At the Haberdashers’ Company, we are committed to ensuring the safety and security of your information. The purpose of this note is to explain what we do with the information you provide us when signing up to receive communications from us. For the purposes of the legislation in this area, the Haberdashers’ Company is known as the “Data Controller”, and is therefore responsible for what happens to the information that you provide..
What type of personal information we collect
The type and amount of information we collect is restricted to contact details (name, organisation, address, email and telephone number plus dietary infomation if you attend one of our events).
How we use your information
We will use your information only for the purposes of:
Responding to your query,
Contacting you about events,
Processing a transaction if you make a payment to us through the website.
Our legal basis for processing your information
By submitting an email or any online submission form, you have consented to us contacting you in response to your query, and using your details for that purpose. As a membership organisation, we also have a legal right to hold information about our members and the activities they are involved in.
You can withdraw your consent to this at any time by contacting firstname.lastname@example.org or writing to us at the Hall, but your consent will remain valid until we receive the withdrawal notice from you.
How we keep your information safe
We understand the importance of security of your personal information and take appropriate steps to safeguard it. Your information is stored in a database, which is stored on dedicated (rather than shared use) file servers, and we regularly review our IT provision to ensure security and that what we have is fit for purpose. No data transmission over the internet can however be guaranteed to be 100% secure. So while we strive to safeguard your information, we cannot guarantee the security of any information you provide online and you do this at your own risk.
Who has access to your information?
Aside from staff employed by The Haberdashers' Company...
- Third parties if we run an event in conjunction with them. We will let you know how your data is used when you register for any event.
- If you are making a payment through the website, the transaction is undertaken by PayPal or GoCardless, with whom we have a legal agreement. When you checkout, you will be automatically redirected to a secure server managed by Go Cardless and we will not see, store or use any of the details that you enter into that site.
We may also disclose your personal information if we are required to do so under any legal obligation and may use external data for the purposes of fraud prevention and credit risk reduction, or where doing so would not infringe your rights, but is necessary and in the public interest.
Other than this, we will not share your information with other organisations without your consent.
Keeping your information up to date
We appreciate it if you let us know if your contact details change. You can do so by contacting us at email@example.com
How long we keep your information for
We will treat your consent as lasting only for as long as it is reasonable to do so. This will usually be for two years. We may periodically ask you to renew your consent.
If you ask us to stop contacting you, we will keep a record of your contact details and limited information needed to ensure we comply with your request.
You have the right to request details of the information that we hold about you, and the uses to which it is put, which is known as a Subject Access Request. Such requests have to be made in writing. To make a request, please contact us at firstname.lastname@example.org or at the address given above.
You also have the following rights [which will be introduced in the UK under the GDPR in May 2018:
- the right to request rectification of information that is inaccurate or out of date;
- the right to erasure of your information (known as the “right to be forgotten";
- the right to restrict the way in which we are dealing with and using your information; and
- the right to request that your information be provided to you in a format that is secure and suitable for re-use (known as the “right to portability”;
All of these rights are subject to certain safeguards and limits or exemptions, further details of which can be found in our Data Protection Policy, once they are fully in force. To exercise any of these rights, you should contact email@example.com .
If you are not happy with the way in which we have processed or dealt with your information, you can complain to the Information Commissioner’s Office. Further details about how to complain can be found at https://ico.org.uk/concerns.
This Policy was last updated on 18 February 2019.