This Privacy Notice applies to the website located at http://www.londonmidtown.org/ (“website”) owned by Midtown Business Club whose address is Firethorne House, Station Road, Alvescot, Oxon OX18 2PS (“Midtown Business Club”). The terms “we”, “us”, “our” and “ours” when used in this Privacy Notice mean the Midtown Business Club’s Secretary, Board, Membership Committee and Officers. The terms “you”, “your” and “yours” when used in this Privacy Notice mean any user of our services, any user nominated by a member’s lead representative, our website, our events or enquirer.
1. Scope of Privacy Notice
1.1 We are committed to maintaining the privacy and confidentiality of information provided by you or your company’s lead representative to us. This Privacy Notice describes our current policies and practices with regard to Personal Data collected by us from you or your company’s lead representative directly, a previous contact with the Club such as attending one of our events, as a member’s nominee and/or through the website.
1.2 The term ‘Personal Data’ refers to personally identifiable information about you, such as your name, job description, company name, e-mail address, telephone contact numbers or mailing address and is defined in the Data Protection Act 1998, the EU General Data Protection Regulation and any subsequent legislation (Data Protection Law).
1.3 Please note that by submitting Personal Data manually or in electronic form to us and/or by using our website you give your consent that all Personal Data you submit on each occasion may be processed by Midtown Business Club, in the manner and for the purposes described in this Privacy Notice.
2. Notification of changes to Privacy Notice
2.1 We are continually improving our methods of communication and adding new functionality and features to this website and to our existing services/fields of activities.
2.2 Because of these ongoing changes, changes in the law and the changing nature of technology, our data practices will change from time to time. If and when our data practices change, we will notify you of the changes via this page. We encourage you to check this Privacy Notice frequently.
3. Collection of data
3.1 Midtown Business Club is a membership organisation. We collect Personal Data of our members but also certain Personal Data of visitors to our events, nominated potential members, past members and people who have signed up via our website to receive event invitations and newsletters.
3.2 You may provide us with your Personal Data in order to receive information or services from us, including publishing your personal data in a members only, password protected area of our site to encourage networking outside of events. We may request personal information about you such as your title, name, job title, company name, business activity, social media ‘handles’, postal address, email address, telephone numbers, your photo and we may ask for information which enables us to provide a personalised service to you. The information you give us is either manually or electronically stored in our databases and servers.
3.3 We sometimes supplement the information that you provide with information that is received from third parties. For instance, if inaccurate post codes are received, we will use third party software to correct/complete them.
3.4 We also reserve the right to monitor and/or record your communication with us by mail, email, visits to our website or any other form of transmission for the purposes of quality control, security and other business needs. Any Personal Data contained in such recorded information will be processed in accordance with the terms of this Policy.
3.5 We may also receive your Personal Data from our service providers, agents, advisers or partners. Where Personal Data is disclosed to us by third parties, it is the obligation of the disclosing party to ensure such Personal Data is disclosed with requisite authority and consent and we will process such Personal Data in accordance with this Privacy Notice.
4. Use of Personal Data
4.1 We will use your Personal Data to fulfil your instructions and requirements and we will ask only for data that is adequate, relevant and not excessive for those specific and limited purposes. Where we send you information for any purpose, it may be sent by email or post.
4.2 When we ask you for Personal Data it may be for some of the following purposes:
4.2.1 to provide the information or services you have requested or have received in the past;
4.2.2 to process your request for information or advice;
4.2.3 for the purposes of accounting;
4.2.4 to contact you to inform you of our events;
4.2.5 to send you updates on issues we think will be of interest to you;
• to create a members contact list;
• to send you requested information on our organisation;
• to inform you of information and services provided by us, other members of the Midtown Business Club or third parties whose information and/or services we think you may be interested in; we may contact you by letter, telephone or email for this purpose;
• for marketing or market research purposes; or
• to help diagnose any problems with our server, and administer our website.
4.3 We reserve the right to store personal and website data for a period of three years following the cessation of our services to you. Following that, non-identifiable, non-personal data, such as statistics may be stored for archival use and trend analysis.
4.4 We do not use Data Automation, Decision Making or Profiling technologies to segment or target members or third parties but do use standard MS Office Applications to sort data so that outgoing communications are personalised and relevant.
5. The legal basis for processing your Personal Data
In order to comply with applicable data protection laws, we are required to set out the legal basis for the processing of your Personal Data. In accordance with the purposes for which we collect and use your Personal Data, as set out above, the legal basis for processing your Personal Data will typically be one of the following:
• our own or our third parties’ legitimate business interests (for example, in maintaining and promoting our business by providing customers with feedback opportunities or other instances where we have carried out a legitimate interests assessment and have established an existing legitimate interest);
• the performance of a contract that we have in place with you;
• your consent where appropriate;
• to protect your vital interests; or
• compliance with our legal obligations.
6.1 We hope you will be pleased with our information and services. However, if you no longer wish to receive information from us and want to be removed from our regular standard mailing list, please email or post by contacting us at the address given?below. Please allow twenty eight days for the unsubscribe process to be completed. Remember that by stopping the information that you receive from us about our activities and projects may not benefit you.
6.2 If you do not want to receive unsolicited mail from any source, you can stop this by registering with the “Mailing Preference Service”. There are also telephone, fax and email preference services. For more information on the preference services, please visit the Direct Marketing Association’s website.
6.3 You may unsubscribe by emailing email@example.com or writing to Ann Cadogan, Secretary, MBC, Firethorne House, Station Road, Alvescot, Oxon OX18 2PS.
7. Data collected through your visits to our website(s)
7.1 In addition to the information we collect as described above, we may, from time to time, use technology to collect information about your use of our website. For example, we may use technology to track which pages of our website our visitors?view. We also use technology to determine which Web browsers our visitors use. This technology does not personally identify you – it simply enables us to compile statistics about our visitors and their use of our website.
7.2 Our website contains hyperlinks to other pages on our website. We may use technology to track how often these links are used and which pages on our website our visitors choose to view. Again this technology does not identify you personally – it simply enables us to compile statistics about the use of these hyperlinks.
7.3 We use these types of data to improve the content and functionality of our website and our e-mail updates, to better understand our customers and visitors, and to improve the services we offer.
8.1 In order to collect the anonymous data described in the preceding paragraph, we may use temporary ‘cookies’ that remain in the cookies file of your browser until the browser is closed.
8.2 Cookies by themselves cannot be used to discover the identity of the user. A cookie is a small piece of information which is sent to your browser and stored on your computer’s hard drive. Cookies do not damage your computer. You can set your browser to notify you when you receive a cookie. This enables you to decide if you want to accept it or not. For more information about cookies, including how to set your browser to reject them, please go to www.allaboutcookies.org.
8.3 We may also use your IP address to help diagnose problems with our server and to administer our website. An IP address is an assigned number, similar to a telephone number that identifies your computer on a network. Your IP address is also used to?gather broad demographic information.
8.4 We may also perform IP lookups to determine the domain you are coming from (e.g. aol.com, yourcompany.com) to gauge more accurately our users’ demographics.
9. Disclosure of your Personal Data
9.1 We do not share, sell or distribute your Personal Data with unrelated third parties,except as otherwise provided for in this Privacy Notice and under these limited circumstances:
9.1.1 We may share various details about you with other members of the Midtown Business Club, our partners, advisers and other agents in order to provide you with the specific information or services you require, may interest you or to support or look after materials or services you currently receive from us, such as business development and networking.
9.1.2 In order to provide you with the information which you have requested, Personal Data may occasionally be transferred or shared with third parties, who act for or with us, for further processing in accordance with the purposes for which the data was originally collected or for purposes to which you have consented.
9.1.3 Where you have consented, we may also disclose your Personal Data to other members and or event hosts or speakers who may contact you about their services that may interest you.
9.1.4 We may share, transfer or disclose the information in our databases and server logs to comply with a legal or regulatory requirement, for the administration of justice, to protect your vital interests, to protect the security or integrity of our databases or this website, to take precautions against legal liability, or in the event of a joint venture, collaboration, financing, sale, merger, reorganisation, change of legal form, dissolution or similar event.
9.1.5 Where appropriate, before disclosing Personal Data to a third party, we contractually require the third party to take adequate precautions to protect that Personal Data and to comply with applicable law.
9.1.6 For direct marketing purposes if we have first obtained your express “opt in” consent.
9.2 Where appropriate, before disclosing Personal Data to a third party, we contractually require the third party to take adequate precautions to protect that data and to comply with applicable law.
10. Data integrity and security
10.1 We strive to maintain the reliability, accuracy, completeness and currency of Personal Data in our databases and to protect the privacy and security of our databases. The security measures in place on our website and computer systems, aim to protect the loss, misuse or alteration of the information you provide to us. We keep your Personal Data only for as long as reasonably necessary for the purposes for which it was collected or to comply with any applicable legal or regulatory requirements, or our data retention policy.
11. Data subject rights
• Right to rectification. Data subjects may request that we rectify any inaccurate or incomplete personal data.
• Right to withdraw consent. Data subjects may at any time withdraw their consent to the processing of their personal data carried out by us on the basis of their previous consent. Such withdrawal will not affect the lawfulness of processing based on such previous consent.
• Right to make a subject access request (SAR). Data subjects may request in writing copies of their personal data. However, compliance with such requests is subject to certain limitations and exemptions and the rights of other individuals. Each request should make clear that a SAR is being made. You may also be required to submit a proof of your identity and any payment permitted by law, where applicable.
• Right to object to processing including automated processing and profiling. We do not make automated decisions about data subjects. However, we may rely on information provided by third parties such as credit reference agencies which may score data subjects on the basis of automated decisions. Profiling may be carried out for business administration purposes, such as monitoring trends in user visits of our website and in order to deliver relevant ads to users’ devices. We will comply with valid objection requests unless we have a compelling overriding legitimate ground for the continuation of our processing or we have another lawful reason to refuse such request. We will comply with each valid opt-out request in relation to marketing communications.
• Right to erasure. Data subjects may request that we erase their personal data. We will comply, unless there is a lawful reason for not doing so. For example, there may be an overriding legitimate ground for keeping the personal data, such as, our business record retention obligations that we have to comply with.
• Restriction. Data subjects may request that we restrict our processing of their personal data in various circumstances. We will comply, unless there is a lawful reason for not doing so, such as, a legal obligation to continue processing your personal data in a certain way.
• Right to data portability. In certain circumstances, data subjects may request the controller to provide a copy of their personal data in a structured, commonly used and machine-readable format and have it transferred to another provider of the same or similar services. We do not consider that this right applies to our Services. However, to the extent it does, we will comply with such transfer request. Please note that a transfer to another provider does not imply erasure of the data subject’s personal data which may still be retained for legitimate and lawful purposes.
• Right to lodge a complaint with the supervisory authority. We suggest that data subjects contact us about any questions or complaints in relation to how we process their personal data. However, each data subject has the right to contact the relevant supervisory authority directly, including the The Information Commissioner’s Office in the United Kingdom whose helpline is 0303 123 1113 and whose reporting a concern page is here ico.org.uk/concerns/
11.2 If you wish to exercise your rights relating to Personal Data held about you by the Midtown Business Club, please write to Ann Cadogan, Secretary, MBC, Firethorne House, Station Road, Alvescot, Oxon OX18 2PS or email firstname.lastname@example.org.
12. Inaccurate data
12.1 We encourage you to ensure that your Personal Data is accurate and kept up to date so please regularly update any information you have given to us by sending an email to email@example.com or by writing to us. We will correct, amend or delete any Personal Data that you notify us is inaccurate and notify any third party recipients of necessary changes.
13. Links to other websites
13.1 Our website may contain hyperlinks to websites that are not operated by us. Any such hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of these third-party websites or any association with their operators. We do not control these websites and are not responsible for their data or privacy practices. We urge you to review any Privacy Notice posted on any site you visit before using the site or providing any Personal Data about yourself.
14. Transfer of data abroad
14.1 We may store and transfer data to members of the Midtown Business Club and third party processors which may be located outside the EEA. Where your Personal Data is transferred outside the EEA we will ensure that the recipient agrees to keep your information confidential and hold it securely in accordance with the requirements of Data Protection Law.
14.2 If you are visiting our website from a country other than the country in which our servers are located, the various communications will necessarily result in the transfer of information across international boundaries.
14.3 By providing us with your Personal Data, you consent to the processing and transfer of your data as set out in this section.
15. Governing Law and Jurisdiction
15.1 This Privacy Notice forms part of our website and as such shall be governed and construed in accordance with the laws of England & Wales. You agree to submit any dispute arising out of your use of this website to the exclusive jurisdiction of the courts of England & Wales.
16.1 We welcome comments about this Privacy Notice. If you have any questions about this notice or any part of our service, you may contact us by emailing firstname.lastname@example.org or writing to Firethorne House, Station Road, Alvescot, Oxon OX18 2PS