Privacy Policy

Privacy Policy

This policy was last updated on the 25th May 2018.

This privacy policy is provided by Secure Chorus Ltd, a company limited by guarantee registered in England with company number 10366825, whose registered address is at Cannon Place, 78 Cannon Street, London, England, EC4N 6AF. As such, any references in this Privacy Policy to “we”, “our”, “us” etc. will be interpreted as a reference to Secure Chorus Ltd.

From time to time, as part of running our business, we collect and use certain personal data about natural persons with whom we have contact, and in particular our members, observers, advisors, suppliers, other third parties with whom we do business and even certain information about members of the general public (we refer to such individuals in this notice as “you” or “your” or “contacts”).

Please note that we have a separate privacy policy relating to personal data which we collect and use for our employees, agents, job applicants, self-employed sub-contractors, sole traders etc.

We are required under data protection legislation to notify you of the information contained in this privacy notice. 

Scope of this policy

This Privacy Policy covers the use of your information by Secure Chorus Ltd: This policy explains our privacy practices and covers the following:

Whose personal data do we process?

We collect and use personal data relating to the following types of individuals:

  • Contacts at our existing members and observers organisations: we collect and use certain personal data of natural persons who we liaise with at organisations who are our existing members and/or observers;
  • Contacts at our potential members and observers organisations: we collect and use certain personal data of natural persons who we liaise with at organisations who may express an interest in becoming our members or observers;
  • Visitors to our offices or sites: we also collect certain information about natural persons who visit our offices or sites or other places where we are performing our services from time to time;
  • Contacts at our advisors and other third-party suppliers: we collect and use certain personal data about natural persons who work at organisations which provides goods and services to us, i.e. our suppliers with whom we work to provide our services, as well as advisors who provide legal, financial, PR , marketing services and other advice to our business; and
  • Claimants: we collect and use certain personal data about individuals who make a claim directly against us.

What type of personal data do we process?

Depending on the natural persons, personal data we may process will generally consist of:

  • Members, observers, and potential members and observers:
    • name, job title, email address, phone number and work address, name of the employer;
    • IP address, browser types, device being used;
    • details of our interactions and correspondence with a natural person (specifically our emails with the natural person and the notes we make in relation to our telephone conversations, meetings or other interactions with the natural person); and
  • Visitors to our sites and other natural persons who come into our offices and sites and places where we work:
    • name, job title, email address, phone number and work address, name of the employer: which guests provide when they visit our sites/offices for appointments or meetings;
    • details of our interactions and correspondence with natural persons (specifically our emails with the natural person and the notes we make in relation to our telephone conversations, meetings or other interactions with the natural person);
    • IP address, browser types, device being used;
    • video images of natural persons who are in the immediate vicinity when we record a video images for example, this may unintentionally involve us recording natural persons in the vicinity at that time; and
  • Advisors / thirty party suppliers:
    • name, job title, email address, phone number and work address, name of the employer: which guests provide when they visit our sites/offices for appointments or meetings;
    • IP address, browser types, device being used;
    • details of our interactions and correspondence with natural persons (specifically our emails with the natural person and the notes we make in relation to our telephone conversations, meetings or other interactions with the natural person); and
  • Claimants: name, address, email, date of birth, any relevant medical details.

How do we collect personal data we process?

  • Personal data you provide: the personal data you provide where you or your organisation provides to us or receives a service from us; or when you get in touch with us, for instance registering an interest by emailing us, have a telephone conversation with our call centre, or if we meet at a networking event and you provide your business card; or when you get in touch directly in the event of a complaint or claim.
  • Personal data from your employer: your employer may pass us your contact details, for instance if you are to act as someone who we will be liaising with regarding a project.
  • Personal data from publicly available sources: we may occasionally obtain limited personal data from the internet or from sources such as LinkedIn.
  • Information collected by CCTV or other video cameras: we may also record images – for example at events we host – this may unintentionally involve us recording natural persons in the vicinity at that time.
  • Information from a solicitor or insurer: if you are a member of the general public and you make a claim against us, your solicitor or insurer may pass us your contact details.

Why do we use your personal data?

  • Day to day communications with customer, suppliers and other third parties who we work with: we need to communicate effectively and efficiently with our members, observers, advisors and third-party suppliers, in order to facilitate our provision of high quality and timely communications and services, including service delivery, compliance with all operational, technical, health, safety, environmental & governance standards. Similarly, where your organisation provides services to us, we will need to know which individuals at your organisation we need to communicate with and keep details of your personal data on our systems, including for selection, health & safety and compliance requirements. Therefore, we use personal data for day to day communications with such parties. Our communication methods include written correspondence, email, telephone, online video conferencing and face to face meetings.
  • Managing accounts and other internal administrative purposes: we process personal data for other internal administrative purposes, including in relation to setting up and managing accounts with our members, observers, advisors and suppliers, paying and raising invoices etc.
  • Safety and Security of our offices and sites: when we give you access to our offices (and certain other sites where we may hold meetings) we process personal data for security reasons, to protect our assets and staff, but also to ensure compliance with operational health and safety standards and general governance standards.
  • Business development: from time to time use limited personal data (business contact details) to get in touch with existing and potential members and observer, in order to promote our services and build relationships and to develop and manage existing relationships. For instance, we use may Eventbright, phone calls and emails to invite members and observers to events.
  • Assessment of Claims: we need to assess and process personal data relating to a claim that someone may make against us. This may involve us using a claimant’s personal data in our defence or other legal documentation and for obtaining legal advice or insurance etc.

Who do we share your personal data with?

We may share your personal data with the following parties:

  • our professional advisers: such as our accounting, legal, insurers advisers where they require that information in order to provide advice to us;
  • members and observers: to ensure the employee of a subcontractor meets the technical, behavioural, health and safety requirements of the member’s satisfaction, where relevant;
  • our service providers: such as PR and marketing agencies; IT service providers, which provide hosting of our IT services (e.g. document management system services, mail servers’ services, internet services, secure communication applications, conference call services) or who provide support and maintenance services for our IT systems may occasionally have supervised access to parts of our IT systems which contain personal data for maintenance and support purposes;
  • any regulatory authority in accordance with our legal obligations;
  • solicitors, insurers and the courts: where we have obtained personal data from claimants we may need to share such information as part of defending a claim; and
  • law enforcement: if we are required to do so by law.

Where we share personal data with third parties, where possible, we generally have contracts in place with such third parties, which ensures that they will protect your personal data and not use it for any purposes beyond delivering their services to us.

How long will we keep your personal data?

The length of time that we may retain your personal data for varies, according to the type of individual whose personal data we have collected, and what this is being used for:

Type of data subject Applicable retention period
Existing members and observers For the duration of the contract between us plus 6 years.
Our advisors and other third-party suppliers For the duration of the contract between us and such third parties plus 6 years.
Claimants Until the claim is resolved

Legal grounds for processing your personal data

Every use that we make of your personal data must meet a legal ground in the list set out by data protection law.  The legal grounds which we rely on are as follows:

  • Providing services to members and observers: the legal ground which is relevant to us processing your personal data for the other purpose of providing services to our member and observers outlined in this privacy policy, is: to achieve our legitimate business interests, in a situation where your rights are not jeopardised so as to override this. Our legitimate business interests include:
    • enabling us to provide effective communications with our members, observers, advisors, suppliers and where applicable members of the general public;
    • managing accounts and relationships with our members, observers and third-party suppliers; and
    • to operate our services efficiently and effectively.
  • Marketing: where we do send marketing communications to our members, observers and /or potential members/observers we will only do so if we have first obtained their prior consent to receiving such marketing communications.
  • For other general uses: the legal ground which is relevant to us processing your personal data for the other general purposes outlined in this privacy policy, is: to achieve our legitimate business interests, in a situation where your rights are not jeopardised so as to override this. Our legitimate business interests include:
    • enabling us to provide effective communications with our members/observers, advisors, suppliers and where applicable members of the general public;
    • managing accounts and relationships with members/observers and third-party suppliers;
    • to operate our services efficiently and effectively; and
    • to protect our assets and our staff.
  • Dealing with claims: When we handle personal data in relating to public liability or other claims that are brought directly against us, the legal grounds which we rely on are as follows:
    • when this involves handling medical details: the establishment, exercise or defence of a legal claim; and
    • generally, for other personal data: to achieve our legitimate business interests, in a situation where your rights are not jeopardised so as to override this. Our legitimate interests would be to defend ourselves from a claim.

Where is your personal data stored?

Your personal data will be stored locally by us and/or our IT services providers  but may also be stored and backed up on servers located outside of the European Economic Area. We ensure that your data is protected in these countries by requiring the recipients to disclose their data privacy policy. If you would like further information on you can contact us using the details set out at the end of this Privacy Policy.

Your rights in relation to your personal data

You have the following rights regarding your information:

Rights What does this mean?
Right to be informed

 

You have the right to be provided with clear, transparent and easily understandable information about how we use your information and your rights. This is why we are providing you with the information in this Privacy Policy.
Right of access You have the right to obtain access to your information (if we are processing it), and other certain other information (similar to that provided in this Privacy Policy).
Right to rectification You are entitled to have your information corrected if it is inaccurate or incomplete.
Right to erasure This is also known as ‘the right to be forgotten’ and, in simple terms, enables you to request the deletion or removal of your information where there is no compelling reason for us to keep using it.  This is not a general right to erasure; there are exceptions.
Right to restrict processing You have rights to ‘block’ or suppress further use of your information. When processing is restricted, we can still store your information, but may not use it further. We keep lists of natural persons who have asked for further use of their information to be ‘blocked’ to make sure the restriction is respected in future.
Right to data portability You have the right to obtain and reuse your personal data in a structured, commonly used and machine-readable format in certain circumstances. In addition, where certain conditions apply, you have the right to have such information transferred directly to a third party.
Right to withdraw consent If you have given your consent to anything we do with your personal data, you have the right to withdraw your consent at any time (although if you do so, it does not mean that anything we have done with your personal data with your consent up to that point is unlawful).
Right to object processing In addition to the above rights, you also have the right to object to certain types of processing, in certain circumstances. In particular, the right to object to the processing of your personal data based on our legitimate interests’ grounds (including processing for direct marketing).

To exercise any of these rights at, any time, you can contact us using the details set out at the end of this Privacy Policy.

Changes to this Privacy Policy

From time to time we may make changes to this Privacy Policy to ensure that it is accurate and up to date and to reflect any changes in the law.  This policy was last updated on 25th May 2018.

We will use reasonable endeavours to ensure that your personal data is accurate. In order to assist us with this, you should notify us of any changes to your personal data, by contacting us as set out below.

We are required to employ adequate technical and organisational security measures to protect your personal data from any loss, destruction, damage or unlawful disclosure. However, no transmission of personal data can ever be guaranteed as secure. Consequently, please note that we cannot guarantee the security of any personal data which you transfer to us or which we transfer to you.

Contacting us and making a compliant

Contact details of Secure Chorus Ltd are set out below.  Please do contact us if you have any questions or complaints about this Privacy Policy or about how we handle your information.

If you are not satisfied with our response or you believe our use of your information does not comply with data protection law, you can make a complaint to the UK regulator in relation to data privacy, being the Information Commissioner.

Information Commissioner’s Office
Wycliffe house, Water Lane, Wilmslow, Cheshire, SK9 5A
www.ico.org

Secure Chorus Ltd
Trading address: Level39, Office 39.15, One Canada Square, Canary Wharf, London E14 5AB
Registered office: Cannon Place, 78 Cannon Street, London, England, EC4N 6AF
Email: info@securechorus.org
www.securechorus.org

Start typing and press Enter to search