Privacy Policy

/Privacy Policy
Privacy Policy 2018-06-18T13:42:35+00:00

1. DEFINITIONS

The GDPR Regulations Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
The Company Nottinghamshire Manufacturing Network (herein ‘NMN)
Us NMN
We NMN
Our Belonging to NMN
Data Subject Any person whose personal data has been or is being processed by NMN
LIA Legitimate Interest Assessment (sometimes referred to as a “balancing test”)
ICO Information Commissioners Office


2. INTRODUCTION

  • This Privacy Notice explains how NMN collects and uses personal data.
  • The notice details how the Company complies with the requirements of The GDPR Regulations.
  • NMN is the data controller.
  • This privacy notice relates to personal data from individuals not currently employed by the company.
  • Similar details for employees can be found in the internal document “Privacy Policy”

3. WHO WE ARE

  • NMN is the data controller as defined in Chapter IV of the GDPR Regulations.
  • The company can be contacted at Nottingham Manufacturing Network, Advanced Manufacturing Building, 522 Derby Road, Nottingham, NG8 1BB
  • Our privacy officer can be contacted at the above address FAO: The Chairman.

4. JUSTIFICATION FOR PROCESSING PERSONAL DATA

  • To register individuals as members of NMN.
  • To respond to requests for information from individuals and stakeholders.

5. LEGAL BASIS FOR COLLECTING AND PROCESSING PERSONAL DATA

  • In accordance with article 6 of the GDPR regulations, we are required to establish legal bases for processing data.
  • Those legal bases must be derived from at least one of the six valid grounds for processing in article 6.
  • We have established the following as our legal basis for processing data:
5.1 LEGITIMATE INTERESTS FOR PROCESSING DATA
  • Before “Legitimate Interests” are used as a legal basis for processing the company will carry out and record legitimate interest assessments (LIA).
  • The LIA’s will balance our legitimate interests with the data protection rights of individuals.
  • The legitimate interests for which the company processes personal data include:
  • To carry out direct marketing of our services in line with recital 47 of the GDPR Regulations.
  • To process data belonging to those who have a relevant and appropriate relationship with the company.
  • Where the data subjects might reasonably expect the company to process their data. This may include occasions                                                                                                                                                 where data subjects have browsed services on the company’s web site.

6. PERSONAL DATA

6.1 WHAT IS PERSONAL DATA
  • Personal information is information which we hold and which uniquely identifies and is related to an individual person.
  • Such data could include:
  • Contact details.

 

6.2 WHAT PERSONAL DATA DO WE COLLECT
  • The data listed below refers only to the personal data of individuals
PERSONAL DATA PURPOSE LEGAL BASIS
Members’ name, address, telephone number, email address. Supply and receive communication updates
  • Legitimate interest
Name, address, telephone number and email address of previous members. Marketing activities
  • Legitimate interest
Name, address, telephone number and email address of potential new members in appropriate marketing sectors. Marketing activities
  • Legitimate interest
Photographs of members. Advertising & marketing activities
  • Legitimate interest

 

6.3 HOW DO WE COLLECT PERSONAL DATA
  • We collect the personal data tabulated above by the following means:
  • Correspondence with members, stakeholders, previous members & potential new members.
  • Still photography.
  • Information provided by individuals on our website.

 

6.4 WHAT WE WILL DO WITH PERSONAL DATA
  • We will use personal data as follows:
  • Market our services and capabilities
  • Provide appropriate marketing information to existing and potential members

 

6.5 WHAT WE WILL NOT DO WITH PERSONAL DATA
  • We will not sell personal data to third parties.
  • We will not provide marketing materials other than as permitted in Recital 47 of the GDPR Regulations to individuals who it is reasonable to suspect would be interested in our services.
  • We will not pass on personal data to third parties unless we have a legal obligation to do so or are instructed by the data subject.
  • We will not transfer or store personal data outside of Europe (the European Economic Area) outside of the control of the UK / European regulations.

 

6.6 HOW WILL WE SECURE PERSONAL DATA
6.6.1 STORING THE DATA

  • Personal data is stored on the company cloud based server, hosted by an external IT provider.
  • Email correspondence remains with the person sending and receiving emails.

 

6.7 SHARING PERSONAL DATA
6.7.1 WHY WE SHARE PERSONAL DATA

  • We may share personal data with others for the following reasons:
  • In order for us to carry out our legitimate interests (section 5.1)
  • Where we are instructed to do so by enforcement authorities.
  • Where the data subject has requested we share the data with specific third parties. In such cases the identity of the data subject making the request will be verified (section 7.)
  • Where the data is required to demonstrate compliance with national and international standards.

 

6.7.2 WHO WE SHARE PERSONAL DATA WITH

  • We may share personal data with the following:
  • Members within our company
  • Third parties who provide services to us such as IT providers
  • Legal counsel in situations where disputes arise
  • Government departments
  • Police and other enforcement officers such as HSE

 

6.8 TRANSFERRING PERSONAL DATA OUT OF THE UK
  • We do not transfer personal data outside of the UK.
  • Third parties with whom we share personal data are contracted not to transfer data outside the UK.

 

6.9 RETENTION PERIODS FOR PERSONAL DATA
  • Retention periods for personal data are as follows:
DATA RETENTION PERIOD
Data relating to contracts inc. all training Minimum of ten years
Financial data Minimum of twelve years
Health and safety data Minimum of ten years

 

6.9.1 STATUTORY AND REGULATORY RETENTION
  • We are bound by national and international legislation to keep certain types of data for specified periods.

7. RIGHTS OF A DATA SUBJECT

  • The rights detailed in this section of the privacy notice are granted to data subjects upon proof of the data subject’s identity.
  • Proof of identity will be provided by the presentation of one form of approved photographic evidence plus one other printed (not hand written) document such as a utility bill or birth certificate.
  • Passports and driving licences are the only forms of approved photographic evidence.
  • To exercise any of the rights listed below, data subjects should contact the company’s privacy officer.
  • Our privacy officer will respond to contacts from data subjects within one month of receipt.
  • It may not be possible for the company to comply with the requests of data subjects.  If this is the case, the privacy officer will inform the data subject of the grounds for non compliance.
7.1 RETENTION PERIODS FOR PERSONAL DATA
  • Data subjects have the right to receive transparent, concise, intelligible and easily accessible information from the company in a clear and plain language.

 

7.2 RIGHT OF ACCESS TO PERSONAL DATA (Article 15 GDPR)
  • All data subjects have the right to request access to the personal data we hold about them.
  • Data subjects have the right to know whether we hold and process personal data about them and also:
  • The purpose of processing their data
  • The categories of personal data
  • Who has access to the data
  • The retention period of the data
  • The source of the data
  • Details of any automated decision making using their data

 

7.3 RIGHT TO RECTIFICATION OF PERSONAL DATA (Article 16 GDPR)
  • Data subjects have the right to request rectification of incorrect or out dated data and the completion of incomplete data.

 

7.4 RIGHT TO ERASURE OF PERSONAL DATA (Article 17 GDPR)
  • Data subjects have the right to request complete erasure of their personal data. “The right to be forgotten”, where any of the following apply:
  • Processing the data is no longer necessary
  • Lack of legitimate grounds for processing
  • Unlawful possession of the data
  • There is a legal reason for erasure

 

7.5 RIGHT TO RESTRICTION OF PROCESSING (Article 18 GDPR)
  • Data subjects have the right to restriction of processing where any of the following apply:
  • The data subject contest the accuracy of the data
  • Lack of legitimate grounds for processing but the data subject does not require erasure

 

7.6 RIGHT TO DATA PORTABILITY (Article 20 GDPR)
  • Data subjects have the right to request the receipt of their personal data in order to transfer it to another data controller.

 

7.7 RIGHT TO OBJECT
  • Data subjects have the right to object to the use of their personal data for direct marketing

8. AUTOMATED DECISION MAKING DURING DATA PROCESSING

  • We do not use personal data for automated decision making with regard to data subjects.

 

9. FURTHER INFORMATION

9.1 FURTHER INFORMATION AND GUIDANCE
  • Further information and guidance may be obtained from the Information Commissioners Office (ICO)

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

 

9.2 CONTACT US
For specific information regarding the way we process personal data please contact our privacy officer.

 

10. REVISIONS

DATE PAGES/SECTIONS ISSUE STATUS AMENDMENT DETAILS
20 March 2018 All Issue 1 First issue of Policy