Privacy Notice


We are the Bailiwick of Guernsey Data Protection Association (“BGDPA“) (“our“), (“us“) (“we“), a not-for-profit organisation based in Guernsey, Channel Islands (Guernsey registered number NP240).  Our website is at: (the “our site“).

Our principal place of business is at BGDPA, C/O Midshore Consulting, Trinity Square Centre, Upper Mansell Street, St Peter Port, Guernsey, GY1 1LY.

For the purpose of the Data Protection (Guernsey) Law, 2017 (as amended) (“Data Protection Law“), we are the controller.  We have outsourced the administration of our site and the day-to-day running of the association to Midshore Consulting as processor on our behalf.

This privacy notice (together with our terms of use and any other documents referred to in it) sets out the basis on which any personal information we collect from you, or that you provide to us (“personal information“) will be processed by us.

Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.

  1. What personal information do we collect?

We may collect and process personal information based on the data you provide us, when you:

  • register your interest to become a member of the BGDPA directly;
  • apply for BGDPA membership either by completing an online form on our site (such as the BGDPA membership application form) or by contacting us by phone, email or otherwise;
  • sign-up to attend a BGDPA event (or BGDPA-linked event) via Eventbrite (a third –party who manages our events registration) as a member or non-member;
  • any interactions you have with our committee members, for example where you contact us following a briefing or presentation or via information you provide to us on social media (e.g. where you send us a message via LinkedIn or where you sign up to an event via Eventbrite);
  • report a problem with our site; and
  • contact us to provide feedback on the service or make an enquiry.

The personal information you give us (referenced above) may include the following categories:

  • your first and last name and your contact details (such as email address, postal address and telephone number);
  • your professional information (your job title, your place and sector of work);
  • billing information (including payment details). We reserve the right to request additional evidence or proof of billing information where we think this is necessary; and
  • correspondence and communications between us and you.

We do not intend to collect any special category data relating to you.

By giving your personal information to us, you confirm that all such information is, at any time, true, accurate and complete.

You must not provide information about anyone else unless you have their permission to do so.

We may also automatically collect the following data about you each time you visit our site: technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, status message given, request header, URL browser type and version, language (via browser) time zone setting, browser plug-in types and versions, location, Internet Service Provider (ISP) operating system and platform, device category type and device info (if appropriate).

  1. Do you use cookies and if so, how?

We do not currently use any cookies on our site when you browse.

  1. Why do we need your personal information?

We may hold and process your personal information on the following lawful grounds:

  • the processing is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests;
  • the processing is necessary to comply with our legal obligations; and
  • occasionally, where we have obtained your consent to processing your personal information for a specific purpose (you may withdraw your consent at any time).

We may use your personal information for the following purposes:

  • to process membership subscriptions, including processing payments;
  • to further our objectives by, for example, managing your membership and delivering member benefits (such as training) to you;
  • to invite you to events, or send you marketing material (such as briefing notes and legal updates);
  • to administer our site in the most effective way possible and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  • to assess, operate and improve our site to perform the objectives for which BGDPA is established;
  • as part of our efforts to keep our site safe and secure;
  • to make suggestions and recommendations to you and other users of our site about services that may interest you or them; and
  • to comply with our legal, tax and regulatory obligations (as relevant).

To the extent that we have relied on our legitimate interests in order to process your personal data, these are set out in paragraphs (a) – (g) above.

Where we process for our legitimate interests, you have the right to object to such processing (see below in relation to your rights). Please bear in mind that if you do object, this may affect our ability to carry out the tasks above for your benefit.

We do not make any decisions about you based on automated processing of your personal information.

  1. Will we share your personal information with anyone else?

We may also disclose your personal information to:

  • BGDPA committee members;
  • third party processors who may process your personal information on our behalf (such as Midshore Consulting and their sub-processors, Google cloud services (a US company with data servers based in The Netherlands, as referenced in section 8 below) and Eventbrite (a US company subject to EU-US Privacy Shield, as referenced in section 5 below);
  • third party service providers which are themselves data controllers, such as professional advisers, banks and PR agencies;
  • third parties in the course of providing membership benefits and products;
  • to any central or local government department and/or other statutory body or public body as required; and
  • to any regulatory, enforcement or exchange body or court where we are legally compelled to do so by applicable law, regulation or order.


  1. Direct marketing

We may ask whether you wish to receive marketing from us and this will be presented to you as an option on the relevant application form or page on our site, where necessary. We may also contact you by email or other means to inform you about other services or events which may be of interest to you.

You have the right at any time to stop us from contacting you for marketing purposes. If you wish to do so, please either unsubscribe or contact

We use Eventbrite (a US company subject to EU-US Privacy Shield) to manage our events registration.  For more information as to how Eventbrite uses your personal information, please refer to their privacy notice which is available via:

  1. Retention of personal information and security

Your personal information will be retained for as long as required:

  • to fulfil the purposes for which the personal information was collected (as set out in section 3 above);
  • in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations;
  • as required by data protection laws and any other applicable laws or regulatory requirements.

Additionally, we may also retain personal data in some circumstances for a period of at least 7 years in order to ensure that we are able to answer and deal with any queries, complaints, tax enquiries or investigations or any legal proceedings which may arise.

We will ensure that the personal information that we hold is subject to appropriate security measures.

  1. Where do we store your personal information?

The personal information we collect from you may be processed in (including being accessed in or stored in) a country or territory outside your home country, including outside the European Economic Area (“EEA“).

Where we transfer data to another jurisdiction, which does not offer the same level of protection of personal data as may be enjoyed within your home country, we will ensure that your data is appropriately protected. Any personal data shared to LinkedIn, Eventbrite is subject to the EU-US Privacy Shield Framework.

  1. Security

All information you provide to us is stored on our secure servers – these are primarily stored via our Google cloud account (whose servers are based in The Netherlands). Google’s privacy policy is available via:

We take steps to ensure that your personal information is protected against unauthorised loss or disclosure. Your connection to our website is fully encrypted.  If you would like more information regarding the technical specifications, please feel free to contact us.

Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

We do not knowingly collect information about anyone under 18 years of age.

Our site may, from time to time, contain links to and from the websites of other affiliates or partners.

If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.

  1. What are your rights?

You have certain rights under the Data Protection Law.

You have the right to apply for a copy of the personal data we hold about you and to have any inaccurate personal data about you rectified.

In some circumstances you may also have the right to ask us to erase your personal data or restrict its processing.

Where we process your data for our legitimate interests, you have the right to object to such processing.

Where our processing is based on consent, you may withdraw your consent by emailing

Please bear in mind that if you object to processing or withdraw your consent, this may affect our ability to provide you with membership benefits.

Should you wish to discuss the exercise of any your rights, please contact us as set out below.

You also have the right to lodge a complaint about the processing of your personal information either with us, with the Office of the Data Protection Authority in Guernsey (

  1. How do you contact us?

Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to

  1. Changes to our privacy notice

Any changes we make to our Privacy Notice in the future will be posted on this page.

This privacy notice was last updated on 26th March 2020.