GDPR & Privacy Policy

Our Data Policy: How We Will Use Your Data

1.1 Agreed Purposes: to retain sufficient data relating to Members and Companies for Trafford to provide the Services offered;

1.2 Controller, data controller, processor, data processor, data subject, personal data, processing and appropriate technical and organisational measures: as set out in the Data Protection Legislation in force at this time.

1.3 Data Protection Legislation: all legislation and regulatory requirements in force from time to time relating to the use of personal data and the privacy of electronic communications, including, without limitation (i) any data protection legislation from time to time in force in the UK including the Data Protection Act 2018 or any successor legislation, as well as (ii) the General Data Protection Regulation ((EU) 2016/679) and any other directly applicable European Union regulation relating to data protection and privacy (for so long as and to the extent that the law of the European Union has legal effect in the UK).

1.4 Permitted Recipients:  The parties to Trafford agreements, the employees of each party, any third parties engaged to perform obligations in connection with this agreement.

1.5 Shared Personal Data: the personal data to be shared between the parties under this agreement. Shared Personal Data shall be confined to the following categories of information relevant to the following categories of data subject:

1.5.1 For yourself, fellow Directors/Owners and potentially your employees: Personal Data including your name, mobile number, phone number, business name, email address, website, postal address, credit card (for account/billing processing details), a history of calls, emails and other correspondence between ourselves and members, where appropriate. We may also hold your DOB and home address, if provided by you. Furthermore, we may capture information about your personal preferences, interests, views and opinions, and any other information you provide in completion of your profile, and any photos you also send us;

1.5.2 As well as a data collected from surveys and profiles that way may ask you to complete, which contains personal and business information, data you provided, we will also hold any future updates and additional information you provide.

1.5.3 We may take photos or videos at our events, and these may be used in the annual Trafford photo album, for social media and to help our wider community of members share in the activities they were not able to attend, and to help raise awareness of our events and for marketing purposes.  Photos may also be provided when making introductions. 

1.5.4  For your Company we may hold data, including but not limited to, services/products, financial information, suppliers, customers, outsources services, employee details.

1.6 To maintain a record of your business and personal data to enable us to serve you as a member of our organisation. This includes:

1.6.1 Maintaining a log of events you are booked to attend and have attended.

1.6.2 Sending reminders for events you are booked to attend, as well as notifying you of future events you may be interested in attending, and other relevant information we deem relevant to your membership and that which could be of benefit to your business;

1.6.3 A record of all events you have attended;

1.6.4 Collating leads requests and issuing this digitally, and in printed form, to the group of attendees at the relevant meetings you attend;

1.6.5 Issuing the logs of pledges, attendee information and other relevant event information to all attendees, plus regular reminders and final log closures providing details of all promises fulfilled and not fulfilled. The log contains details of pledges you have made to others, pledges other attendees have made to you, relevant outcomes, as well as your contact details so members and guests may contact you to fulfil their promises;

1.6.6 Accounting information, including relevant contact details so invoices can be issued and payments may be processed.

1.6.7 To invite your guest nominations (those you would like to join our organisation) by stating your name and business as the person/company that put them forward.

1.6.8 To connect you with members and non-members.

1.6.9 To track members performance, so we can analyse overall membership performance and compare individual business members to the overall membership.  This includes: your name, your company, tenure, attendance, payment history, introductions passed and their outcomes, guests nominated, and general activity data.

1.6.10 To maintain a record of communications, including telephone calls, meetings, emails, and any other form of communications that may be used.

1.6.11 Other uses of the data that will enable us to serve you and the overall membership to the best of our abilities.

1.6.12 To comply with our legal and accounting obligations

1.7 Shared Personal Data: The provisions which follow layout the framework for the sharing of personal data between the parties as data controllers. Each party acknowledges that one party (the Data Discloser) will regularly disclose to the other party (the Data Recipient) Shared Personal Data collected by the Data Discloser for the Agreed Purposes. Each party shall:

1.7.1 ensure that it has all necessary consents and notices in place to enable lawful transfer of the Shared Personal Data to the Data Recipient for the Agreed Purpose.

1.7.2 give full information to any data subject whose personal data may be processed under this agreement of the nature such processing. This includes giving notice that, on the termination of this agreement, personal data relating to them may be retained by or, as the case may be, transferred to one or more of the Data Recipients, their successors and assigns;

1.7.3 process the Shared Personal Data only for the Agreed Purposes;

1.7.4 not disclose or allow access to the Shared Personal Data to anyone other than the Permitted Recipients;

1.7.5 ensure that all Permitted Recipients are subject to written contractual obligations concerning the Shared Personal Data (including obligations of confidentiality) which are no less demanding than those imposed by this agreement;

1.7.6 ensure that it has in place appropriate technical and organisational measures, reviewed and approved by the other party, to protect against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

1.7.7 not transfer any personal data obtained from the Data Discloser outside of the European Economic Area unless the prior written consent of the data subject has been obtained and the following conditions are fulfilled:

1.7.7.1 complies with the provisions of Articles 26 of the GDPR (in the event the third party is a joint controller); and

1.7.7.2 the transferring party complies with its obligations under the Data Protection Legislation ensures that (i) the transfer is to a country approved by the European Commission as providing adequate protection pursuant to Article 45 GDPR; (ii) there are appropriate safeguards in place pursuant to Article 46 GDPR; or (iii) one of the derogations for specific situations in Article 49 GDPR applies to the transfer.

1.8 Compliance: Each party shall comply with the Data Protection Legislation and agrees that any material breach of the Data Protection Legislation shall, if not remedied within 30 days of written notice from the other party, give grounds to the other party to terminate this agreement with immediate effect.

1.9 Mutual assistance. Each party shall assist the other in complying with all applicable requirements of the Data Protection Legislation. In particular, each party shall:

1.9.1 consult with the other party about any notices given to data subjects in relation to the Shared Personal Data.

1.9.2 promptly inform the other party about the receipt of any data subject access request.

1.9.3 provide the other party with reasonable assistance in complying with any data subject access request; 

1.9.4 not disclose or release any Shared Personal Data in response to a data subject access request without first consulting with and obtaining the consent of the other party.

1.9.5 assist the other party, at the cost of the other party, in responding to any request from a data subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators.

1.9.6 notify the other party without undue delay on becoming aware of any breach of the Data Protection Legislation;

1.9.7 at the written direction of the Data Discloser, delete or return Shared Personal Data and copies thereof to the Data Discloser on termination of this agreement unless required by law to store the personal data;

1.9.8 use compatible technology for the processing of Shared Personal Data to ensure that there is no lack of accuracy resulting from personal data transfers;

1.9.9 maintain complete and accurate records and information to demonstrate its compliance with this clause; and

1.9.10 provide the other party with contact details of at least one employee as point of contact and responsible manager for all issues arising out of the Data Protection Legislation, including the joint training of relevant staff, the procedures to be followed in the event of a data security breach, and the regular review of the parties’ compliance with the Data Protection Legislation. 

1.10 Indemnity. The Member and/or Company shall indemnify Trafford against all claims and proceedings and all liability, loss, costs and expenses incurred by the other as a result of any claim made or brought by a data subject or other legal person in respect of any loss, damage or distress caused to them as a result of any breach by the other party of the Data Protection Legislation by that party, its employees or agents, provided that the indemnified party gives to the indemnifier prompt notice of such claim, full information about the circumstances giving rise to it, reasonable assistance in dealing with the claim and sole authority to manage, defend and/or settle it.

 

Why We Need This Data         

2.1 We will use your data as described above to enable us to provide our service to you.  We would be unable to service your membership without this information.  You may withdraw your consent at any time by sending an email to: [email protected].

 

Your Rights              

3.1 You have certain rights given to you by law, that means you have an amount of control over your personal data that we process:

3.1.1 Access to Your Personal Data: This right allows you to confirm that your personal data is being processed and to allow you to check if the processing is lawful.

3.1.2 Correcting Any Mistakes: The right of rectification allows you to instruct an organisation that is processing your personal data, to rectify any mistakes.

3.1.3 Right to be Forgotten: You have the right to instruct an organisation to erase your personal data.

3.1.4 Stop Processing: The right to stop the processing of your personal data.

3.1.5 Moving Data: The right to data portability means that under certain circumstances you will be able to ask for your personal data to be transferred from one organisation to another.

3.1.6 Right to Object to Direct Marketing: You have the right to object to the processing of your personal data for the purposes of direct marketing.

3.1.7 Right to complain to the Information Commissioners Office (ICO): If you are not happy with an aspect of how Trafford Enterprises Ltd are processing your data, you can lodge a complaint to the supervisory authority, which is the ICO. (www.ico.org.uk).

3.2 Please make sure you contact our Data Controller in writing to the registered office of Trafford Enterprises Ltd, if you wish to exercise any of your rights or if you have any questions about the processing of your personal data.

 

Notice of Breach of Security           

4.1 If a security breach causes an unauthorised access into our system that materially affects you or your contacts in our software, then Trafford Enterprises will notify you as soon as possible and later report the action we took in response. For more information on this please refer to our data breach process, a copy which can be obtained on request from our Data Controller.

 

Jurisdiction           

5.1 We operate in the United Kingdom.

 

Access to your personal information               

6.1 You have the right to request a copy of the personal information that Trafford Enterprises holds about you and to have any inaccuracies corrected. A small fee for such requests will be payable. Please address requests to the Data Controller and use the address provided under the “Contact Us” section.

 

Changes to our Data policy

7.1 Should we revise our data policy we will provide you with written notification.

 

Any Questions

8.1 If you have any further questions about how we manage and process your data please contact the Trafford Data Protection Officer, Trafford Enterprises Ltd, 94 Chapel Market, London, N1 9EY, United Kingdom.  Our recognised authority is the United Kingdom’s Information Commissioner.

 

 

Version Date: 14th August 2022

Last Updated: 5th February 2020