At British Afghan Chamber of Commerce and Industry, we take the privacy of all our users (also referred to as ‘You’ or ‘Your’ or ‘Visitor’ or ‘Member’) extremely serious.
We are committed to complying with the European General Data Protection Regulation (GDPR) and implementing the highest level of professional, technical and organisational best practices when it comes to collecting user data, storing it and using it for lawful purposes to deliver high quality chamber services.
We collect personally identifiable data from our users to provide better services and user experience. We collect data about you through:
- The use of registration forms, post, phones, emails and in person
- The purchase or use of any of our products or services (membership, publications, courses, feedback, surveys and subscription)
- Third parties (publically available sources, partners, suppliers, employers, solicitors, company house etc.)
TYPE OF DATA COLLECTED:
- Name and title
- Job title and position
- Date of birth
- Company name, address, phone number and email
- Home address, phone number and email
- Payment details such as bank account and credit card information
- Transaction details for payments
- Technical data such as IP address and login details
- Market research data such as readership patterns
- Visits to our sites (physical and virtual)
We do not collect any Special Categories of Personal Data about your religion, sexual orientation, political opinions and health conditions. We also do not intentionally gather personal data from visitors who are under the age of 16. If a parent becomes aware that his or her child has provided us with data, he or she should contact us. We will delete such information from our files as soon as possible.
USE OF DATA COLLECTED:
We only use the collected data for lawful purposes such as for performing our contractual obligations, for our legitimate business interest and to comply with legal requirements. The collected data may be used in the following ways:
- To fulfil our obligations arising from membership or any other contract with you.
- For our legitimate business interest, for user interest, and fundamental rights do not override those interests.
- To process orders, registrations and enquiries.
- To allow you to participate in interactive services.
- For effective communication, coordination and collaboration with you.
- To manage payments, charges and fees.
- To manage relationship, changes to terms, policies, products and services.
- To share updates on publications, events and delegations.
- To deal with complaints, incorporate feedback and hold surveys.
- For business administration, fraud prevention and safety of assets.
- For data analytics to improve our site, customer experience, products and services.
- For audit, reporting, legal, compliance and security purposes.
- For third party service providers such as payment processing, data hosting and subscription management.
From time to time, we may use your personal data to share marketing material from organisations and companies that we believe will be of legitimate benefit to you, only where the you have opted-in to receive such information.
We will not share user personal data with any third party for marketing purposes unless we have prior expressed permission of the user.
You can contact us to stop marketing messages at any time by emailing us at firstname.lastname@example.org.
We try to collect the minimum level of personal data and retain it for the purpose it was collected for and for as long as it is necessary to fulfil our contractual, organisational or any legal responsibility. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements. We store user personal data on servers located in United Kingdom.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers for tax purposes.
We may disclose your personal data to members in our group as defined in section 1159 of the UK Companies Act 2006 and also to selected third parties in the following ways:
- To members, partners, affiliates, contractors and third party service providers for performance of contract we may have entered with them or you.
- To directors, advisors, bankers, auditors, lawyers, insurers and consultants who provide services to us.
- Internally among chamber offices across the country for administrative and contractual obligations purposes.
- If we sell or buy any business or assets, we may disclose your personal data to prospective buyer or seller.
- If the chamber or its assets are acquired by a third party, all personal data held by it about its users will be transferred the third party.
- Normally we do not share your data with entities outside the European Economic Area (EEA). In cases where we may transfer your personal data to our partners and affiliates outside the European Economic Area (EEA), we will take reasonable steps to ensure user personal data receives an adequate degree of security as required by the European Commission.
- With user consent to share personal information with third parties so that they may provide user with special offers, promotional materials, and other materials that may be of interest to them.
Contact us if you do not wish your data to be transferred outside EEA.
We have taken all reasonable organisational and technical steps to prevent your personal data from being accidentally lost, misused or accessed in an unauthorised way, altered or disclosed. Furthermore, we limit access to your personal data only to those employees, agents, contractors and other third parties who have a business need to know such data. They will only process your personal data on our instructions and are subject to a duty of confidentiality.
We take all reasonable steps to ensure that your personal data is processed securely. All information you provide to us is stored on our secure servers in United Kingdom. Any payment transactions will be encrypted, often, using SSL technology. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our site, you are responsible for keeping this password safe. We ask you not to share a password with anyone.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
Under the data protection laws, you have rights in relation to your personal data under certain circumstances to:
- Request access to your personal data.
- Request correction of your personal data.
- Request to erase your personal data.
- Object to processing of your personal data.
- Request restriction of processing of your personal data.
- Request transfer of your personal data.
- Right to withdraw consent.
If you wish to exercise any of the above rights, please contact our Data Protection Department at email@example.com.
There is no fee for accessing your information and we will deal with your request within 30 days of receiving it.
We will charge a fee of £30 if your request is clearly repetitive and unfounded. We may need to verify your identity for security purposes and request specific information from you to help us confirm your identity.
THIRD PARTY LINKS:
Our website may include links to third party websites, plugins and applications including social media. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.
CHANGES TO THIS POLICY:
QUESTIONS, COMPLAINTS AND CONTACT
We are committed to ensuring all information collected about you is done in accordance with the law and kept secure.
If you have any questions, comments or complaints, please do not hesitate to contact us at firstname.lastname@example.org.
If you are not satisfied with our efforts, you can contact the UK Data Protection Authority. For more information, please visit the Information Commissioner’s office at www.ico.org.uk/concerns or call them on 0303 123 1113.