The Dyers’ Company Privacy Notice and Data Protection Policy
Introduction
This document has been prepared by The Dyers’ Company for our Liverymen and all interested parties to clarify the steps we have taken to ensure we comply with the GDPR legislation. Its purpose is to provide an overview of our Data Protection policy, covering the processing and protecting of Personal Data in order to provide agreed services to the Livery and all other parties we contact in relation to our role as a Livery Company.
The Dyers’ Company is both a Data Controller and Data Processor in relation to the services it provides. We are not required to appoint a Data Protection Officer under the new legislation; for any queries relating to our data processing please email communication@dyerscompany.com.
Lawful Basis
Of the six available lawful bases for processing data under the GDPR legislation, The Dyers’ Company considers that the processing of the data it holds in order to carry out the administration of the Livery and provide other agreed services to the Livery is that of “performance of a contract with the data subject”.
Furthermore, The Dyers’ Company considers that the processing of the data it holds in order to carry out the general marketing activities is that of “legitimate interest” and also “to take steps to enter into a contract”.
Types of Personal Data
As a Liveryman of The Dyers’ Company or an associated party, you may volunteer your personal data information when using our website, emailing us, interacting with us on social media, replying to surveys, or registering for information or events.
The data we collect can include your salutation, full name, post-nominals, date of birth, date of entering the Livery and / or Court, job title, postal address(es), biography, spouse or partner details, name and date of birth of children, CV, telephone number(s), e-mail address (es), social media account address(es), website address(es) and photographs.
Rationale for Processing Personal Data
The information that you provide us with will be used for the purpose of contacting you and/or providing you with relevant and updated information about our organisation, its activities and positions.
The Dyers’ Company processes identification details of the individuals who register to participate to events it organises for the purpose of managing the registration and participation to such events under the general terms and conditions that are expressly accepted by the individuals and/or based on consent for certain personal data. Your consent will be specifically asked for photos or multimedia content that may enable the recognition of participants at events.
Data Retention
Your personal data will be kept as long as you are a designated Liveryman of The Dyers’ Company and, otherwise provided by law, for the time that is strictly necessary to achieve the purpose(s) for which they were collected.
You can submit a Subject Access Request for all data held on you or your organisation at any time by emailing communication@dyerscompany.com.
Should you wish to withdraw your prior informed consent, rectify or remove any of the information that we hold about you or your organisation, please contact us at: communication@dyerscompany.com.
Data Sharing
The Dyers’ Company does not share or sell any personal data to third parties for any commercial purposes. Your personal data will not be shared with any other third parties unless we would be required to do so by law or to comply with a court order served upon us in connection with our website(s), social media channels, the implementation of the EU GDPR or to protect and defend our legal rights and interests and those of our Liverymen.
The processing of the Personal Data stored and processed by The Dyers’ Company has been assessed as presenting very limited risks for fundamental rights, due to the fact that only professional information is used with adequate security measures in place to prevent data breaches.
Online Data
The Dyers’ Company and its web hosting company, MSO, treat all data held with care and security. Any details provided will remain confidential.
Our websites or social media channels may use tracking techniques such as cookies for collecting technical information about your use for the purpose of improving and tailoring their content and making it more user-friendly. Cookies are text files placed on your computer to collect standard internet log information and visitor behaviour information. This information is used to track visitor use of the website and to compile statistical reports on website activity. You can set your browser not to accept cookies and the above websites tell you how to remove cookies from your browser. However, in a few cases some of our website features may not function as a result.
When interacting with our social media channels your consent and personal data use are covered by the terms and conditions and privacy policies of each of these social media platforms.
Our website, social media channels and electronic communication tools may also contain links to websites or social media channels of third parties. These links are provided for your information and convenience only. The Dyers’ Company does not endorse, approve or take any responsibility for the websites or social media channels which we provide links to. We also do not endorse, approve or take any responsibility for their availability, performance, content or for the use of such websites or social media channels or any information contained therein.
The Dyers’ Company’s data privacy policy applies only to The Dyers’ Company data storage and processing methods, website and electronic communication media and not to any other websites or media that you would access by hyperlink from our website or our social media. When you leave our website by linking to another site or through social media, you should read the privacy policy, if any, provided by such website or media.
The Dyers’ Company make no warranty that the contents of our online platforms are free from infection by viruses or anything else which has contaminating or destructive properties and shall have no liability in respect thereof.
Data Storage
The data we hold contains personal contact details and occasionally corporate bank account details. Sensitive Personal Data is not collected or stored.
This data is held in a range of formats – paper files, archived paper files and IT server-based internal networks. Electronic data is stored in a database, with data also stored in other directories on the same server, for example, for invoice correspondence. Our IT server is housed in a dedicated room and the internet router has a firewall. The server and hardware are protected with anti-virus software. All IT equipment is password protected and access is restricted to the relevant staff. We do not process or hold data outside the European Economic Area (EEA).
Physical data stored held at our office is secured in locked cabinets in locked offices. Our office is secure with electronic fob entry and alarms.
For any further information on our data practices please email communication@dyerscompany.com or write to the Head of Communications, The Dyers’ Company, Dyers’ Hall, 11 – 13 Dowgate Hill, London, EC4R 2ST.