Data Protection Policy

 
  1. Introduction
    The Buntingford Chamber of Commerce (“the Chamber”) is committed to protecting the personal data of its members, employees, and stakeholders. This policy outlines how the Chamber collects, processes, stores, and protects personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
  2. Scope
    This policy applies to all personal data processed by the Chamber, including that of members, suppliers, and other stakeholders. It covers data held in electronic and paper formats.
  3. Principles of Data Protection
    The Chamber adheres to the following principles when processing personal data:
  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability
  1. Lawful Basis for Processing Data
    The Chamber processes personal data under one or more of the following legal bases:
  • Consent: Individuals have given clear consent for data processing.
  • Contractual necessity: Processing is required to fulfil a contract.
  • Legal obligation: Processing is necessary for compliance with legal requirements.
  • Legitimate interests: Processing is necessary for the Chamber’s legitimate business purposes.
  1. Data Collection and Use
    The Chamber collects personal data for purposes including but not limited to:
  • Membership administration and communication
  • Event organisation and promotion
  • Financial transactions (e.g., membership fees, event fees)
  • Compliance with legal obligations
  • Marketing and member engagement
  1. Data Storage and Security
  • Personal data is stored securely using appropriate technical and organisational measures.
  • Access to personal data is restricted to authorised personnel only.
  • Data breaches will be reported and handled in accordance with UK GDPR requirements.
  1. Data Sharing and Transfers
  • Personal data is not shared with third parties unless required for legal compliance, service provision, or with explicit consent.
  • Any international data transfers will be conducted in compliance with UK GDPR regulations.
  1. Data Retention
  • Personal data is retained only for as long as necessary to fulfil the purposes for which it was collected.
  • Upon expiry of retention periods, data is securely deleted or anonymised.
  1. Individual Rights
    Individuals have the following rights regarding their personal data:
  • Right to access
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Right not to be subject to automated decision-making Requests to exercise these rights should be directed to the Chamber’s Data Protection Officer.
  1. Data Protection Officer (DPO)
    The Chamber has designated a Data Protection Officer responsible for ensuring compliance with data protection laws. The DPO can be contacted at info@buntingfordchamberofcommerce.co.uk
  2. Review and Updates
    This policy will be reviewed annually or when significant changes occur in legislation or Chamber operations.
  3. Contact Information
    For any queries regarding this policy or data protection matters, please contact: info@buntingfordchamberofcommerce.co.uk

Approved by: Louise Hampton
Date: 12/03/2025