Ƶ (Ƶ or the Association) has produced this privacy notice as required by the UK General Data Protection Regulation (UK GDPR), which means Regulation (EU) 2016/679 (EU GDPR, implemented in the UK prior to the UK leaving the EU by the Data Protection Act 2018) as it forms part of the law of England and Wales, Scotland and Northern Ireland by virtue of section 3 of the European Union (Withdrawal) Act 2018.
This privacy notice aims to give you information on how Ƶ collects and processes your personal data in compliance with GDPR.
What personal data does Ƶ collect?
How is personal data collected by Ƶ?
How is personal data used by Ƶ?
Lawful basis for processing personal data
Data controller and data processors
Ƶ is a not-for-profit trade association whose members, currently totalling around 120, operate in the chemical industry supply chain. Ƶ provides members with access to timely, targeted and relevant information on industry and regulatory developments and aims to provide a collective voice for members to represent their interests at the UK and international levels by working to shape and mitigate the impact of legislation on their businesses. Ƶ also runs seminars, conferences and training courses which are open to non-members as well as to members.
Personal data, or personal information, means any information about an individual from which that person can be identified.
Ƶ collects personal data relating to contacts within its member companies, as well as data relating to those individuals who are members in their own right. Personal data which Ƶ collects includes first name(s) and surnames, telephone numbers, job titles, email addresses, membership of Ƶ sector groups, special dietary requirements, whether a contact is the main contact for the Ƶ member or not, and, occasionally, home and website addresses. Ƶ also generates and holds Ƶ website members’ area access user names and passwords.
In addition, Ƶ collects personal data when that data is necessary for compliance with legal obligations, such as the data required by Companies House relating to the appointment of directors of the Association.
Personal data which Ƶ collects relating to non-members includes first name(s) and surnames, telephone numbers, job titles, email addresses, special dietary requirements and whether contacts are members of Ƶ sector groups on a guest basis.
Ƶ does not collect any sensitive “special category”, children’s or criminal offences or convictions data.
Personal data is generally collected directly in a variety of ways, including from membership application forms, booking and feedback forms for Ƶ members’ meetings, seminars, conferences and training courses and through contact via telephone and email. However, when website cookies are used data is collected automatically.
Personal data is used by Ƶ for the general administration of the Association; to provide information, predominantly by email, on industry and regulatory developments and on members’ meetings, seminars, conferences and training courses; for work with contacts in Government, other trade associations and other organisations; and for reviews of the use of its services.
In addition to sharing data when necessary for compliance with legal obligations, Ƶ may share personal data with service providers such as those who provide IT and system administration services and with professional advisors such as its lawyers and accountants.
Ƶ may share personal data with other third parties in the course of organising events such as members’ meetings, seminars, conferences and training courses insofar as the names and affiliation of those who have registered to attend events may be shared with other delegates and speakers and with event organisers at event venues. Event venue event organisers are also notified of special dietary requirements.
Ƶ asks all third parties to maintain the security of personal data shared with them and authorises them to use the data only for the purposes for which it has been provided.
Personal data may also be shared with Government, other trade associations and other organisations to facilitate input on the basis of consent by representatives from Ƶ members to the development of policy or other project work.
Ƶ does not make available to any other third parties, nor does it sell, nor does it transfer outside the UK except for the EU, any personal data it holds.
The GDPR requires organisations to identify the lawful basis for their processing of personal data. Six lawful bases are available for processing, namely “consent”, “contract”, “legal obligation”, “vital interests”, “public task” and “legitimate interests”.
“Legitimate interests” applies when processing is necessary for the legitimate interests of an organisation or the legitimate interests of a third party, unless there is a good reason to protect an individual’s personal data which overrides those legitimate interests.
Ƶ considers that, of the various lawful bases available, “legitimate interests” is the appropriate legal basis for its processing of personal data for the administration of the Association and for the provision of its services, except when the processing is necessary for compliance with legal obligations when the lawful basis is “legal obligation”, and except in specific cases where consent is sought when the lawful basis is “consent”. Ƶ has reviewed whether the processing it carries out is necessary for these purposes and is satisfied that there is no other reasonable alternative.
The GDPR applies to data “controllers” and to data “processors”.
For the purposes of the GDPR, the Association is the data controller in that it determines the purposes and means of processing personal data. The Association’s contact details may be found at the foot of this page.
The data processors for the purposes of the GDPR are members of the Ƶ secretariat, including the Company Secretary and the Ƶ office administrator and accountant, who are responsible for processing personal data on behalf of the controller. Data is held securely on the Ƶ database and on the Ƶ website.
In the event that contacts cease to be employed by Ƶ members or cease to be contacts, their personal data is removed by the Ƶ office administrator from the Ƶ database and Ƶ website. In addition, their email addresses are removed from any relevant email lists.
Cookies are small files that with user consent, unless they are “essential” to the website when they do not need user consent, are downloaded to a user’s computer on accessing a website. They are used to store information that may be read and used by that website on that and on subsequent occasions.
The Ƶ website uses cookies in accordance with the website Cookie policy. No personal information is held in the cookies associated with the cookie banner, whilst data collected by cookies used by Google Analytics is anonymised.
Under the GDPR, individuals have the right to be informed about the collection and use of their personal data, a key transparency requirement of the Regulation, as well as the purposes for which their personal data is processed, retention periods for that personal data and with whom it will be shared, this “privacy information” being communicated via a privacy notice.
Under the GDPR, in the context of the collection and processing of personal data by Ƶ, individuals have additional rights, namely the right to have access to their personal information; the right to the rectification of inaccurate information; the right to have it deleted; and the right in some circumstances to object to or restrict processing, all of which may be exercised by contacting the Ƶ office administrator.
Equally Ƶ contacts who do not wish to continue to be included in emailing lists can ask the Ƶ office administrator to remove their email addresses from such lists. Similarly, Ƶ members who no longer wish to receive information via the website information menu system may themselves de-select the information they no longer wish to receive or can ask the Ƶ office administrator to do this for them.
If you would like more information regarding this privacy notice and the GDPR, please contact the Ƶ office administrator at enquiries@bcaorg.com More information on the GDPR may be found on the .
What we do
Key activities
Training & development
Members
Privacy policy | Cookie policy | Disclaimer |
Copyright © Ƶ, a company limited by guarantee, registered in England and Wales, registered number 01763229, Unit 1, St Stephens Court, 15-17 St Stephens Road, Bournemouth, BH2 6LA