PRIVACY NOTICE - MEMBER OF LIVERY COMPANY
OVERVIEW
Our Intent. We are committed to safeguarding the privacy of our members. The Company will only use the information that we collect about you lawfully and in accordance with the Data Protection Act 1998 (the “Act”).
Changes to Data Protection Legislation. Data Protection legislation and the Act is currently going through a period of change. The introduction of the European Union’s General Data Protection Regulation (GDPR) and the new British Data Protection Bill, that will replace the Act and is currently passing through Parliament is the basis of this change. This Privacy Notice is therefore intended to comply with the Act and GDPR but may change over time.
Member’s Terms & Conditions. This Privacy Notice, forms part of Terms & Conditions for being a member of the Company. In legal terms, members are “Data Subjects,” i.e. “you.” We may also collect personal information regarding your spouse and dependents if appropriate.
DATA CONTROLLER, DATA PROTECTION OFFICER AND DATA PROCESSING
The Data Controller. The Worshipful Company of Tax Advisers Livery Company, The Tax Advisers Charitable Trust and The Tax Advisers Benevolent Fund (to be collectively known as WCOTA) are from a legal perspective classed as the ‘Data Controllers’.
Data Protection Officer (DPO). WCOTA’s DPO is Past Master Kevin Thomas. The WCOTA DPO fulfils a number of roles, one of which is to be the primary and independent point of contact for data protection matters. The formal mechanism for members to raise concerns regarding the processing of personal data is primarily to email: [email protected] or send a letter by registered mail to: The Clerk, 10 Deena Close, Queens Drive, London W3 0HR at which point the inquiry will be forwarded to the DPO for action. Verbal enquiries will be treated appropriately but must, if requested by the DPO, be followed up by email or in writing.
Purpose of Processing Personal Data. We collect personal data primarily to support and advance WCOTA, our industry, trade and profession, support the City and the Lord Mayor and raise money and support charitable and educational works.
Lawful Basis of Processing Personal Data. The lawful basis of processing your personal data is as follows:
Consent. Once you have agreed to this Privacy Notice of our Terms & Conditions, you will be registered for the processing of your personal data, based upon your Consent.
PERSONAL DATA
Categories of Personal Data Processed. The information we hold should be accurate and up-to-date. The personal information which we hold will be held securely in accordance with our internal data protection and security policies. The type or categories of personal data we will collect about you includes your:
Full Name
Postal address (this may be your home and/or business address)
Email address (this may be your personal and/or business email address)
Telephone number (this may be your Mobile and/or landline telephone numbers)
Other information as disclosed on your application form for membership (i.e. date of birth, status, qualifications)
If you apply for further roles or appointments within the Company, we may request further information and retain additional records, such as interview notes, for an appropriate period of time.
Minutes of meetings and records of decisions may include your name and other information about you.
Category of Recipients of Personal Data. Your name and contact details will primarily only be used internally within WCOTA. However, if you participate in a dinner, a charitable outreach activity, or make a donation subject to gift aid, we will normally have to provide your name and possibly other details to other stakeholders.
Transfer of Personal Data Outside the EEA (European Economic Area). Personal data will only be transferred outside the EEA or other areas of adequacy determined by the EU, for specific events. If this is required, consent will be explicitly requested from you.
Sensitive Personal Data. We will never collect sensitive personal data about you without your explicit consent and a clear explanation why it is required.
Spouse, Partner and Children Personal Data. If we hold personal data about a member’s spouse or partner, we will ask for consent from the spouse or partner for this. For member’s children, under the age of 18 years old, we will assume parental consent.
Sale or Passing of Personal Data to Third Parties. We will not sell or pass your personal data to any commercial or charitable organisation.
Retention of Personal Data. We will retain your personal data as follows:
Information Held Under Consent. We will retain your personal data whilst you are a member of the Company. Upon leaving, we retain your name and relevant details to support our historical records.
YOUR RIGHTS AS A DATA SUBJECT
Under the Act and even more so under the GDPR you have a number of Rights which we have outlined below:
Right of Access. You are entitled to access your personal data so that you are aware of and can verify the lawfulness of the processing. This is achieved through the mechanism of a Subject Access Request (SAR) and you have the right to obtain:
Confirmation that your data is being processed (held);
Access to your personal data (a copy); and
Other supplementary information that corresponds to the information in this privacy notice.
Fees and Timings. Under GDPR and from 25 May 2018, this information will be provided without charge; without delay and within one month. If an extension is required or requests are considered manifestly unfounded or excessive, in particular because they are repetitive, the WCOTA may choose to: charge a reasonable fee taking into account the administrative costs of providing the information; or refuse to respond. The reasons for this will be formally notified to you and your rights to appeal to the appropriate Supervisory Authority, i.e. UK Information Commissioner’s Office (ICO) will be highlighted.
Identify Verification. To protect your personal data, the WCOTA will seek to verify your identity before releasing any information, which will normally be in electronic format. As a member this will normally be a simple process, however if the SAR is made from a member living overseas, or former member, or by the relative of a deceased member, then additional verification steps are likely.
Right of Rectification. You are entitled to have personal data rectified if it is inaccurate or incomplete. The WCOTA will respond within one month of your request. In the unlikely event the WCOTA does not take action to the request for rectification, we will inform you of your rights to complain or seek judicial remedy.
Right of Erasure. You may request the deletion or removal of personal data where there is no compelling reason for its continued processing. The Right to Erasure does not provide an absolute ‘right to be forgotten’. However, you do have a right to have personal data erased and to prevent processing in specific circumstances:
Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
When you withdraw consent
When you object to the processing and there is no overriding legitimate interest for continuing the processing
The personal data was unlawfully processed
The personal data has to be erased in order to comply with a legal obligation
Right to Restrict Processing. Under the Act, you have a right to ‘block’ or suppress processing of personal data. The restriction of processing under the GDPR is similar. When processing is restricted, the WCOTA. is permitted to store the personal data, but not further process it. In this event exactly what is held and why will be explained to you.
Right to Data Portability. You may request to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy, or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The Right to Data Portability only applies:
To personal data you have provided to WCOTA
Where the processing is based on your consent or for the performance of a contract and
When processing is carried out by automated means.
In these circumstances the WCOTA will provide a copy of your data in CSV format and/or PDF free of charge, without undue delay and within one month. If there is a delay to this, you will be informed.
Right to Object. You have the right to object to:
Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling)
Direct marketing (including profiling) and
Processing for purposes of scientific/historical research and statistics.
The WCOTA does not participate in the first and third activities, however WCOTA does conduct marketing activities (i.e. promoting social events to members).
Automated Decision Making and Profiling. The WCOTA does not employ any automated decision-making or conduct profiling of Data Subjects. However, if you have consented to be held on our Customer Relationship Management (CRM) database we may periodically send you marketing information so that you are informed of upcoming events and roles. These will be automated but they do not involve automated decision-making or profiling.