The UK General Data Protection Regulation (UK GDPR) 2016 replaces the EU Data Protection Directive of 1995 and supersedes the laws of individual Member States that were developed in compliance with the Data Protection Directive 95/46/EC. Its purpose is to protect the “rights and freedoms” of natural persons (i.e., living individuals) and to ensure that personal data is not processed without their knowledge, and, wherever possible, that it is processed with their consent.
The type of personal information we collect
We currently collect and process the following information:
- Role or position within your organisation
- Contact details, work mobile and office telephone number(s)
- Business email address
- Organisational details (such as office address).
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you so we may provide services related to our Membership Agreement.
We also receive personal information indirectly, from third-party vendors and publicly available information, from sources such as companies house, LinkedIn.
We may share some information (eg, name, role or position, dietary requirements) with event organisers, catering organisations and/or other members in TheCityUK membership.
Under the UK GDPR, the lawful basis we rely on for processing this information is the fact we have a contractual obligation under Article 6(b) European Data Protection Law 2016 where processing is necessary for the performance of a contract.
How will we store your personal information.
All personal data that is processed by TheCityUK, is held securely within our Microsoft Dynamics, Customer Relationship Managed system. Access to our CRM is via TheCityUK trained employees with password access and assigned credentials.
We will keep your personal data such as name, mobile and landline contact numbers, email address(s), position and role with an organisation, for the duration of your membership with TheCityUK.
As per TheCityUK Retention and Deletion Policy all electronic, soft copies or hardcopies of personal data will be reviewed on a regular basis i.e., every 12 months, whether held electronically on our devices or on paper, to decide whether to destroy or delete any data once the purpose for which those documents or files were created is no longer relevant.
Data protection rights
Under data protection law, you have rights including:
- Right of access: you have the right to ask us for copies of your personal information.
- Right to rectification: you have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
- Right to erasure: you have the right to ask us to erase your personal information in certain circumstances.
- Right to restriction of processing: you have the right to ask us to restrict the processing of your personal information in certain circumstances.
- Right to object to processing: you have the the right to object to the processing of your personal information in certain circumstances.
- Right to data portability: you have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you.
Please contact us at firstname.lastname@example.org if you wish to make a rights request.
How to complain
If you have any concerns about our use of your personal information, you can make a complaint to us at for the attention of Mr David Mackey, Financial Controller by post at Sixth Floor, Fitzwilliam House, 10 St. Mary Axe, London, EC3A 8BF. By email at email@example.com or by telephone on 020 3696 0100.
You can also complain to the ICO if you are unhappy with how we have used your data.
The ICO’s address: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF
Helpline number: 0303 123 1113
ICO website: https://www.ico.org.uk