GDPR POLICY

The following outlines the General Data Protection Regulation Policy for 4theRegion Ltd. (Compliance From 1/5/2018)

The overarching principle is that

  • All data collected and/or stored by 4theRegion is done so for the sole purposes of 4theRegion business and an individual’s relationship with 4theRegion. This will include, but is not limited to, membership communication, internal marketing of events, notification of regional campaigns, facilitating connections and collaborations between members, and news updates from 4theRegion. Individual’s personal data will not be shared with a third party without prior written consent.
  • All 4theRegion Members agree to allow 4theRegion Staff to freely use their business contact details but do not agree that they are circulated to external third parties without prior consent on a case by case basis.

Data Storage

  • From January 2018 4theRegion does not retain any paper files of personal data, except for financial transactional data, which does not include sensitive payment information, bank account numbers or card details.
  • Financial information for online payments are not held by 4theRegion and are all managed by Stripe, 4theRegion hold none of this payment information.
  • The 4theRegion electronic membership database, CapsuleCRM, is hosted and maintained by Zestia Ltd.
    • No PC or workstation shall be left unmanned without a suitable password protected screen saver. All PCs and workstations should be closed and password protected overnight.
    • All Staff should use only their own login to access PCs and membership databases and not share their login details with others.
  • In order to show compliance to the General Data Protection Regulations all staff will carry out a one hour online training program to understand the implications.
  • From April 2018 the Directors will meet quarterly to conduct a GDPR audit to ensure full compliance.
  • All staff have signed as part of their contract of employment a confidentiality clause.

Membership

  • On joining 4theRegion each member must be told that 4theRegion will not under any circumstances use their data for any other purpose then 4theRegion business and an individual’s relationship with 4theRegion. The data will not be circulated to third parties unless members they give their prior written consent. This is made clear at the beginning of the application process.
  • From time to time 4theRegion is approached to circulate relevant matters on behalf of third parties, this is managed from 4theRegion offices and the details are not circulated for any purpose.

Data Rights

  • The data held by 4theRegion can only be as accurate as the information supplied to 4theRegion. It is the responsibility of the individual to ensure their data is accurate.
  • Once an individual’s relationship with 4theRegion has become inactive their personal data will be retained electronically for 3 years before deletion.
  • An individual may at any time request the removal of their personal data by contacting mail@4theregion.org.uk. It should be noted that the removal of all personal data (including email contact details) will result in 4theRegoin no longer being able to carry out the processing of membership deliverables.
  • An individual may at any time raise a concern by contacting mail@4theregion.org.uk. For further details on your rights visit https://ico.org.uk/for-the-public/