We are the Bailiwick of Guernsey Data Protection Association (“BGDPA“) (“our“), (“us“) (“we“), a not-for-profit organisation based in Guernsey, Channel Islands. Our website is at: www.bgdpa.gg (the “our site“).
Our principal place of business is at BGDPA, [C/O Midshore Consulting, Trinity Square Centre, Upper Mansell Street, St Peter Port, Guernsey, GY1 1LY. ]
For the purpose of the Data Protection (Guernsey) Law, 2017 (as amended) (“Data Protection Law“), we are the data controller.
Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it.
- What personal information do we collect?
We may collect and process personal information based on the data you provide us, when you:
- register your interest with us direct;
- apply for BGDPA membership either by completing an online form on our site (such as the BGDPA membership application form) or by contacting us by phone, email or otherwise;
- contact us following a briefing or presentation;
- report a problem with our site; and
- contact us to provide feedback on the service or make an enquiry.
The personal information you give us (referenced above) may include the following categories:
- your name and contact details (including telephone number (work and/or personal), home or work address and email address)
- your professional information (such as your job title, your email address and your place of work);
- billing information (including delivery address and payment details). We reserve the right to request additional evidence or proof of billing information where we think this is necessary;
- website registration credentials (including username and password); and
- correspondence and communications between us and you.
By giving your personal information to us, you confirm that all such information is, at any time, true, accurate and complete.
You must not provide information about anyone else unless you have their permission to do so.
- technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information (including username and password), status message given, request header, URL browser type and version, language (via Browser) time zone setting, browser plug-in types and versions, location, Internet Service Provider (ISP) operating system and platform, device category type and device info (if appropriate);
- we may also collect demographic data (such as age and gender).
- Why do we need your personal information?
We may hold and process your personal information on the following lawful grounds:
- the processing is necessary for our legitimate interests, provided your interests and fundamental rights do not override those interests;
- the processing is necessary to comply with our contractual duties;
- the processing is necessary to comply with our legal obligations;
- where it in your vital interests; and
- occasionally, where we have obtained your consent to processing your personal information for a specific purpose.
We may use your personal information for the following purposes:
- to process membership subscriptions including processing payments;
- to further our objectives by, for example, managing your membership and delivering member benefits (such as training) to you;
- to invite you to events, send you marketing material (such as briefing notes and legal updates);
- to administer our site in the most effective way possible and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- to assess, operate and improve our site to perform the objectives for which BGDPA are responsible;
- as part of our efforts to keep our site safe and secure; and
- to make suggestions and recommendations to you and other users of our site about services that may interest you or them.
To the extent that we have relied on our legitimate interests in order to process your personal data, these are set out in paragraphs (c) – (g) above.
Where we process for our legitimate business interests, you have the right to object to such processing (see below in relation to your rights). Please bear in mind that if you do object, this may affect our ability to carry out tasks above for your benefit.
We do not make any decisions about you based on automated processing of your personal information.
- Will we share your personal information with anyone else?
We may also disclose your personal information to:
- to other BGDPA members
- third party processors who may process your personal information on our behalf (such as our IT systems providers);
- third party service providers which are themselves data controllers such as professional advisers, banks and PR agencies;
- third parties in the course of providing membership benefits and products;
- analytics and search engine providers that assist us in the improvement and optimisation of our site including Google Analytics and Webmasters tools;
- to any central or local government department and other statutory body or public body as required; and
- to any regulatory, enforcement or exchange body or court where we are legally compelled to do so by applicable law, regulatory or order.
- Direct marketing
We may ask whether you wish to receive marketing from us and this will be presented to you as an option on the relevant application form or page on our site, where necessary. We may also contact you by email or other means to inform you about other services or events which may be of interest to you.
You have the right at any time to stop us from contacting you for marketing purposes. If you wish to do so, please either unsubscribe or contact email@example.com.
- Retention of personal information and security
Your personal information will be retained for as long as required:
- to fulfil the purposes for which the personal information was collected (as set out in section 3 above);
- in order to establish or defend legal rights or obligations or to satisfy any reporting or accounting obligations;
- as required by data protection laws and any other applicable laws or regulatory requirements.
Additionally, we may also retain personal data in some circumstances for a period of at least 7 years in order to ensure that we are able to answer and deal with any [queries, complaints, tax enquiries or investigations or any legal proceedings] which may arise.
We will ensure that the personal information that we hold is subject to appropriate security measures.
- Where do we store your personal information?
The personal information we collect from you may be processed in (including being accessed in or stored in) a country or territory outside your home country, including outside the European Economic Area (“EEA“).
Where we transfer data to another jurisdiction, which does not offer the same level of protection of personal data as may be enjoyed within your home country, we will ensure that your data is appropriately protected.
All information you provide to us is stored on our secure servers. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password confidential. We ask you not to share a password with anyone.
We take steps to ensure that your personal information is protected against unauthorised loss or disclosure. Your connection to our website is fully encrypted by a 256bit SSL (Secure Sockets Layer) certificate over HTTPS (Hypertext Transfer Protocol over SSL), details of our certificate can be found by clicking the padlock icon within your browser.
Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
We do not knowingly collect information about anyone under 18 years of age.
Our site may, from time to time, contain links to and from the websites of other affiliates or partners.
If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal information to these websites.
- What are your rights?
You have certain rights under the Data Protection Law.
You have the right to apply for a copy of the personal data we hold about you and to have any inaccurate personal data about you rectified.
In some circumstances you may also have the right to ask us to erase your personal data or restrict its processing.
Where we process your data for our legitimate interests, you have the right to object to such processing.
Where our processing is based on consent, you may withdraw your consent by emailing firstname.lastname@example.org.
Please bear in mind that if you object to processing or withdraw your consent, this may affect our ability to provide you with membership benefits.
Should you wish to discuss the exercise of any your rights, please contact us as set out below.
You also have the right to lodge a complaint about the processing of your personal information either with us, with the Office of the Data Protection Authority in Guernsey (https://odpa.gg).
- How do you contact us?
Questions, comments and requests regarding this privacy notice are welcomed and should be addressed to email@example.com.
- Changes to our privacy notice
Any changes we make to our Privacy Notice in the future will be posted on this page.
This privacy notice was last updated on 16/05/2019.