Sheffield Chamber of Commerce (SCCI) places high importance on information security and have always honoured our members, customers, employees and other users’ rights to data privacy and protection. All information supplied to SCCI will be used in accordance with the General Data Protection Regulation (GDPR) and the Electronic Communications Regulations (PECR).
This policy explains how SCCI collects, uses, shares and retains your personal details, how we process, manage, and store those details and how your rights under the GDPR and PECR are adhered to. The policy is effective as of 25th May 2018.
The policy will be continuously assessed against new business practices, regulatory changes, new technologies and the evolving requirements of SCCI whom are registered with the Information Commissioners Office (ICO).
The data controller for all personal data collected via this website is SCCI with its registered office at Albion House, Savile Street, Sheffield S4 7UD. SCCI is responsible for deciding what data is collected, stored and how your personal data is used. SCCI will implement appropriate data security measures for protecting the data from unauthorised access and loss, as laid out in the security section of this policy.
Collection of Data
SCCI is a membership and business support organisation. Personally, identifiable information collected by SCCI includes the following:
- Company name
- Primary contact
- Email address
- Number of employees
- Business description
- Reasons for joining; including: Business Training, Advice & Support and International Trade etc.
SCCI collects data from individuals using emails, online registration forms, phone calls and meetings. The information collected by SCCI is only used when there is a legitimate business requirement to provide our support, services or marketing activities in accordance with our terms and conditions.
Non-personal information and data may be automatically collected through the standard operation of SCCI’s web servers and using cookies technology and/or Internet Protocol (IP) address tracking. Non-personal identification information may include information on the browser used, the type of device, the operating system, the Internet service providers and other similar information. SCCI’s web server automatically collects unidentifiable information on top viewed and visited pages and links on our website, entry and exit points, number of forms completions, time spent on pages, top keywords used offsite to lead traffic to the SCCI website, your IP address, the areas visited on the SCCI website and device event information such as system activity, crashes, hardware settings and browser type etc. Most browsers are set to accept cookies. Cookies can be controlled within the settings of the browser; however, if cookies are disabled the full functionality on the SCCI website may not be available to you. The information collected allows SCCI to develop and custom the services we offer to meet needs and demands, as well as bring to your attention member services, training opportunities, international trade, events and networking.
Use of Data
SCCI uses business information to operate, maintain and provide all features of the services included within membership. SCCI processes all data received solely in accordance with the directions provided by the user. Data collected by SCCI is used to provide information in relation to membership, the website, services customer administration, account management with existing members, prospecting new members etc.
SCCI operates an email mailing list system which is used to inform subscribers about services, events, training, and business news. Users subscribe and opt to receive these communications. Users can unsubscribe at any time or update individual mailing preferences within the profile settings. Email marketing messages may contain tracking beacons/tracked clickable links or similar server technologies to track subscriber activity within email marketing messages. Where used, such marketing messages may record a range of subscriber data relating to engagement, geographic, demographics and already stored subscriber data. For more information visit https://mailchimp.com/legal/privacy/.
SCCI partners with third parties to provide a range of services within membership. SCCI may pass your information to its third-party service providers for the purposes of completing tasks and providing services to its members on SCCI’s behalf. SCCI only discloses the personal information that is necessary to deliver the service and has a contract in place that requires them to keep users information secure.
If you are not a member of SCCI you can receive communications by providing your consent. Non-member data is received through networking (e.g. business cards and event registrations) and these details, if relevant may be added to our Customer Relationship Management (CRM) system or other data management systems.
SCCI provides users with full control of the use of their data and can request amends or update preferences at any point.
SCCI uses reasonable safeguarding measures to ensure data and personal information is secure. The measures are in place are relevant and compliant with any governing legislation that is relevant to the type of information and data stored. Measures in place to protect the integrity, confidentiality and availability of the personal information held by SCCI.
Only SCCI employees and third-party partners are granted access to information. SCCI staff are trained on security systems and relevant processes are regularly reviewed for ongoing effectiveness. Third parties are only entitled to process data in accordance and under strict instruction of any service level agreements. Systems and procedures are in place to deal with any suspected data security breaches. Users will be notified where relevant and any applicable regulator will also be notified of any security breach where SCCI is legally required to do so. Data collected by SCCI, whether it be offline or online, is stored on the companies CRM system and other data management systems. Information provided by the user via the SCCI website is secured using Secure Socket Layer (SSL) server.
SCCI stores collected data within a CRM system and other appropriate data management systems, both electronic and paper based. Data will not be disclosed to any other third party unless prior consent has been issued from the users. The data will not be transferred to any agency located outside of the European Union. On an ongoing basis SCCI will undertake the following with regards to retention of data:
- Review the duration that data is kept and stored
- Review the purpose/s for which data is held
- Securely delete any data that is no longer deemed a requirement by SCCI
- Securely delete, archive or update any data that is no longer valid or out of date
Third Party Sites
SCCI is a membership and business support organisation and for its legitimate business interests, must contain contact information on current members and the wider business community to provide information on membership, events, international trade, training courses, policy and research and any other products or services deemed relevant by SCCI. SCCI also send promotional material in relation to the above. SCCI partners relevant organisations and businesses to promote services that may be of interest to members and the wider business community. In these instances, SCCI may communicate the organisations or businesses information on their behalf. If you do not want to or no loner wish to receive these communications, you may opt out. Every marketing email sent by SCCI includes an unsubscribe link within the footer. You cannot opt out of important information that SCCI is required to provide you as per the contractual obligations that are included within membership.
All information entered in the ‘Billing’ section of the online application form (i.e. Credit Card information) is instantly transmitted over a TLS encrypted connection to a secure server who process your payment. None of your billing information is ever seen or stored by SCCI.
Access, Review and Correction
GDPR legislation gives you the right to access your personal data that is stored by SCCI (“subject access requests”). If you have an established business relationship with SCCI, you may request from us a list of the categories of personal information held about you. Subject access requests must be made formally in writing to the details contained within the Privacy Rights section. SCCI will endeavour to respond within a reasonable period to the request and in any event within one month as required by the relevant provision in the GDPR.
The data held about you needs to be up-to-date, accurate and current. SCCI will take all reasonable steps and measures to ensure that the personal data held and stored is accurate. SCCI have implemented procedures to assist with reviewing personal information and providing the opportunity to update the data held. SCCI will request that you verify your identity prior to the fulfilment of a subject access request.
At any point you have the right to request that SCCI stops using your information. If you wish to exercise these rights, please send a letter titled “Data Protection” to SCCI’s offices at Albion House, Savile Street, Sheffield S4 7UD or email email@example.com. If you have further concerns about the use of your data by SCCI, you have the right to log a complaint at any time to the Information Commissioners Office (ICO). The ICO is the UK’s independent authority for matters relating to data protection. Please visit https://ico.org.uk/ for more information on your data protectio