The voice of the business sector in Mid Devon

e.

t. 0330 1000338


Facebook


Privacy Policy

The Business Forum Mid Devon (the Forum) is committed to safeguarding the privacy of our members and website users and to maintain compliance with the:

General Data Protection Regulation (GDPR) – 2018

The Data Protection Act  (DPA) – 1998

Privacy & Electronic Communications Regulations  – 2003

It is recognised that the promotion and implementation of the Privacy Policy is the responsibility of the Executive Committee. The Forum accepts responsibility for the safe handling of personal data by other people who may assist with the purpose of the Forum’s activities from time to time.

We recognise that the GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

Forum Purpose:  To act as the voice of the business sector in Mid Devon

Encourage local businesses to expand and new businesses to open in Mid Devon, thereby creating additional employment opportunities

Enable local businesses to get to know one-another and help one another by working and trading together

The Forum recognise the principles of data collection and retention in that records are maintained:

  • Lawfully, fairly and transparently
  • Personal Data is only collected for the specified, explicit and legitimate purpose of membership information and communications
  • Information is only collected that is necessary for the purpose of identification of members and for sending communications regarding events
  • We will ensure that any data collected and collated is accurate
  • Membership details will be stored for duration of membership and deleted from system 6 months post membership (to allow for late applications)
  • On a password protected data base with restricted access

Information Commissioners Office

Registration with Information Commissioners Office has been investigated through a self assessment questionnaire.  As a not for profit organisation the Forum does not have to register as a Data Controller or Data Processor.  However, it should be noted that both the Chairman and the Secretary of the Forum have held or hold roles as Data Controllers and Data Processors with other organisations.  Consequently, best practice will be followed with regards to Data privacy, security and integrity and used in the formation of this Privacy Policy.

This Privacy Policy extends to:

Members

Website Users

Speakers

3rd Party suppliers

Forum Lawful Base: Consent

We accept requests for membership on an electronic application form which details that information on events and newsletters will be sent.  A clear and unequivocal consent to receiving such information from the potential member is obtained on the membership application.

Forum Processing:

To allow the Forum to function as an membership  organisation in the Mid Devon area we manage a website and maintain a secure data base of members.

Automated membership data is collected and collated through a secure db managed by Roundash.  Paper records are created for signing-in attendees at events, subsequently uploaded into the Forum electronic booking system, and the paper copy destroyed.

On the membership application we ask for: Name, Company name, contact details. The form is in pdf format which can be downloaded.  This pdf contains a field for consent to receiving email communications.  Renewal forms will carry the same opt-in

After someone has filled out an electronic or paper based form, they are sent an email asking them to complete the opt-in process. Using a reCAPTCHA form, we can capture the details of their opt-in statement. This way we can see:

  • The date
  • Time
  • IP address
  • Source
  • Consent statement

This way we have a provable account of what each contact has given consent to saved in our system.

On annual membership renewal, each member will be asked for a declaration of consent to continue to receive communications.

We will always include an opt-out option in any communications with current members.

Forum Events:

Registration for events are taken on line.  A field on the registration form provides a choice for the attendee to have their name included on the attendee list which will be distributed on the evening.

Name Badges: Provided at the event and collected at the end. In the event of an Attendee not wishing to be included in the attendee list, we will adhere to their wishes and their badge will not be in plain sight.

A sign in sheet will be issued – signatures are collected to evidence attendance and for H & S purposes.  Post event the attendees will be recorded on the Data base and paper records will be destroyed.

Forum Speakers:  An agreement giving consent to inclusion on attendee list and details on the event promotion

Forum Marketing:

Our marketing takes the form of traditional and social media methods to attract new members and to invite members to bi-monthly meetings.

Traditional marketing is conducted through:

  • Networking
  • Trade Shows
  • Press releases

Social Media marketing is conducted through:

  • Twitter
  • Linkedin
  • Facebook

Marketing Communications are channelled through:

  • Mail Chimp email service

Forum Communications:

Email communications will always carry an automated opt out clause plus a prompt to remind members that they can exercise this option at the bottom of the Mail Chimp communication.

Emails using normal email software will not be sent to multiple addressees either in the address box or through carbon copies (CC’s)