- the information that we hold from which individuals can be identified (‘Personal Data‘);
- how we deal with Personal Data; and
- with whom we may share it
(3) Who We Are
Chart & Nautical Instrument Trade Association (CNITA) is a Trade Association.
CNITA outsources the day to day administration of the association to Administration Services Limited (a private limited company registered in England and Wales, no 02230784) (“ASL”) which may process your personal data as Data Processor. The relationship between CNITA and ASL is regulated by a contract that contains safeguards for your rights.
(4) What Personal Data do we collect and use?
The Personal Data about you that we collect and use is principally:
- your name and postal address, which may include a home address
- your contact details including e-mail and phone numbers
- bank details to make payments to you
In some cases, it may include other Personal Data that you may provide to us from time to time.
(5) How your Personal Data is collected
We collect Personal Data about you from:
- membership applications.
- any information you supply to us as to change of address or as to e-mail address
- payments made by you to us
- magazine advertising and editorials
- exhibition booking forms
- requests for information
- registration to attend conferences and events
- emails requesting information
- contracts to act as contractors or suppliers
Only in extraordinary circumstances would we hold Personal Data relating to you which had been supplied by anyone other than you.
If you decide to supply Personal Data to us about another person, please ensure that you do so only with that person’s approval.
(6) What we use your Personal Data for
We may use your Personal Data for one or more of the following purposes:
- Sending information regarding membership
- Sending information for conference sponsorship, advertising, etc.
- Sending information to register to attend an event or conference
- Sending information for surveys
- Sending industry magazines and publications by email or post
- Processing payments to you
- Ordering supplies/services from you
(7) Your rights in relation to your Personal Data
You can tell us that you no longer wish to receive communications from us either of a particular kind or at all by sending an e-mail to that effect to: firstname.lastname@example.org
(8) Our legal obligations regarding your data
We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) (‘GDPR‘) and the UK Data Protection Act 2018 (‘DPA‘) together with other applicable UK and EU laws that regulate the collection, processing and privacy of your Personal Data (together, ‘Data Protection Law‘).
(9) Disclosing your Personal Data to third parties
Subject to the exceptions listed below, the CNITA does not sell, share or transfer any information gathered during the registration processes to any third parties.
The exceptions are:
- As indicated earlier CNITA outsources day to day administration to ASL,
- Sub-contractors of CNITA which include, Press and PR, Advertising Sales, Exhibition Stand Builders.
- where we use third party data processors who are engaged under contract to handle data on our behalf (for example an IT supplier or database hosting provider). In relation to these data processors, we will take all reasonable steps to ensure that they:
- act only in accordance with our instructions;
- only use your Personal Data for lawful purposes and in compliance with applicable data protection law; and
- put adequate safeguards in place to protect your Personal Data.
It is unlikely, but conceivable, that we might disclose your Personal Data to third parties who make their own determination as to how they process your Personal Data and for what purpose(s) (called ‘data controllers‘). In those circumstances, we would expect to notify you so that you could check the relevant privacy policies of those organisations to understand how they may use your Personal Data. Since they would be acting outside our control, we would have no responsibility for the data processing practices of such data controllers.
Other than in the rare and unlikely circumstances described above, we will treat your Personal Data as private and will not disclose your Personal Data to third parties without you knowing about it.
(10) How long we retain your Personal Data for
We shall only retain your Personal Data for as long as you remain a member, advertiser, exhibition attendee, supplier or sub-contractor with CNITA and for 5 years after you have had no contact us with, (when we will delete or anonymise it), together with our legal duties in respect or HMRC and other bodies.
In accordance with our legal duties, we have a Personal Data retention policy (which is available on request) that sets out the different retention periods for Personal Data. The criteria we use for determining these retention periods is based on various legislative requirements; the purpose for which we hold Personal Data; and guidance issued by relevant regulatory authorities including but not limited to the UK Information Commissioner’s Office (ICO).
We shall take all reasonable steps to ensure that we dispose of Personal Data that we no longer need to retain securely.
(11) Security that we use to protect Personal Data
We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and so we cannot guarantee the security of all data sent to us (including Personal Data).
(12) Your Personal Data rights
You have a statutory right (‘Subject Access Request‘) to request information, including information about:
- the Personal Data that we hold about you;
- what we use that Personal Data for; and
- to whom it may be disclosed.
Usually we will have a month to respond to such a Subject Access Request. We reserve the right to verify your identity if you make such a Subject Access Request and we may, in case of complex requests, require a further two months to respond. We may also rely upon certain legal exemptions when responding to your request.
You also have the following statutory rights, which are exercisable by making a request to us in writing:
- to require that we correct Personal Data that we hold about you which is inaccurate or incomplete
- to require that we erase your Personal Data without undue delay, if we no longer need to hold or process it;
- to object to our use of your Personal Data for direct marketing; or
- to require that we do not use your Personal Data otherwise than in compliance with the policy statements above unless we have a legitimate reason for so using it.
All of these requests may be forwarded on to a third party provider who is involved in the processing of your Personal Data on our behalf.
If you would like to exercise any of the rights set out above, please contact us at the address below
If you make a request and are not satisfied with our response, or believe that we are illegally processing your Personal Data, you have the right to complain to the Information Commissioner’s Office (ICO) – see https://ico.org.uk
(13) Spam Protection
Google reCAPTCHA is a challenge-response test intended to prevent spambots from submitting fraudulent emails to us and to help prevent fraudulent logins. We use the reCAPTCHA v2 (“I’m not a robot” Checkbox). The “I’m not a robot” Checkbox requires the user to click a checkbox indicating the user is not a robot. This will either pass the user immediately (with No CAPTCHA) or challenge them to validate whether or not they are human.
Google reCAPTCHA is a system designed to tell humans and computers apart, so bots can’t fill out forms maliciously on behalf of a human. The CAPTCHA acronym stands for Completely Automated Public Turing test to tell Computers and Humans Apart.
The reCAPTCHA API works by collecting hardware and software information, such as device and application data, and sending these data to Google for analysis. The information collected in connection with your use of the service will be used for improving reCAPTCHA and for general security purposes. It will not be used for personalised advertising by Google.
Data processing is based on Article 6 (1) (f) GDPR. The website operator has a legitimate interest in protecting its site from, fraudulent logins, abusive automated crawling and spam.