1. DEFINITIONS
The GDPR Regulations | Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 |
The Company | Nottinghamshire Manufacturing Network (herein ‘NMN) |
Us | NMN |
We | NMN |
Our | Belonging to NMN |
Data Subject | Any person whose personal data has been or is being processed by NMN |
LIA | Legitimate Interest Assessment (sometimes referred to as a “balancing test”) |
ICO | Information Commissioners Office |
2. INTRODUCTION
- This Privacy Notice explains how NMN collects and uses personal data.
- The notice details how the Company complies with the requirements of The GDPR Regulations.
- NMN is the data controller.
- This privacy notice relates to personal data from individuals not currently employed by the company.
- Similar details for employees can be found in the internal document “Privacy Policy”
3. WHO WE ARE
- NMN is the data controller as defined in Chapter IV of the GDPR Regulations.
- The company can be contacted at Nottingham Manufacturing Network, Advanced Manufacturing Building, 522 Derby Road, Nottingham, NG8 1BB
- Our privacy officer can be contacted at the above address FAO: The Chairman.
4. JUSTIFICATION FOR PROCESSING PERSONAL DATA
- To register individuals as members of NMN.
- To respond to requests for information from individuals and stakeholders.
5. LEGAL BASIS FOR COLLECTING AND PROCESSING PERSONAL DATA
- In accordance with article 6 of the GDPR regulations, we are required to establish legal bases for processing data.
- Those legal bases must be derived from at least one of the six valid grounds for processing in article 6.
- We have established the following as our legal basis for processing data:
5.1 LEGITIMATE INTERESTS FOR PROCESSING DATA | ||
|
||
|
6. PERSONAL DATA
6.1 WHAT IS PERSONAL DATA | ||
|
||
|
6.2 WHAT PERSONAL DATA DO WE COLLECT | |
|
PERSONAL DATA | PURPOSE | LEGAL BASIS | |
Members’ name, address, telephone number, email address. | Supply and receive communication updates |
|
|
Name, address, telephone number and email address of previous members. | Marketing activities |
|
|
Name, address, telephone number and email address of potential new members in appropriate marketing sectors. | Marketing activities |
|
|
Photographs of members. | Advertising & marketing activities |
|
6.3 HOW DO WE COLLECT PERSONAL DATA | ||
|
||
|
6.4 WHAT WE WILL DO WITH PERSONAL DATA | ||
|
||
|
6.5 WHAT WE WILL NOT DO WITH PERSONAL DATA | |
|
6.6 HOW WILL WE SECURE PERSONAL DATA | |
6.6.1 STORING THE DATA
|
6.7 SHARING PERSONAL DATA | ||
6.7.1 WHY WE SHARE PERSONAL DATA
|
||
|
6.7.2 WHO WE SHARE PERSONAL DATA WITH
|
||
|
6.8 TRANSFERRING PERSONAL DATA OUT OF THE UK | |
|
6.9 RETENTION PERIODS FOR PERSONAL DATA | |
|
DATA | RETENTION PERIOD | |
Data relating to contracts inc. all training | Minimum of ten years | |
Financial data | Minimum of twelve years | |
Health and safety data | Minimum of ten years |
6.9.1 STATUTORY AND REGULATORY RETENTION | ||
|
7. RIGHTS OF A DATA SUBJECT
- The rights detailed in this section of the privacy notice are granted to data subjects upon proof of the data subject’s identity.
- Proof of identity will be provided by the presentation of one form of approved photographic evidence plus one other printed (not hand written) document such as a utility bill or birth certificate.
- Passports and driving licences are the only forms of approved photographic evidence.
- To exercise any of the rights listed below, data subjects should contact the company’s privacy officer.
- Our privacy officer will respond to contacts from data subjects within one month of receipt.
- It may not be possible for the company to comply with the requests of data subjects. If this is the case, the privacy officer will inform the data subject of the grounds for non compliance.
7.1 RETENTION PERIODS FOR PERSONAL DATA | |
|
7.2 RIGHT OF ACCESS TO PERSONAL DATA (Article 15 GDPR) | ||
|
||
|
7.3 RIGHT TO RECTIFICATION OF PERSONAL DATA (Article 16 GDPR) | |
|
7.4 RIGHT TO ERASURE OF PERSONAL DATA (Article 17 GDPR) | ||
|
||
|
7.5 RIGHT TO RESTRICTION OF PROCESSING (Article 18 GDPR) | ||
|
||
|
7.6 RIGHT TO DATA PORTABILITY (Article 20 GDPR) | |
|
7.7 RIGHT TO OBJECT | |
|
8. AUTOMATED DECISION MAKING DURING DATA PROCESSING
- We do not use personal data for automated decision making with regard to data subjects.
9. FURTHER INFORMATION
9.1 FURTHER INFORMATION AND GUIDANCE | |
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ |
9.2 CONTACT US | |
For specific information regarding the way we process personal data please contact our privacy officer. |
10. REVISIONS
DATE | PAGES/SECTIONS | ISSUE STATUS | AMENDMENT DETAILS |
20 March 2018 | All | Issue 1 | First issue of Policy |