Maintaining your privacy and your trust is very important. We strive to be especially clear on how we use your personal information if and when we collect it, and on the ways in which we can work together to protect your privacy.
Data Protection Act 1998 & General Data Protection Regulation (also known as Regulation (EU)2016/679 or “GDPR”) (enforced from 25th May 2018)
- Identity and contact information of the data controller
- Legitimate interests of the data controller or third party (if applicable)
- Purpose of the processing and the lawful basis for the processing
- Categories of personal data to be processed
- Details of whether personal data came from direct or indirect sources
- Recipients or categories of recipients of the personal data
- Details of data transfers to a third country and safeguards
- Length of time personal data is processed and any criteria used to establish the length of time the data is processed
- Data Subject’s Rights (Your rights as an individual)
- Right to complain to the supervisory authority/regulator
- Details of any part of a statutory or contractual requirement and possible consequences of failing to provide the personal data
- The existence of any automated decision making, including profiling and information about how decisions are made
For the purposes of the data protection & privacy legislation the Data Controller is North Devon Manufacturers Association (NDMA), whose registered address is Rose Gules, Sticklepath Hill, Barnstaple, Devon, EX31 2DW
What data we hold
Like most businesses, we generally keep and process business-card categories of data on our contacts in order to identify you and provide contact information. This information enables us to maintain and continue our legitimate business pursuits and contracts through our communication with members, customers, suppliers and contacts.
This data usually includes:
Name, email address, phone number, company, work address
In some cases, we require further data categories such as:
date of birth, photograph, passport, driver’s license, and other information that allows us to identify who you are, and in the case of employees and sub-contracted employees, certain sensitive information such as criminal records checks and family or financial details.
Information you send us:
We may collect any personal correspondence that you send us, or that is sent to us by others about your activities, including activities with our third-party partners.
We may also collect anonymous non-data about you such as information regarding your computer, network and browser (including include an IP address).
What we do with your data
We use your contact details to stay in touch via direct emails, telephone and sometimes even by post if we feel that what we have to say might be of interest or relevance to you. WE WILL NOT PASS YOUR DATA ON TO THIRD PARTIES FOR MARKETING PURPOSES
In general, we will only use any data for the purpose for which it was collected, except with your permission. The purpose of collection is determined by the circumstances in which the information was collected and/or submitted.
Information is used to enable us to operate our business, especially as it relates to an individual. This may include:
- the provision of NDMA and related services to an individual;
- verifying an individual’s identity, vetting and clearances for contracted activity, visits or events;
- communicating with an individual about:
- their relationship with us;
- our services;
- our marketing and promotions to customers and prospects; and/or
- competitions, surveys and questionnaires;
- marketing and promotions to customers and prospects;
- investigating any complaints about or made by an individual, or if we have reason to suspect that an individual is in breach of any of our terms and conditions or that an individual is or has been otherwise engaged in any unlawful activity;
- carrying out regulatory checks and meeting our obligations to our accrediting bodies;
- preventing and detecting crime (such as identity theft and fraud);
- preparing high-level anonymised statistical reports, which would contain details such as the average number of company directors being authorised signatories to a company’s accounts. The information in these reports is never personal and you will never be identifiable from them. We may share these statistical and anonymised reports with third parties including non-NDMA companies; and/or as required or permitted by any law (including the Act).
If you publicly post about NDMA, or communicate directly with us, on a social media website, we may collect and process the data contained in such posts or in your public profile for the purpose of addressing any customer services requests you may have and to monitor and influence public opinion of NDMA.
When we disclose your data
Upon your authorisation and instruction, to your advisers
It may be necessary for us to disclose an individual’s data to third parties in a manner compliant with the Act in the course of our business, such as for processing activities like verification, vetting, due diligence, website hosting, data analytics and payment processing.
We will not disclose or sell an individual’s data to unrelated third parties under any circumstances unless we employ other companies to perform tasks on our behalf and we need to share your information with them to provide products and services to you.
There are some circumstances in which we must disclose an individual’s information:
- where we reasonably believe that an individual may be engaged in fraudulent, deceptive or unlawful activity that a governmental authority should be made aware of;
- as required by any law (including the Act) including court orders;
- as required by UK and overseas regulators and authorities in connection with their duties, including the regulator or authority having access payment details (including information about others involved in the payment);
- fraud prevention agencies, in particular, we will always tell fraud prevention agencies if you give us false or fraudulent information. They will also allow other organisations (in the UK or abroad), including law enforcement agencies to access this information to prevent and detect fraud, money laundering or other crimes; and/or
Where we keep your data
We keep your information on our secure server. We may also store your information if we have previously corresponded on relevant platforms such as our email server and UK data protection law compliant 3rd party applications including Mailchimp, Survey Monkey, Lead Forensics and Microsoft Cloud Applications.
The data that we collect from you will be stored in the European Economic Area (EEA), but may be transferred to, and stored at, a destination outside the EEA, with and by third parties.
Data may also be processed by third parties and/or staff operating outside the EEA who work for us or for one of our third party partners. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing.
We will retain data for the period necessary to fulfil the purposes outlined in this policy unless a longer retention period is required or permitted by law.
How we process your data
We will only process your data with your consent. At times it is necessary to pass your data to 3rd parties in order to facilitate a contract. NDMA understands that it must ensure that our suppliers and customers comply with UK data protection legislation.
How we look after your data
NDMA takes the security of your data very seriously. We use a secure IT services provider and fully protected email system which complies with UK data protection legislation.
We will take all reasonable precautions to protect your data from unauthorised access. This includes appropriately securing our physical facilities and electronic networks.
Examples of such precautions include:
- Data encryption
- Intrusion detection systems
- Physical protection of premises where data is stored (24/7)
The security of communications sent by electronic means or by post cannot be guaranteed. Each individual that provides information to us via the internet or by post does so at their own risk. We cannot accept responsibility for misuse or loss of, or unauthorised access to, data where the security of information is not within our control.
Privacy or security practices of any third party (including third parties that we are permitted to disclose your data to in accordance with this policy or any applicable laws) may be subject to separate privacy and security policies than that of NDMA.
If you suspect any misuse or loss of, or unauthorised access to, your data, you should let us know immediately.
We are not liable for any loss, damage or claim arising out of another person’s use of the data where we were authorised to provide that person with the data.
How to access and/or update information
Current regulation gives you the right to request from us the data that we have about you.
If you cannot update your own information, we will correct any errors in the data we hold on you within one month of receiving written notice from you about these errors.
It is your responsibility to provide us with accurate and truthful data. We cannot be liable for any information that is provided to us that is incorrect.
We may not charge you a reasonable fee for our costs incurred in meeting any of your requests to disclose the data we hold on you, if such a request is manifestly unfounded or excessive. We reserve the right to clarify the specific information your request relates to.
Information will be provided within one month of receipt of the request.
You have the right to request that information held on you by NDMA is erased, where there are no additional legal and/or regulatory requirements for NDMA doing so.
How we collect your data
Most information will be collected in association with generally dealing with us or engaging with us at an event or through social media/web activity. However, we may also receive data from other sources such as advertising, an individual’s own promotions, public records, mailing lists, contractors, staff, recruitment agencies and our business partners. In particular, information is likely to be collected as follows:
Registrations/Memberships/Subscriptions/Purchases. When an individual registers, subscribes and or purchases a product, service, list, account, connection or other process whereby they enter data details or grant access to information in order to receive or access something, including a transaction or services;
Customer/supplier Accounts. When an individual submits their details to open an account or engage in a transaction
Supply/Contact. When an individual supplies us with goods or services or contacts us in any way;
Pixel Tags. Pixel tags and web beacons may enable us to send email messages in a format customers can read and they tell us whether mail has been opened.
As there are many circumstances in which we may collect information both electronically and physically, we will endeavour to ensure that an individual is always aware of their data being collected, in particular by third parties.
We may also collect anonymous non-data, which may be used and shared on an aggregated and anonymous basis.
How you consent to the collection of your data
You may opt to not have us collect your data and communicate with you at certain times. This may prevent us from offering you some or all of our services, or other services you access with or through us.
Opt In. Where relevant, you will have the right to choose to have your information collected and/or receive information from us; or
Opt Out. Where relevant, you will have the right to choose to be excluded from some, if not all, information collection, and/or the receiving of that information from us. You may revoke your consent at any time, and the decision to opt out should be made through the same media by which you opted in.
If you believe that you have received information from us that you did not opt in to receive, you should contact us on the details provided at the bottom of this page.
Complaints and disputes
You have the right to object to:
processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
direct marketing; and
processing for purposes of scientific/historical research and statistics
unless we hold compelling legitimate grounds for processing or the processing is for the establishment, exercise or defence of legal claims.
You can choose how you would like to receive marketing and other non-business critical communications.
Any changes made to these contact preferences can take up to 30 days to come into effect.
If you have a complaint about our handling of your data, you should address this complaint in writing to the details provided at the bottom of this page.
You have the right to lodge a complaint with a supervisory authority if you consider that the processing of your data infringes the General Data Protection Regulation.
If you lodge a dispute regarding your data, we both must first attempt to resolve the issue directly between us.
If we become aware of any unauthorised access to your data which is likely to result in a high risk for the rights and freedoms of the data subjects, we will inform you without undue delay after becoming aware of it, once we have established what was accessed and how it was accessed.
Additions to this policy
We reserve the right to modify this policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the Platform. If we make material changes to this policy, we will notify you in writing that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
If we decide to change this policy, we will post the changes at www.ndma.org.uk. It is your responsibility to refer back to this policy to review any amendments.
North Devon Manufacturers Association (NDMA)
Rose Gules, Sticklepath Hill, Barnstaple, Devon, EX31 2DW
This policy was last updated on