Young Business Group’s Data Protection Notice
The Young Business Group (“YBG”) respects your privacy and we are committed to protecting your information. This Data Protection Notice will inform you about the personal data that we collect about you, the reasons why we use that data, how we use it, and tell you about your privacy rights.
In accordance with the Data Protection (Bailiwick of Guernsey) Law, 2017, as amended, and related Regulations and Ordinances (the “Law”), YBG is a Data Controller. This means that we are responsible for deciding how we hold and use personal information about you. We are required under the Law to notify you of the information contained in this privacy notice. This Privacy Policy Statement is only applicable to this site and the YBG’s records and does not extend to any other external links. This privacy notice describes how we collect and use personal information about you during and after your relationship with us, in accordance with the Law. It is important that you read this notice, together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you, so that you are aware of how and why we are using such information.
By using our website, you signify your acceptance of this Data Protection Notice. If you do not agree to this Data Protection Notice, please do not use our website. We reserve the right, at our discretion, to change, modify, add, or remove portions from this Data Protection Notice at any time so visitors are encouraged to review this policy from time to time. Your continued use of our website following the posting of changes to these terms means you accept these changes.
If you have any questions any questions about this Data Protection Notice, including any requests to exercise your legal rights, please contact us by emailing [email protected].
Personal Data Collection Statement
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We only collect information about members that is required for the provision of our services or is required by the Law. The information collected from you will only be used for the purpose of processing your enquiry or membership to the YBG or for processing your transactions and managing your membership efficiently and securely. We collect and maintain a variety of personal data including names, email addresses, business addresses and demographic information such as the industry sector of the business in which the individual or individuals concerned is/are involved. We do not collect personal data about individuals except when there is a legitimate business requirement or when such information is provided on a voluntary basis.
You have the right to access any information we have about you at any time to check whether it is accurate and up to date. If you wish to be given any information we hold about you, please contact us by emailing [email protected].
It is important that the personal data we hold about you is accurate and current. We will take all reasonable measures to ensure that the personal data we hold about you is accurate. We have also implemented procedures to enable you to review and correct your personal information, should there be any changes to your circumstances or errors in the gathered data. When you make a request to access or review the personal data we hold about you, we will request you to verify your identity before the request can be fulfilled.
We do not collect Special Category Data as defined in the Law. We also do not undertake data transfers outside this jurisdiction and do not engage in any automated processing.
Security and disclosure to third parties
Measures are implemented to preserve the confidentiality, integrity and availability of the personal information we process. We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to only those YBG council members responsible for administering, managing and running YBG and any contractors or agents engaged by YBG who have a legitimate business need to have access to that data. Information will not be made available to a third party unless if (a) we have express permission from the business or individual concerned (b) for the purpose of providing our services or (c) by order of any competent governmental or judicial authority. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
Data storage and retention
The personal data collected is stored in our membership register system and other appropriate data management systems, both paper based and electronic.
We will keep your personal data for no more than the time required to fulfil the purposes described above unless a longer retention period is required or permitted by law.
At regular intervals we will (a) review the length of time we keep your personal data for, (b) consider the purpose or purposes for which we hold your personal data for in deciding whether (and for how long) to retain it, (c) securely delete information that is no longer needed for that purpose or those purposes and (d) update, archive or securely delete information if it goes out of date. We have a six year deletion period for long term records.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Your data protection rights
Please note that you have the following rights under the Law in relation to your personal data. In each case, the exercise of these rights is subject to the provisions of the Law:
- You have a right of access to and the right to amend and rectify your personal data;
- You have the right to have any incomplete personal data completed;
- You have a right to lodge a complaint with the Data Protection Authority in Guernsey (Tel +44 (0) 1481 742074 or at https://www.odpa.gg), if you consider that the processing of personal data relating to you carried out by YBG infringes the Law;
- You have a right to request that your personal information is erased (in certain specific circumstances);
- You have a right to restrict processing (in certain specific circumstances);
- You have a right to data portability (in certain specific circumstances);
- You also have the right to object to processing where personal data is being processed for marketing purposes and also where YBG is processing personal data for legitimate interests;
- You can contact us and ask us to review the decision if you have been subject to an automated decision and do not agree with the outcome; and
- You can contact us and ask us to review the decision if you have been subject to an automated decision and do not agree with the outcome.
Data subject access requests
You have the right to access your personal data held by us (“Subject Access Request”). You may request from us a list of the categories of personal information held about you. Subject access requests must be made in writing to the details below. We will respond to the request within a period of 28 days of receipt of the request unless application for extensions in accordance with the Law up to a further 60 days.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Social media
We may use third party provided tools to manage our social media interactions. If you send us a private or direct message via social media the message may be stored by or on these platforms. Like other personal data, these direct messages will not be shared with any other organisations.
Updates to the Privacy Notice
We may need to make changes to this Data Protection Notice periodically, for example, as the result of regulations, new technologies, or other developments in data protection laws or privacy generally. You will be provided with a copy of the most up-to-date Data Protection Notice and you can also view it by checking our website from time to time.
This policy was last reviewed on 31 December 2020 and is due for review on 31/12/22.