Introduction
The UK Government recently introduced the EU’s General Data Protection Regulation (GDPR) ensuring compliance from May 25th 2018.
This means that EU residents have a greater say over how, why, what, where and when their personal data is used, processed, or disposed of. GDPR clarifies how personal data laws apply, even beyond the borders of the EU. This means that any organization that works with your personal data, irrespective of their location, has an obligation to protect your data.
Eastbourne unLtd Chamber of Commerce is dedicated to meet these obligations and is aware of the liability we have to ensure that all our suppliers meet GDPR mandates, regardless of their location.
Our Commitment
Over the years, we have demonstrated our commitment to data privacy and protection by meeting the industry standards for ISO 2001:2015. We have had a Data Protection Policy since 2013 and all our staff have signed their agreement to demonstrate their commitment to your privacy.
We recognize that GDPR helps us maintain the highest standards of protection for your data.
In the unfortunate event of a data breach we commit to advise you within one working day 72 hours of our finding out about the breach.
Business Partners and Suppliers
To run the Chamber of Commerce we use software provided by suppliers from across the globe. At present these include Microsoft Office 365, Xero accounting software, Zoho CRM software, Google, Mobile Applications, Surveymonkey, Mailchimp, Eventbrite, PRG, WordPress, CloudConnx, Southern IT, AFH Payroll, Paypal, Go-Cardless, PaymentSense, Natwest and Metro Bank.
Historic Chamber data is kept at The Keep in Falmer, a secure facility run by East Sussex County Council. They retain all Chamber information in the public interest and have securely destroyed any other data in our historic files.
We ensure that all our suppliers commit to GDPR and, should the needs of the business dictate that we change or add a supplier, we will ensure that any new supplier is also committed to observe GDPR. All these suppliers have committed not to use your data for any other reason and will not pass it on to a third party.
This contract also includes the need for the supplier to disclose any data breach to us within 48 hours so that we can advise you within 72 hours of the breach.
Our data is backed up three times a day to two separate locations.
How we manage GDPR
As you know, we are the largest town-based Chamber of Commerce in the South East and we exist to promote our members businesses. To do this we already ask you how you would like your data presented on our website and in our directory / diary. We also ask you for permission to use your image when photographs are taken at Chamber events.
We understand our obligation to help you manage GDPR and have run a series of workshops to help members who need assistance to be aware of their obligations. If you would like us to run another GDPR seminar, please let us know.
We analysed our GDPR requirements with the help of advisers from within the Chamber and have put in place this GDPR Privacy Policy Statement. We have carried out an Impact Assessment and we deleted any data that does not need to be retained. (Financial data is retained for seven years as required by HMRC.) Other data will be deleted within two years of a member lapsing, termination of a supply agreement or a member of staff leaving the Company).
What does this mean for our members, suppliers and staff?
Our Outlook emails are automatically encrypted by Microsoft 365 to or from any other Microsoft 365 user. If you would like to make sure your emails are encrypted please contact your Microsoft 365 provider.
We can provide access to details of data held about you. Just email your request to info@eastbournechamber.co.uk and we will respond within one month. We will delete your data on request, just email us at this address. (With the exception of financial data which must be kept for seven years.) We will delete your data if it has not been used for two years (other than financial data).
Hard copy data is held in our office which is not open to the public. Personal details are kept locked away.
We will perform data audits annually as part of our ISO quality management review.
Wee will continue to introduce members to each other as part of our legitimate business.
GDPR privacy statements from our suppliers
Microsoft GDPR Statement
https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx
Zoho GDPR Statement
https://www.zoho.com/gdpr.html
Xero Privacy Statement
https://www.xero.com/ie/about/terms/privacy
Google GDPR Statement
https://privacy.google.com/businesses/compliance/#?modal_active=none
SurveyMonkey GDPR Statement
https://www.surveymonkey.com/curiosity/surveymonkey-committed-to-gdpr-compliance
Mailchimp GDPR Statement
https://kb.mailchimp.com/accounts/management/about-the-general-data-protection-regulation
Natwest Privacy Statement
https://www.natwestmarkets.com/content/dam/natwestmarkets_com/pdf/natwest-markets-privacy-notice.pdf
Metro Bank Privacy Statement
https://www.metrobankonline.co.uk/about-us/privacy-and-security
Paypal Privacy Policy
https://www.paypal.com/en/webapps/mpp/ua/privacy-full
Paymentsense Privacy Statement
https://www.paymentsense.co.uk/legal/privacy/
WordPress GDPR Statement
https://en.support.wordpress.com/automattic-gdpr
Eventbrite GDPR Statement
GDPR statements are available on request for:
Mobile Applications – Chamber App management
PRG – managing the Chamber website
CloudConnx – Cloud services
Southern IT – IT and telephony support
AFH Payroll
How should you check your GDPR compliance?