Privacy Policy
CLM Enterprises
Data Protection & Privacy Policy
February 2018
CLM Enterprises (“CLME”) uses personal data for general church administration and communication purposes. CLME recognises the importance of the correct and lawful treatment of personal data. All personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the General Data Protection Regulation (GDPR) 2017.
GDPR specifies the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation and storage of personal data. Employees and any others who obtain, handle, process, transport and store personal data for CLME must adhere to these principles.
1. Be processed fairly and lawfully and shall not be processed unless certain conditions are met.
2. Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
3. Be adequate, relevant and not excessive for those purposes.
4. Be accurate and where necessary, kept up to date.
5. Not be kept for longer than is necessary for that purpose.
6. Be processed in accordance with the data subject’s rights.
7. Be kept secure from unauthorised or unlawful processing and protected against accidental loss, destruction or damage by using the appropriate technical and organisational measures.
8. Not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
Your personal data – what is it?
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be by the information alone or in conjunction with any other information. The processing of personal data is governed by [the Data Protection Bill/Act 2017 the General Data Protection Regulation 2016/679 (the “GDPR” and other legislation relating to personal data and rights such as the Human Rights Act 1998].
Who are we?
This Privacy Notice is provided to you by CLM Enterprises (“CLME”) which is the Data Controller for your data. The administration and oversight of personal data is facilitated by the Database Administrators.
How do we collect information from you?
CLME only collects and records data that you provide to us, unless we are required to seek external verification for legal reasons.
In what ways do we collect and store data:
o By making an enquiry through our web site (form)
o By making a booking which results in a quotation and invoice being generated by our system
What type of information is collected from you?
CLME will process some or all of the following information where provided by you:
-
Names, titles, and address information pertaining to your enquiry and booking;
-
Contact details such as telephone numbers, addresses, and email addresses;
-
Where you attend a course, training event, we may capture the fact you attended to help us with our planning and coordination of activities.
-
If you visit our web site we may capture your IP address (the unique address of the device you are using) for statistical and security purposes.
-
If you make a purchase a product from us, and pay by credit card, your card information will not be held or stored by us beyond the initial processing. Card information is collected by our third-party payment processor, who specialise in the secure online capture and processing of credit/debit card transactions.
How is your information used?
CLME will comply with its legal obligations to keep personal data up to date; to store and destroy it securely; to not collect or retain excessive amounts of data; to keep personal data secure, and to protect personal data from loss, misuse, unauthorised access and disclosure and to ensure that appropriate technical measures are in place to protect personal data.
CLME may use your personal data for some or all of the following purposes:
-
To enable us to meet all legal and statutory obligations;
-
To respond to enquiries for conferencing events.
-
To contact you to plan your event and discuss your specific requirements.
-
To collect feedback on conferencing events you have booked.
-
To place orders for Items required for conferences with external suppliers
-
To maintain accurate and up to date records or our employees.
-
Our processing also includes the use of CCTV systems for the prevention and prosecution of crime.
Who has access to your information?
-
CLME will not sell or rent your information to third parties.
-
CLME will not share your information with third parties for marketing purposes.
Third Party Service Providers working on our behalf:
We may pass your information to our third-party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks, and providing services to you on our behalf (for example to credit or debit card payments).
When we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for any other purpose.
CLME will never release your information to third parties for commercial purposes (e.g. for marketing), unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
How long do we keep your personal data?
Other than where there is a legal or regulatory requirement, CLME will not retain personal information or records beyond that which is necessary. In practice:
-
CLME will delete personal information/ records if asked to do so by an individual (your right to be forgotten);
-
Maintain regular monitoring of databases
-
Approximately every two years, undertake deep cleanse of the database.
CLME will keep some records permanently if we are legally required to do so.
CLME may keep some other records for an extended period of time. For example, it is current best practice to keep financial records for a minimum period of six years to support HMRC audits. In general, CLME will endeavour to keep data only for as long as we need it. This means that we may delete it when it is no longer needed.
Access to your information and corrections
You have the right to request a copy of the information that we hold about you.
If you would like a copy of some or all of your personal information, please email or write to The CLME Data Controller at the email address listed at the end of this documents under ‘Contact Details’. We may make a small charge for this service. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
For information about CLME’s policy on ‘Access your information and corrections’, please refer to the following document www.thewelcomecentre.co.uk/privacy
Cookies
Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity.
For further information visit www.aboutcookies.org or www.allaboutcookies.org.
You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.
What is the legal basis for processing your personal data?
Most of our data is processed because it is necessary for our legitimate interests, or the legitimate interests of a third party. We will always take into account your interests, rights and freedoms.
Some of our processing is necessary for compliance with a legal obligation. We may also process data if it is necessary for the performance of a contract with you, or to take steps to enter into a contract. An example of this would be processing your data in connection with the hire of church facilities.
Where your information is used other than in accordance with one of these legal bases, we will first obtain your consent to that use.
Transfer of Data Abroad
Any electronic personal data transferred to countries or territories outside the EU will only be placed on systems complying with measures giving equivalent protection of personal rights either through international agreements or contracts approved by the European Union. Our website is also accessible from overseas so on occasion some personal data (for example in a newsletter / twitter feed / google info) may be accessed from overseas.
Further processing
If we wish to use your personal data for a new purpose, not covered by this Notice, then we will provide you with a new notice explaining this new use prior to commencing the processing and setting out the relevant purposes and processing conditions. Where and whenever necessary, we will also seek your prior consent before processing.
Changes to our privacy policy
We keep our privacy policy under regular review and we will place any updates on this website.
This privacy policy was last updated on 08th February 2018.
Contact Details
Please contact us if you have any questions about this Privacy Notice or the information we hold about you or to exercise all relevant rights, queries or complaints.
The Data Controller
Email: datacontroller@clmchurch.co.uk
You can contact the Information Commissioners Office on: 0303 123 1113
* https://ico.org.uk/global/contact-us/email/ or at the
+ Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.
Further Information
The General Data Protection Regulation (GDPR)
eugdpr.org/
ico.org.uk/for-the-public/