The Young Business Group (“YBG”) promises to comply with the Data Protection (Bailiwick of Guernsey) Law, 2017 (“the Law”).
Personal Information Collection Statement
We only collect information about members that is required for the provision of our services or is required by law. The information collected from you will only be used for the purpose of processing your enquiry or membership to the YBG or for processing your transactions and managing your membership efficiently and securely. We collect and maintain a variety of personal data including names, email addresses, business addresses and demographic information such as the industry sector of the business in which the individual or individuals concerned is/are involved. We do not collect personal data about individuals except when there is a legitimate business requirement or when such information is provided on a voluntary basis.
You have the right to access any information we have about you at any time to check whether it is accurate and up to date. If you wish to be given any information we hold about you, please contact us by emailing firstname.lastname@example.org.
We do not collect Special Category Data as defined in the Law. We also do not undertake data transfers outside this jurisdiction.
Data storage and retention
The personal data collected is stored in our membership register system and other appropriate data management systems, both paper based and electronic. At regular intervals we will (a) review the length of time we keep your personal data for, (b) consider the purpose or purposes for which we hold your personal data for in deciding whether (and for how long) to retain it, (c) securely delete information that is no longer needed for that purpose or those purposes and (d) update, archive or securely delete information if it goes out of date. We have a six year deletion period for long term records.
Security and disclosure to third parties
Measures are implemented to preserve the confidentiality, integrity and availability of the personal information we process. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to only those Young Business Group council members responsible for administering, managing and running the Young Business Group and any contractors or agents engaged by the Young Business Group who have a legitimate business need to have access to that data. Information will not be made available to a third party unless if (a) we have express permission from the business or individual concerned (b) for the purpose of providing our services or (c) by order of any competent governmental or judicial authority. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data subject access requests
You have the right to access your personal data held by us (“subject access request”). You may request from us a list of the categories of personal information held about you. Subject access requests must be made in writing to the details below. We will respond to the request within a period of 28 days of receipt of the request unless application for extensions in accordance with the Law up to a further 60 days. This process is free of charge.
It is important that the personal data we hold about you is accurate and current. We will take all reasonable measures to ensure that the personal data we hold about you is accurate. We have also implemented procedures to enable you to review and correct your personal information, should there be any changes to your circumstances or errors in the gathered data. When you make a request to access or review the personal data we hold about you, we will request you to verify your identity before the request can be fulfilled.
We may use third party provided tools to manage our social media interactions. If you send us a private or direct message via social media the message may be stored by or on these platforms. Like other personal data, these direct messages will not be shared with any other organisations.
In addition to the rights of access, review and correction, you have the right to object to your personal data being processed for any particular purpose, or to request that we stop using or erase your information. If you wish to exercise these rights, please e-mail email@example.com. If you have further concerns about how we use your personal data, you also have the right to make a complaint at any time to the Office of the Data Protection Authority. Please visit www.odpa.gg for more details on your data protection rights and how to contact them.
This policy was last reviewed on 31 December 2020 and is due for review on 31/12/22.