If you are interested in becoming a CNITA member please contact us:


email or call us
+44 (0)20 8253 4514


General Data Protection Regulation privacy policy

  1. Introduction

Chart & Nautical Instrument Trade Association (CNITA) is committed to protecting the privacy and personal information of our members, exhibitors, sponsors, advertisers and visitors. This privacy policy is about

This privacy policy also provides information on your legal rights in relation to your Personal Data.

  1. Changes to this Privacy Policy

From time to time we may change the way we use your Personal Data and amend this privacy policy. The current version of our privacy policy will be displayed on our website and can be requested by e-mailing: [email protected]

  1. Who we are

Chart & Nautical Instrument Trade Association (CNITA) is a Trade Association.

CNITA outsources the day to day administration of the association to Administration Services Limited (a private limited company registered in England and Wales, no 02230784) (“ASL”) which may process your personal data as Data Processor. The relationship between CNITA and ASL is regulated by a contract that contains safeguards for your rights.

  1. What Personal Data do we collect and use?

The Personal Data about you that we collect and use is principally:

In some cases, it may include other Personal Data that you may provide to us from time to time.

  1. How your Personal Data is collected

We collect Personal Data about you from:

Only in extraordinary circumstances would we hold Personal Data relating to you which had been supplied by anyone other than you.

If you decide to supply Personal Data to us about another person, please ensure that you do so only with that person’s approval.

  1. What we use your Personal Data for

We may use your Personal Data for one or more of the following purposes:

  1. Your rights in relation to your Personal Data

You can tell us that you no longer wish to receive communications from us either of a particular kind or at all by sending an e-mail to that effect to: [email protected]

  1. Our legal obligations regarding your data

We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) ('GDPR') and the UK Data Protection Act 2018 ('DPA') together with other applicable UK and EU laws that regulate the collection, processing and privacy of your Personal Data (together, 'Data Protection Law').

  1. Disclosing your Personal Data to third parties

Subject to the exceptions listed below, the CNITA does not sell, share or transfer any information gathered during the registration processes to any third parties.

The exceptions are:

It is unlikely, but conceivable, that we might disclose your Personal Data to third parties who make their own determination as to how they process your Personal Data and for what purpose(s) (called 'data controllers'). In those circumstances, we would expect to notify you so that you could check the relevant privacy policies of those organisations to understand how they may use your Personal Data. Since they would be acting outside our control, we would have no responsibility for the data processing practices of such data controllers.

Other than in the rare and unlikely circumstances described above, we will treat your Personal Data as private and will not disclose your Personal Data to third parties without you knowing about it.

  1. How long we retain your Personal Data for

We shall only retain your Personal Data for as long as you remain a member, advertiser, exhibition attendee, supplier or sub-contractor with CNITA and for 5 years after you have had no contact us with, (when we will delete or anonymise it), together with our legal duties in respect or HMRC and other bodies.

In accordance with our legal duties, we have a Personal Data retention policy (which is available on request) that sets out the different retention periods for Personal Data. The criteria we use for determining these retention periods is based on various legislative requirements; the purpose for which we hold Personal Data; and guidance issued by relevant regulatory authorities including but not limited to the UK Information Commissioner's Office (ICO).

We shall take all reasonable steps to ensure that we dispose of Personal Data that we no longer need to retain securely.

  1. Security that we use to protect Personal Data

We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.

We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and so we cannot guarantee the security of all data sent to us (including Personal Data).

  1. Your Personal Data rights

You have a statutory right ('Subject Access Request') to request information, including information about:

Usually we will have a month to respond to such a Subject Access Request. We reserve the right to verify your identity if you make such a Subject Access Request and we may, in case of complex requests, require a further two months to respond. We may also rely upon certain legal exemptions when responding to your request.

You also have the following statutory rights, which are exercisable by making a request to us in writing:

All of these requests may be forwarded on to a third party provider who is involved in the processing of your Personal Data on our behalf.

If you would like to exercise any of the rights set out above, please contact us at the address below

If you make a request and are not satisfied with our response, or believe that we are illegally processing your Personal Data, you have the right to complain to the Information Commissioner's Office (ICO) – see

  1. Contact details

If you have any queries regarding this Privacy Policy or wish to make a further request relating to how we use your Personal Data as described above, please contact [email protected] or write to us at our registered office, Unit 19 Omega Business Village, Thurston Road, Northallerton, DL6 2NJ

16 August 2018