This privacy notice explains when and why we collect personal information about our members, people who attend our events and visitors to our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this notice from time to time so please check this page occasionally to ensure that you’re up to date with any changes.
2. About Chambers Wales
Chambers Wales (the Chamber) is a membership-based organisation. Our mission is to strengthen member businesses and stimulate Welsh business prosperity generally through the provision of relevant information, services and advocacy.
The Chamber is part of a network of 53 Chambers of Commerce across the UK accredited by the British Chambers of Commerce (BCC). One purpose of the Chamber is to “promote support or oppose any legislation or policies”. This objective is stated in the Chamber’s Articles of Association (see section 2(d) of Chamber AoA. We will provide BCC with your company’s email address in order for BCC to conduct research into the impact of policies on your business.
Our ICO registration number is: Z2590778
3. Data Controller
The Chamber is controller and responsible for your personal data (referred to in this policy as “we” “us” and “our”).
You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would however appreciate the opportunity to deal with your concerns before you approach the ICO, so please contact us in the first instance.
4. What sort of personal data do we collect?
We collect the following types of personal information:
- Member contact name(s), invoicing and business address(es), email(s) and telephone number(s).
- Identity and contact information for specific individuals at each of our member organisations.
- Photographs or recordings of individuals who attend our events and courses.
- Basic payment information for membership, training, event ticket payments etc.
- Transaction information relating to any payments to and from you and other details of services you have purchased from us.
- User social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
- Profile data for our members, including their username and password, information about their purchases and orders.
- Marketing preference information, including your preferences in receiving marketing from us and BCC, and your communication preferences.
We do not collect any special categories of personal data about you (including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).
5. How do we collect personal data and where is it stored?
The Chamber collects information directly from individuals or their parent companies who are members or interested generally in the Chamber, its services and activities. The information may be collected through e-mails, phone calls, online forms, events, face to face meetings, through the members’ dashboard area, by you requesting marketing or other information from us, or by you entering into our awards or a competition we may run from time to time.
We will also collect data about you from third parties such as analytics providers (e.g. Google based outside of the EU), advertising networks, search information providers, identity and contact information from publicly available sources (e.g. Companies House).
The members’ area is stored directly on our CRM and is accessed only via the website. Members are responsible for uploading and maintaining information about their company, including membership contact details, using their membership dashboard. It is each member’s responsibility to ensure that their personal and business information is kept up to date. Details of how to access your dashboard are provided in your membership package when you become a member. If you need any assistance accessing your membership dashboard, please contact us at email@example.com.
6. Why do we use your personal data?
We use your personal information to:
- Provide your membership services, e.g. the members’ dashboard.
- Manage training course and event attendance.
- Provide any services you may have purchased from us.
- Seek the views or comments of business people on emerging political or economic issues.
- Process and respond to queries received.
- Process payments for the services we provide.
- Engage with businesses via social media.
- Develop and customise our services to meet the needs and preferences of members, and to bring to their attention member services, events, networking opportunities and training courses.
- Analyse the website statistics of user behaviour to measure interest in and use of the different sections of our website, and to improve the features and content of the website.
- Comply with any legal obligation.
- Further our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
We do not pass information on to third parties for advertising purposes.
7. Our lawful bases for processing personal information
We rely on the following 5 lawful bases for processing personal information:
We need personal data to comply with our contractual obligations to you, for instance if your business becomes a member, you purchase any services from us or if you book onto a course.
We are legally required to keep some information, such as certification and financial data.
We use personal information where we have been mandated by a public authority to issue, for example, international trade certificates.
We also use personal information to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, properly administering our website, the day-to-day provision of our services, responding to your queries about the Chamber and its services, marketing our business and services which we think may be of interest to you.
We may explicitly ask for your consent to use your data, for example, when you tick a box to opt-in for your business to receive notification of events or training from us. You have the right to withdraw your consent at any time.
8. When do we collect personal data?
- When a business becomes a member we collect contact details that identify the appropriate individuals for us to contact within the member business.
- As a security check when member businesses login to their membership account.
- When businesses upload personal information to their membership dashboard.
- When people book, or are booked in by their company, to attend training courses or events
- When you attend our courses and events, which may be photographed and/or recorded for the purpose of marketing the Chamber and our events generally.
- When individuals pay for our services on behalf of their business.
- When people lease a commercial property from us on behalf of their business.
- When people engage with us on social media.
- When we are contacted with queries, complaints etc.
- When individuals enter prize draws or competitions run by the Chamber.
- When individuals or businesses enter any awards we hold from time to time.
- When individuals sign up to our newsletter.
9. How we protect personal data
All personal information generated via this website is stored in a secure server the overall security of which is managed by our website administration contractor. Access to the personal data is limited to those Chamber employees, contractors or agents who have a legitimate business need, such as managing memberships, letting properties or processing payments.
The Chamber’s employees, contractors and agents are subject to a duty of confidentiality and due care which includes proper handling of personal information. All employees are trained on data security and information protection.
10. How long do we keep personal data?
We retain your personal information on our CRM for the following periods:
- We do not retain payment card information. As soon as your card payment has been processed, your card details will be deleted / destroyed.
- We will retain other details of financial transactions as required by law and/or taxation authorities.
- Award entrant data is deleted 2 years after the finalists for that year are announced.
- Details of attendees of our events is deleted after 1 year.
- The lapsed membership data is deactivated after 1 year and deleted after 3 years.
- Cancelled memberships are deactivated within a calendar month and deleted after 3 years unless specifically requested.
Members are responsible for updating and maintaining the accuracy of their information in the Members’ dashboard area.
Some data, such as financial information, must be kept for legally prescribed periods. When deciding how long to keep personal information with no prescribed legal retention period, we take into account the purpose or purposes for which we hold the information.
11. Who do we share data with?
We share personal data with our contractors including our public relations company, our CRM and website administrator and our certified document provider. We use Google Analytics and Google Tag Manager for website analytics, MailChimp for member newsletter and information mailouts and SagePay for online payments. Sometimes our contractors collect and administer personal information on our behalf, for example our website administrators implement website analytics and our PR company sends out our newsletters.
We transfer your personal data outside the EEA when using software such as Mailchimp. Whenever we transfer your personal data out of the EEA ensure that a similar degree is afforded to it by ensuring that they have contractual obligations to give personal data the same protection it has in Europe.
On an aggregate basis without any identifiers, personal data may be used to provide third parties with information such as the composition of our membership, to help us develop new member services and products, and to provide sponsors and others with aggregate information about members and visitors, and how they use our website and services.
Our policy is that:
- We only provide the data needed for third parties to perform their specific services.
- Third parties may only use personal data for the exact purposes we specify in our contract with them.
- We work closely with third parties to ensure that personal privacy is respected and protected.
- If we stop using the services of a third party, any personal data held by them will either be deleted or rendered anonymous.
We do not sell data on to third parties for advertising or any other purpose.
British Chamber of Commerce Surveys
We share a small amount of personal information with our accrediting organisation, the British Chambers of Commerce (BCC).
BCC will not contact your business for any other purpose other than to notify you of an opportunity to respond to a national policy survey. Each year, BCC conducts around five surveys which directly help us develop and shape Government policy across a range of areas, including business taxation, international trade, and employment conditions. The data from these surveys are completely anonymised and aggregated so that individual responses cannot be identified. The anonymised data are then presented in closed briefings with stakeholders across UK Government, and shared publicly through BCC’s press team.
The purpose of carrying out the surveys is to produce reports, which BCC and the Chambers can then use in their activities in promoting and protecting the interests of UK businesses; in other words, they are part and parcel of the function and purpose of BCC and the Chamber.
You can contact us if you do not wish to be contacted by BCC, and you will have the opportunity to unsubscribe from BCC’s research mailing list at any point. If your or your parent company’s membership of a local Chamber has lapsed, the BCC may continue to contact you about opportunities to respond to business surveys. You can choose to opt in or out of further contact with the BCC.
12. What are your rights?
An overview of your rights
You have the right:
- To be informed of the ways in which we use your personal information.
- To access any personal information we have about you (commonly known as a data subject access request).
- To request the correction of your personal information when incorrect, out of date or incomplete. Please note that we may need to verify the accuracy of any new data you provide to us, and in some cases we may need to hold the historic information on file as well as your new information.
- To request the deletion of your personal information, where there is no good reason for us to continue to process it, or where you have successfully objected to us processing it. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- To request us to restrict or suppress the processing your personal information.
- To request that we provide a copy of your personal information to you (or a third party) in a structured, commonly used and machine readable format.
- To withdraw any consent you may have given to us to process your personal information, where we are reliant on your consent. Please note that this will not affect the lawfulness of any processing carried out before you withdrew your consent.
- To object to us processing your personal information where we are relying on legitimate interest. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- To lodge a complaint with the Information Commissioner’s Office (ICO) which is the appropriate UK supervisory authority if you feel that we have not respected your rights. They can be contacted via their website ico.org.uk.
We do not use personal information for automated decision making or profiling.
If your business is a member and you wish to amend your information, please update your online account via your membership link (you will need your password) or contact firstname.lastname@example.org for assistance.
13. Exercising any of your rights
You will not usually have to pay a fee to access your personal data, or to exercise any of the other rights. However, we may charge a reasonable fee is your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than one month if your request is particularly complex or if you have made a number of requests. In this case, we will notify you and keep you updated.
14. Changes to this Privacy Notice
We will review this notice regularly, so please check back from time to time to ensure you are up to date.
The last date the notice was reviewed was October 2020.