Northamptonshire Chamber of Commerce and Milton Keynes Chamber of Commerce (The Chamber) are committed to protecting your personal information and being transparent about what information we hold about you. Using personal information allows us to develop a better understanding of our local businesses, Chamber Members, and Service Users and in turn to provide you with relevant and timely information about the work that we do across Northamptonshire & Milton Keynes. As a membership organisation, it also helps us to engage with potential members and service users.
The purpose of this policy is to give you a clear explanation about how we collect, store and use the information we collect from you directly and from third parties.
The policy will be continuously assessed against new technologies, business practices, regulatory changes and the evolving needs of the Chamber and the memberships services provided by the Chamber.
OUR DATA PRINCIPLES
- To provide clear, honest, and open information to customers about how we use their data.
- To give customers the choice about how we manage their data.
- To use data appropriately and in a way that would be reasonably expected by the customer (including supressing or deleting records once they are no longer required).
- To share customer data with other organisations only where the customer has given their consent for us to do so.
- To be accountable and responsible: to take active steps to protect customer data from ‘data breaches’ and informing customers and the information commissioner as required by data protection law, should this occur.
- To have specific enhanced procedures for the use of sensitive data (such as data relating to individuals, sole traders, or disability).
- To ensure our staff and partners understand these principles and their responsibilities in delivering them.
WHO WE ARE
Northamptonshire Chamber of Commerce & Milton Keynes Chamber of Commerce is a membership organisation and a local hub for businesses to access a broad offer of business support, established in 1917.
We are one of 53 Chambers of Commerce in the UK, accredited by the British Chambers of Commerce, and together we make up a strong network of trusted champions of business, places, and global trade.
At The Chamber, we’re uniquely placed to help businesses of every size and sector. Meaning from micro-one-person businesses to our largest employers, we’re all in it together, locally, nationally, and globally. Ours is the only business support network that helps British businesses build relationships on every level.
The data controller for all personal data collected via this website is Northamptonshire Chamber of Commerce & Milton Keynes Chamber of Commerce with its registered offices at Waterside House, 8 Waterside Way, Northampton, NN4 7XD. This means that we are responsible for deciding what data we collect and how we hold and use your personal data. We will implement appropriate data security measures for protecting the data from unauthorised access and loss, as laid out in the Security section of this Policy.
The Chamber abides by data protection law, including the Privacy and Electronic Communications Regulations 2003 (PECR), the General Data Protection Regulations (GDPR) and the Data Protection Act 2018. We are registered with the Information Commissioners Office, the UK’s Data Protection Authority.
We collect and process various categories of personal information at the start of, and for the duration of, your relationship with us. We will limit the collection and processing of information to information necessary to achieve one or more legitimate purposes as identifies in this notice. You provide some of this data directly, such as when you join the Chamber as a member or if you attend one of our events or training programmes as a member or non-member.
Personal Information may include:
- Basic personal information, including name and address, and contact details.
- Financial information including banking and payment information.
- Information about your business, including contact information.
- Goods and services provided.
- Online profile and social media information and activity, based on your interaction with us and our websites, use of our application.
- Personal data such as dietary requirements ,allergies, or special access requirements.
We may also process certain special categories of information for specific and limited purposes, such as making our services accessible to customer. We will only process special categories of information where we have obtained your explicit consent or are otherwise lawfully permitted to do so.
This may include:
- Information about racial or ethnic origin
WHAT IS THE CHAMBER’S LEGAL BASIS FOR PROCESSING DATA?
Our legal basis for processing data is to pursue the ‘legitimate interests’ of the individual or business. The personal data collected is used by The Chamber to provide individuals information in relation to the Chamber’s membership, events, training courses, policy, international trade, and any other Chamber products or services. We also use data to process customer administration, press releases, to process and respond to queries received from the public or other relevant stakeholders, to seek views or comments on emerging economic issues, and to send marketing communications.
The Chamber does not collect personal data about individuals except when there is a legitimate business requirement (e.g., attending an event), or when such information is provided on a voluntary basis.
In certain situations, we collect and process your personal data for purposes that are in our legitimate organisational interests. However, we only do this if there is no overriding prejudice to you by using your personal information in this way.
SAFE STORAGE OF YOUR DATA
The Chamber uses reasonable measures to safeguard personally identifiable information. The implemented measures will be appropriate to the type of information maintained and compliance with all relevant legislation governing protection of personal information. Measures are implemented to preserve the confidentiality, integrity, and availability of the personal information.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed.
Personal Data will only be shared with organisations who are providing The Chamber with services or initiatives on our behalf. When you access these services, we will share names, or other contact information that is necessary for the third party to provide these services. These third parties are not allowed to use personally identifiable information except for the purpose of providing these services.
If you or your parent company are a current member of The Chamber, opting out of promotional emails will not stop all communication from us. By becoming a member of the Chamber, your firm is signing you up to receive certain information related to your organisation. It is a constitutional requirement for us to send this information to you.
If you are not a member of the Chamber or if your or your parent company’s membership has lapsed, you can choose to opt in or out of further contact with us. We also receive non-member data through net-working (e.g. business cards , event registrations )and add these details , if relevant, onto our CRM or other data management system. We may on occasion purchase opt-in data ( lists from reputable suppliers) for promotional campaigns.
Photography & Video
We sometimes record our events and activities through photographs and film both for archive purposes and to help spread the word about the type of work we do. Participants and staff are advised of this in their registration forms. Members of the public are asked to advise the photographer/videographer if they do not wish to be captured and notices to this effect will be displayed at relevant events.
Information from other sources: We may also collect information about you from other sources:
Referrals from other accredited Chambers of Commerce, International Chambers of Commerce (Global Business Network) or the British Chambers of Commerce.
Other local membership or business support organisations in Northamptonshire & Milton Keynes, such as SEMLEP Growth Hub, FSB, and local authorities, but only if you have given them your consent. You should check that organisation’s privacy notice when you provide your information to fully understand how they will process and safeguard your data.
Information about how you use our data from analytics providers such as Google.
SENSITIVE PERSONAL DATA
Data protection law recognises that certain categories of personal information are more sensitive such as health information, genetic and biometric data, information about your race or ethnicity or your religious or philosophical beliefs or sexual orientation, political opinions, or trade union membership. We do not usually collect this type of information about our customers unless there is a clear reason for doing so. (For example, we may collect health information (dietary requirements / allergies) about event attendees for our programme of events or about customers who have access needs).
DATA LINKS TO THE BRITISH CHAMBERS OF COMMERCE (“The BCC”)
The Chamber is part of a network of 53 Chambers of Commerce across the UK accredited by the British Chambers of Commerce (BCC). One purpose of the Chamber is to “collect analyse or disseminate information (including statistics and other economic and business information) on all subjects of interest to members”. This objective is stated in the Chamber’s ‘Articles of Association’. We will provide BCC with your company’s email address in order for the BCC to conduct research into the impact of policies on your business.
What does the BCC do with your data?
The BCC will not contact your business for any other purpose other than to notify you of an opportunity to respond to a national policy survey. Each year, BCC conducts around five surveys which directly help us develop and shape Government policy across a range of areas, including business taxation, international trade, and employment. The data from these surveys are completely anonymised and aggregated so that individual responses cannot be identified. The anonymised data are then presented in closed briefings with stakeholders across UK Government and shared publicly through BCC’s press team.
The purpose of carrying out the surveys is to produce reports, which the BCC and the Chamber can then use in their activities in promoting and protecting the interests of UK businesses; in other words, they are part and parcel of the function and purpose of BCC and the Chamber. There is never any marketing or commercial purpose to the surveys, and BCC does not carry out surveys on behalf of any third party.
You can contact us if you do not wish to be contacted by BCC, and you will have the opportunity to unsubscribe from BCC’s research mailing list at any point.
Our processing of your personal data will always have a lawful basis, either because it is necessary for our performance of a contract with you, because you have consented to our use of your personal data, or because it is in our legitimate interests.
Contract: When you make a purchase from us, such a buying Chamber membership, you are entering into a contract with us. In order to perform this contract we need to process and store your data. For example we may need to contact you by email or telephone in the case of problems with your payment or if an event is cancelled at late notice.
For marketing communications we use our legitimate organisational interest as the legal basis for communications by post and email. In the case of postal mailings, you may object to receiving these at any time using the contact details at the end of this policy. In the case of email, we will provide you with an option to unsubscribe in every email that we subsequently send you, or you can alternatively use the contact details at the end of this policy.
We aim to communicate with you about the work that we do in ways that you find relevant, timely and respectful. To do this we use data that we have stored about you, such as what events you have booked for in the past, as well as any preferences you may have told us about.
Consent: For any situations where the two bases above are not appropriate, we will instead ask for your explicit consent before using your personal information in that specific situation.
HOW WE USE YOUR DATA
Your data allows us to process any event bookings, sales transactions, other payments, verify your financial transactions and fulfil any requests – such as applications for memberships, competition entries, participation in campaigns and the provision of information. It also allows us to provide the best possible customer service and to assist us with internal administration.
In addition to marketing communications, we also process personal information in the following ways that are within our legitimate organisational interests:
- In order to improve our website and the services we offer; we may analyse information about how you use it and the content and ads that you interact with.
- In order to provide you with a more personal service we may also use the data we hold about you to classify our audience into groups or segments, using this data and publicly available information: this helps us to understand our audiences better and ensure we are sending relevant messages to you.
- To measure and understand how our audiences respond to a variety of marketing activities so that we can ensure our marketing is well targeted, relevant, and effective.
- To keep a record of the relationship you have with us, and use that to ensure that the communications we send you are personalised, and relevant to you and your interests
- To provide third parties with statistical information about our users, but this information will not be able to be used to identify any individual user.
- From time to time we conduct surveys and promotions and may request information from you as part of these. Participation in these is entirely voluntary and you therefore have a choice whether or not to disclose any information which might be required.
- We may also share your personal data to comply with a legal obligation, such as when you exercise your rights under data protection law or when we have to report or respond to a request from any regulatory or government authority or to meet national security or law enforcement requirements or prevent illegal activity.
Sharing your information with others
From time to time, the Chamber collaborates with other relevant organisations and companies to promote other programs that may be of interest to members and the wider business community.
- When you have consented for us to share your details with a named partner or company e.g. SEMLEP Growth Hub, FSB, local authorities.
- Advertisers that require the data to select and serve relevant adverts to you and others.
- Social media sites for the purpose of targeted advertising and data analytics.
- Analytics and search engine providers that help us to optimise our website.
- Payment processors in order to complete your transaction with us.
- Printers and mailing houses to facilitate distribution of print and correspondence.
- Email, data delivery and website hosting service providers.
- Marketing and database service providers to help us to provide you with a more personal service.
- Third party data services who help us to segment and understand our audience so that we can send you the most relevant and targeted communications and tailor pricing.
- Where required to do so by law or when requested by the police or a regulatory or government authority.
- We require third parties to respect the security of your data and to treat it in accordance with the law.
Transfers outside the European Economic Area (EEA)
Some services offered to you through the Chamber, such as Export Documentation, which is needed to sell products outside the European Union “EU”, may involve the transfer of data outside of Europe. These countries may not have similar data protection laws to the UK. By submitting any personal data in these circumstances, you are agreeing to the transfer, storing or processing of your data by a non GDPR compliant entity.
If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this policy.
Your debit and credit card information
If you use your credit or debit card to purchase from us, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more about this standard from the PCI Security Standards Council. If we provide you with the option to store your card details for use in a future transaction this would be carried out in compliance with PCI-DSS and in a way that none of our staff members are able to see your full card number. We never store your 3- or 4-digit security code.
We may use third party provided tools, such as Hootsuite, to manage our social media interactions. If you send us a private or direct message via social media the message may be stored by Hootsuite. Like other personal data, these direct messages will not be shared with any other organisations.
Links to Third Party Websites
The Chamber does link to other third-party websites such as YouTube and Linkedin and other websites of membership, business support and business organisations in the area, which have their own terms of usage that you should be fully aware of. Please note that The Chamber is not responsible for the privacy policies of third-party websites and recommends that users also check the privacy policies of other websites before registering any personal data linked to these sites.
Failing to provide personal data
Some of the data we collect is required by law to fulfil our contract we have or are trying to enter with you (e.g., buying membership). Failure to provide this data may mean that we are unable to complete our service e.g., if an event is cancelled and we need to get in touch with you to let you know but don’t have any contact information.
GIVING YOU CONTROL
When making an event booking, purchasing membership or using any other services from us, you are given the opportunity to opt in to receiving email news and information from The Chamber. We will only contact you with news or information or pass on your personal information to a named company if the relevant box has been ticked.
You can update your personal information and communications preferences, or unsubscribe, at any time in the following ways:
Clicking on the ‘unsubscribe’ link within an email from us
Emailing us at firstname.lastname@example.org
Writing to us at Northamptonshire Chamber of Commerce, Waterside House, 8 Waterside Way, Northampton, NN4 7XD
How long do we keep your information?
By providing you with products or services, we create records that contain your information such as customer account records, activity records, communication records. Records can be held on a variety of media (physical or electronic) and formats. We manage our records to help us to serve our members well (for example for operational reasons such as dealing with any queries relating to your membership) and to comply with legal and regulatory requirements. Records help us to demonstrate that we are meeting our responsibilities and to keep as evidence of our business activities. Retention periods for records are determined based on the type of the record, the nation of the activity, product or service. We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. Details of retention are available upon request.
The General Data Protection Regulations gives you the right to access your personal data held by us (“subject access request”) . You have rights under data protection law: the right to be informed, the right of access the right of correction, the right to erasure, the right to restrict processing, the right to transfer data, the right to object and rights in relation to automated decision-making including profiling. You may also object to the processing of your personal information for direct marketing purposes. Subject access requests must be made in writing to the details below. We will request you verify your identity before the request can be fulfilled. For further details on your rights please see the guidance from the Information Commissioner’s Office (ICO) which is the UK supervisory authority for data protection issues.
Contact details for subject access requests and information:
Northamptonshire & Milton Keynes Chamber of Commerce
Waterside House, 8 Waterside Way, Northampton NN4 7XD
If you are not satisfied by the way we have handled any issues concerning your data you have the right to make a complaint at any time to the ICO. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.
The ICO’s contact details are as follows:
Information Commissioner’ Office
Water Lane, Wilmslow
UPDATES TO YOUR DATA
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Policy Updated: August 2023