.
New staff will be GDPR trained on induction and coaching will be repeated for existing staff annually.
- Personally Identifiable Information (PII)
We have identified the minimum personal data we should request and retain and we undertake to dispose of any unnecessary data before May 25th. Data is collected online via our website and App, in written format, verbally over the telephone and face to face.
To run the Chamber and Edeal data is held in hard copy and in electronic formats on our websites and digitally at the suppliers listed below under Business Partners and Suppliers.
- Providing visibility and transparency
We commit not to pass any data to a third party, other than those suppliers detailed in this Policy, without permission. As a Chamber of Commerce we will provide details of data retained only to the member, supplier, customer or member of staff to whom the data relates. We shall provide this data within 7 working days of receiving a verified written request to ensure visibility and transparency. Requests for details of data held should be emailed to email@example.com. Emails will be verified before data is sent out.
- Enhancing data integrity and security
Data privacy and data security are equally important. Bank and payment details taken for payment purposes are deleted or shredded immediately after use. All data kept in hard copy format is in filing cabinets located in our offices which are not open to the public. Cloud based data is controlled by our suppliers below.
- Portability and transferability of data
All the data provided and processed by the Chamber and Edeal can be transferred to another company depending on technical feasibility. The Chamber and Edeal provide such data on request in basic Microsoft formats (Word and Excel). Email firstname.lastname@example.org if you would like your data transferred to one of our competitors. Data will not be transferred until the email request has been verified.
Business Partners and Suppliers
To run the Chamber of Commerce we use software provided by suppliers from across the globe. These are our suppliers and business partners: Microsoft Office 365, Xero accounting software, Zoho CRM software, Google Documents, Business On-Demand, Mobile Applications, Surveymonkey, Mailchimp, Eventbrite, Facebook, LinkedIn, Twitter, PRG, Switchplane, WordPress, Weebly, CloudConnx, Southern IT, M-Tech, AFH Payroll, ESCC, Paypal, Go-Cardless, PaymentSense, Natwest, HSBC, Metro Bank and the Bank of England. We also supply your name and business address to Platinum Publications so that members can receive our business magazine, ACESussex, by post. For full details of the data held about you at any of these business partners please email your request to email@example.com . We will verify that you have requested this information before replying with your data by email.
Historic information about the Chamber and Edeal is kept at The Keep in Falmer, a secure facility run by East Sussex County Council. They retain all Chamber and Edeal information in the public interest and have securely destroyed any other data that was held in our historic files.
All these suppliers have committed not to use our data for any other reason and will not pass it on to a third party.
Should the needs of the business dictate that we change or add a supplier, we commit to ensure that any new supplier is also committed to observe GDPR.
What does this mean for our members, suppliers
Members of the Chamber of Commerce are deemed to have legitimate interest in the activities of the Chamber and so we will continue to communicate our activities to them. Once a member relinquishes membership we will remove them from our communication channels and delete their data after seven years.
EDEAL clients are asked to confirm verbally that they are happy for their personal data to be stored. A copy of this policy is also available at the EDEAL website, and confirmation emails are sent with details of how to view.
We will be encrypting emails we send which contain personal data.
We will perform data audits annually as part of our ISO quality management process.
The GDPR rights we will observe
- The right to be informed. An individual can ask for details of the data we hold about them and how it is held. We commit to give them this detail within 72 working hours of receiving a verifiable email from them to firstname.lastname@example.org where Jill Benjafield will be our primary point of contact for GDPR queries.
- The right of access. An individual wishing to understand the data held about them can request details of that data by email. We commit to provide the information within 72 working hours.
- The right to rectification. If we hold incorrect personal data about an individual, on receipt of a verifiable email we commit to put it right within 72 working hours.
- The right to erasure. If an individual would like us to remove data about them we will remove it within 72 working hours on receipt of a verifiable email. This will exclude any financial data we are required to keep for six years by law.
- The right to restrict processing. If an individual objects to any data held about them, they have the right to restrict any further processing of that data.
- The right to portability. We will provide any personal data held electronically to any third party on receipt of a verifiable email request from the individual to whom the data refers.
- The right to object. An individual can object at any time to any personal data we hold about them. They must email the details to us and we will amend it or delete it within 72 working hours (subject to financial regulations and legal considerations).
- The right to understand any automated decision making. Neither the Chamber nor Edeal use automated decision making.
Responses to data requests will be provided only on request of the person to whom the data relates or an authorised third party with power of attorney. Requests should be made by email to email@example.com where they will be considered and responded to as above. Verification will be made by telephone to a previously known telephone number.
Please note that emails will be verified before data is adjusted in any way.
GDPR privacy statements from our suppliers
We have checked the privacy policies and GDPR statements of our suppliers. (See links below). We will also request signed statements from smaller, more local suppliers to ensure that they protect the personal data they hold on our behalf and do not pass it on to any third party.
Microsoft GDPR Statement
Zoho GDPR Statement
Xero Privacy Statement
Google GDPR Statement
SurveyMonkey GDPR Statement
Mailchimp GDPR Statement
East Sussex County Council
The Bank of England
Natwest Privacy Statement
Metro Bank Privacy Statement
HSBC Privacy Statement
Paymentsense Privacy Statement
WordPress GDPR Statement
Eventbrite GDPR Statement
The following suppliers will provide a written declaration that they understand and observe this policy before May 25th 2018.
Business On Demand – CRM set up and training
CloudConnx – Cloud services
ESCC - The Keep
M-Tech – IT support
Mobile Applications – Chamber App management
PRG – managing the Chamber website
Southern IT – IT and telephony support
Switchplane – managing the Edeal website
Edeal Business Consultants
We understand and agree the General Data Protection Regulations which came into effect on May 25th 2018.
Under GDPR we commit to use data provided by Eastbourne unLtd Chamber of Commerce and Edeal Enterprise Agency according to their GDPR policy above.
We will not pass any data they provide to a third party.
We will destroy any personal data once it is no longer in use.
In the event of a data breach we will advise all the individuals affected by the breach within 72 hours of the breach occurring.
We will observe all the GDPR rights detailed in the policy.
Signed By (Name) ______________________________________________________
For (Company Name) ______________________________________________________
I understand and agree the General Data Protection Regulations which came into effect on May 25th 2018 as set out in this policy document.
Under GDPR I commit to use data provided to Eastbourne unLtd Chamber of Commerce and Edeal Enterprise Agency according to the GDPR policy above.
I will not pass any data provided to any third party other than the authorised suppliers detailed in this policy. I understand that any new suppliers who handle personal data will be required to sign the Suppliers Declaration above.
I will destroy any client personal data once it is no longer in use after six years.
Bank, debit and credit card data will be shredded immediately after it has been used.
In the event of a data breach I will make the Company aware immediately so that we can advise all the individuals affected by the breach within 72 working hours of the breach occurring.
I will observe all the GDPR rights detailed in this policy.
Signed By (Name) ______________________________________________________
Why I'm a Member
"They're dynamic and ambitious on behalf of business, making sure we're heard. If something's stopping you prosper they want to know what"
Laura Murphy - MTC2