Pembrokeshire Coastal Forum Data Protection & Privacy Policy
Version 2.0 4th April 2019
1. Introduction
1.1 Contacts:
Finance, HR & Policy Manager: James Dyer james.dyer@pembrokeshirecoastalforum.org.uk
Communications Manager: Abi Beck abi.beck@pembrokeshirecoastalforum.org.uk
1.2 Pembrokeshire Coastal Forum (PCF) is a Community Interest Company (CIC) limited by guarantee. PCF manage and deliver a number of marine based projects including Marine Energy Wales, Pembrokeshire Outdoor Charter Group and Pembrokeshire Marine Code.
1.3. This Data Protection Policy (DPP) has been prepared to demonstrate how we are meeting the requirements of the General Data Protection Regulations (GDPR) in our routine communications and practice with contacts and clients.
1.4. This policy covers the following activities undertaken by Pembrokeshire Coastal Forum:
- E-Newsletters to the PCF contact list
- Accounting and financial dealings with clients purchasing our services
- Routine, day to day office activities and archive office procedures, contacts and clients
These sections are described in more detail below.
1.5. Overall policy – It has been and is our policy to conduct our activities in line with current data protection policies i.e. GDPR. Since we have to subscribe to a high standard of business accounting and the compliance standards imposed by credit card companies this approach extends to our financial transactions with business clients. It is our intention to make our DPP policy and process as transparent as possible.
1.6. Requirements of GDPR: Contact and client (data subjects) rights – We will seek to respond to any inquiries about the new rights under the GDPR including:
- Your right of access to personal information records
- Your right to correct data
- Your right to be forgotten, for records to be deleted
- Your right to withdraw your consent for processing at any time
- Your (the) right to complain to the Information Commissioners Office
1.7. Security breach – We will communicate with contacts or clients should we have a security breach.
2. Bulk emailing to the PCF contact list
2.1. Introduction – We write a PCF E-Newsletter in order to keep you up to date with work being carried out across our projects as well as other relevant coastal news. You currently receive our newsletters because you are a member of PCF, you are a project stakeholder or you have attended one of our events. In order to do this we use MailChimp, a white listed emailing system (with an unsubscribe option on every email), and a consent based, opt-in policy.
2.2. Mailing contents – Contacts receive mailings on project updates & PCF news, policy news, jobs in the coastal sector, consultations which are open for response, local events and Pembrokeshire coast news. There are currently nearly 2000 contacts across our mailing lists.
2.3. Personal data held – For routine mailings using the MailChimp emailing service we hold the name, email address and in some cases organisation details. Other details such as the date contacts subscribed (evidence of consent based opt-in), and mailing preferences are also held.
We do not hold postal address information for our email contacts.
It is our policy only to hold the personal data consistent with our current practice e.g. emailing.
2.4. PCF does not share or sell personal information about contacts or customers with third parties for the purposes of marketing.
2.5. Risk Assessment – From our understanding of the GDPR regulations the data we hold with regard to our bulk emailing contacts would be a ‘low risk’ in relation to our contacts.
2.6. Consent based subscription and unsubscribing – We process this data on the basis of consent. We have the details of when contacts subscribed to the PCF e-newsletter and since 2014 we have and continue to use a consent based opt-in approach via our website www.pembrokeshirecoastalforum.org.uk/membership Subscribers receive our because they are one of our members, are a project stakeholder or they have attended one of our events. We have no desire to send people unwanted emails. All emails carry an unsubscribe option to enable recipients to unsubscribe at any point. Any queries regarding this should be directed to our Marketing & Communications Manager ruth.lovell@pembrokeshirecoastalforum.org.uk
3. Accounting and financial dealings with clients
3.1. Introduction – Pembrokeshire Coastal Forum is a Community Interest Company (CIC) limited by guarantee. We maintain records of our financial transactions with clients or bookings made by credit card or cheque as would any business. In this regard these are subject to standard accounting procedures not least the need to retain transaction/account records for seven years.
We comply with the data protection standards of our credit card company which explicitly requires that credit card details are destroyed after transactions. This data is not used for any other purposes.
4. Routine, day to day office activities and archive office procedures
4.1. Introduction – Our business activities fall into two main categories: routine and day to day contacts with clients and business associates, and archive records that arise from the completion of projects. In this regard we follow procedures that ensure a high level of security on our computing activities as well as offline storage of information in locked cabinets. The data involved is not used for any other purposes.
5. Other Questions
Should you have any questions concerning our work and data protection issues please contact PCF’s HR, Finance and Policy Manager james.dyer@pembrokeshirecoastalforum.org.uk