DATA PRIVACY NOTICE
What is the purpose of this notice
This privacy notice sets out the basis on which any personal data we collect from you will be processed in accordance with the General Data Protection Regulation (GDPR – Reg. EU 2016/679).
What we need
The Commonwealth Local Government Forum (CLGF) is known as the ‘Controller’ of the personal data you provide to us. We only collect basic personal data about you which does not include any special categories of personal information about you (known as Special Category Data). This does however include name, address, e-mail, telephone number.
Why we need it
The CLGF need to know your basic personal data in order to:
- Provide our services for the benefit of the CLGF membership, as specified in the CLGF Articles of Association.
- Provide news, events, activities and services for individuals interested in local government.
- Use photographic images and video footage from our events and to use case studies, quotes from our partners, members, staff, and meeting delegates, which may be accompanied by personal information (such as name, job title, organisations) to enhance and illustrate our work.
- Administer membership records
- Manage the records of our employees, consultants, and partners.
- Maintain our financial accounts and records
We will not collect any personal data from you that is not required to provide and oversee this service to you.
Information we may collect from you
We collect personal information during various interactions such as through membership signup, registration as a delegate to one of our meeting, sign up to our newsletter and others. The personal information we collect is limited to that required for us to manage the interaction or event. This is usually limited to contact information such as name, title, position, organisation and contact email and phone number.
When you undertake a financial transaction with us, such as payment of a delegate fee for our conference, the data will be held securely within our finance systems in compliance with the legal requirements on financial transactions, which is usually for seven years.
Additionally, in visiting our website or engaging with CLGF managed profiles through social media such as twitter and facebook, these websites and apps may automatically collect information about your location from your IP address, length of visit, page interaction and other information for analysis, please note that in visiting these sites and apps, you give permission for this.
All data CLGF holds is protected through various security measure by our partner organisations, such as our IT services provider, website host etc. These security measures are regularly reviewed and updated to ensure they are fit for purpose under ever changing cyber security challenges.
What we do with the data
We only ever use your personal data with your consent, or where it is necessary to:
- enter into, or perform, a contract with you
- comply with a legal duty
- protect your vital interests – or
- for our own (or a third party’s) lawful interests, provided your rights do not override these.
In any event, we will only use your information for the purpose or purposes it was collected for (or for closely related purposes).
We may process personal information for certain legitimate business purposes, which include some or all of the following:
- where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our members and partners and other interested parties
- to identify and prevent fraud
- to enhance the security of our network and information systems
- to better understand how people interact with our websites
- to provide postal communications which we think will be of interest to you
- to determine the effectiveness of promotional campaigns and advertising.
Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights at all times.
When we process your personal data for our legitimate interests, we will make sure that we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You have the right to object to this processing if you wish, and if you wish to do so you can ‘opt out’ by indicating this when submitting forms on the website or by emailing us at any time at email@example.com. Please bear in mind that if you object this may affect our ability to carry out the tasks mentioned above for your benefit.
Where we keep it
The data that we collect from you may be transferred to, and stored at, a destination outside the European Economic Area (EEA). It may also be processed by staff operating outside the EEA who work for us or for one of our suppliers. Such staff may be engaged in, among other things, the fulfilment of your order, the processing of your payment details and the provision of support services. By submitting your personal data, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy.
How long we keep it
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing e-mails, we will stop storing your e-mails for marketing purposes (though we will keep a record of your preference not to be e-mailed).
We continually review what information we hold and delete what is no longer required. We will not retain your data for any longer than necessary and the longest time that we will hold your data will be six years after the calendar year to which the information relates.
What are your rights
We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as a data subject access request)
- the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
- the right to have inaccurate data rectified
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to personal data you have provided to us which we process automatically based on your consent or the performance of a contract. This information will be provided in a common electronic format.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you wish to raise a complaint on how we have handled your personal data, you can contact the HR Manager, CLGF, Commonwealth House, 55-58 Pall Mall, London, SW1Y 5JH or by email: firstname.lastname@example.org who will investigate the matter.
If you are not satisfied with our response, or believe we are processing your personal data not in accordance with the law, you can complain to the Information Commissioner’s Office, the UK supervisory authority for data protection issues, at the Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF; or via email https://ico.org.uk/global/contact-us/email