1.0 Introduction
This Notice sets out how we may collect, use and share your personal data and describes:
- Principles of data protection;
- What information we collect and why;
- What our responsibilities to you are;
- What we do with your personal data;
- How we may use and share the information we collect;
- Whether information has to be provided by you;
- Legal grounds for using personal data;
- The measures we have in place to protect and safely store the information we collect;
- Retention of the information we collect;
- Your choices and rights in respect of the information we hold;
- How to contact us;
- How to make a complaint; and
- Changes to our privacy policy.
You’ll also find a note of defined words and terms at the end of this Notice.
NECCUS is a company limited by guarantee incorporated in Scotland under the Companies Acts (registered number SC644271) and having its registered office at Johnstone House, 52-54 Rose Street, Aberdeen, AB10 1HA. NECCUS is the data controller of the personal information you provide to us. Personal data means any information about you from which you can be identified, but it does not include information where your identity has been removed (anonymous data). As the data controller of personal data, NECCUS is responsible for how that data is managed. We only collect and process what we need in order to provide our services to you.
A primary purpose of NECCUS is to connect members through networking, events, collaborative opportunities and online activities, which involves the sharing of personal data directly with other members, |
but also externally on our website and through the media (social, press, etc). 2.0 Principles of Data Protection |
- Processed fairly and lawfully and with valid and informed consent;
- Obtained for specific and lawful purposes;
- Kept accurate and up to date;
- Adequate, relevant and not excessive in relation to the purposes for which it is used;
- Not kept for longer than is necessary for the purposes for which it is used;
- Processed in accordance with the rights of individuals;
- Kept secure to prevent unauthorised processing and accidental loss, damage or destruction; and
- Not transferred to any subsidiary or service provider appointed by NECCUS where these core principles cannot be met.
3.0 What Information We Collect and Why
We collect personal data about you if you express an interest in joining our organisation, apply for membership or when you book and attend our events. The information about you which we will collect in connection with these activities may include the following:
Members Information |
||
Type of Information |
Purpose |
Legal Basis |
NECCUS Membership Forms: Members name and business contact details, including email and telephone number. |
Managing NECCUS |
Performance of a Contract (for membership duration) and Legitimate Interest (after membership ends). |
Bank account details of the member, or any other party making payment to NECCUS. |
Managing NECCUS membership. The provision of services and events. |
Performance of a Contract and Legal Obligation. |
DNS Member List: Name and business contact details of all NECCUS Members. |
Information is published on the NECCUS website. |
Legitimate Interests. To enable networking and collaboration. |
Your requests for information from us. |
The provision of services and events. |
Performance of a Legal Obligation and Legitimate Interests. |
Photos and videos from events |
To use on our website, social media pages, literature and in press releases. |
Legitimate Interests. These images are an integral part of the networking nature of NECCUS. |
Images of you and other individuals which you have supplied to us. |
To use on our website, social media pages, literature and in press releases |
Legitimate Interests. These images are an integral part of the networking nature of NECCUS. |
Mailing List: Name and business contact details of Member |
To provide information bulletins, announcements and details of forthcoming events. |
Legitimate Interests. To enable knowledge sharing, information flow, networking and collaboration. |
Your feedback and contribution to questionnaires and surveys on the industry and NECCUS |
Contribution to projects where NECCUS is a partner, for provision of information in response to government consultations, for NECCUS literature and/or NECCUS bulletins. |
Legitimate Interests. To enable knowledge sharing, information flow and collaboration. |
Personal information relating to your clients, customers, employees and other individuals connected with your business or organisation which you disclose to us. |
Contribution to projects where NECCUS is a partner, for provision of information in response to government consultations, for NECCUS literature and/or NECCUS bulletins. |
Legitimate Interests. To enable knowledge sharing, information flow and collaboration. |
Your complaints, compliments or concerns about our organisation. |
Managing NECCUS membership. The provision of services and events. |
Performance of a Legal Obligation and Legitimate Interests. |
Non-Members Information |
||
Type of Information |
Purpose |
Legal Basis |
NECCUS Event Forms: Attendees name and business contact details, including email and telephone number. |
Communicating for events, offers or similar. |
Performance of a Contract (for paid events) and Legitimate Interests (after the event). |
Bank account details of the Attendee, or any other party making payment to NECCUS. |
The provision of services and events. |
Performance of a Contract and Legal Obligation. |
Your requests for information from us. |
The provision of services and events. |
Performance of a Legal Obligation and Legitimate Interests. |
Photos and videos from events |
To use on our website, social media pages, literature and in press releases. |
Legitimate Interests. These images are an integral part of the networking nature of NECCUS. |
Images of you and other individuals which you have supplied to us. |
To use on our website, social media pages, literature and in press releases |
Legitimate Interests. These images are an integral part of the networking nature of NECCUS. |
Mailing List: Name and business contact details of Attendees |
To provide information bulletins, announcements and details of forthcoming events. |
Legitimate Interests. To enable knowledge sharing, information flow, networking and collaboration. |
Your feedback and contribution to questionnaires and surveys on the industry and NECCUS |
Contribution to projects where NECCUS is a partner, for provision of information in response to government consultations, for NECCUS literature and/or NECCUS bulletins. |
Legitimate Interests. To enable knowledge sharing, information flow and collaboration. |
Personal information relating to your clients, customers, employees and other individuals connected with your business or organisation which you disclose to us. |
Contribution to projects where NECCUS is a partner, for provision of information in response to government consultations, for NECCUS literature and/or NECCUS bulletins. |
Legitimate Interests. To enable knowledge sharing, information flow and collaboration. |
Your complaints, compliments or concerns about our organisation. |
The provision of services and events. |
Performance of a Legal Obligation and Legitimate Interests. |
Our Website
When using our website, we collect standard internet log information including:
- IP address
- Details of the pages you visit
- General details about the type of computer or device that you are using
This is statistical information only which we collect in order to find out the numbers of visitors to our site and the pages they have visited. This information is collected in such a way that it is not used to identify individuals. Where we do collect personal information on the website this will be made obvious to you through the relevant pages.
Please be aware that our website may provide you with links to other websites. If you follow a link to any other website please note they have their own privacy notices. We do not accept any responsibility or liability for the privacy and security practices of such third-party websites and your use as such is at your own risk.
4.0 What are our responsibilities to you?
As a data controller, we are responsible for ensuring our systems, processes, people and suppliers comply with data protection laws in relation to the information we handle.
All of our people must abide by this Notice when handling personal data and must take part in any required data protection training. Any breach will be taken seriously and may result in disciplinary action.
We currently have a Data Protection Representative to oversee our compliance with data protection laws and this Notice, and provide guidance and advice to NECCUS and our people as required. Our Data Protection Representative will be responsible for reporting any failures to comply with the data protection legislation. See Section 14.0 for details of our Data Protection Representative.
5.0 What We Do With Your Personal Data
Your personal data is retained securely both physically and electronically in our membership database (in the case of members) or administrative database (in the case of non-members), finance and email marketing systems. We take steps to ensure the security of your information to prevent loss, misuse or unauthorised alteration or destruction. We do not buy, sell or trade our membership or administrative lists.
Due to the multi-national nature of the CCUS and Hydrogen Sectors, information relating to the contents of the NECCUS website, and also from NECCUS events, may be shared outside of the European Economic Area.
6.0 How we may use the information we collect
We may use the information we collect for the following purposes:
- To advertise and publicise our events and to promote NECCUS to you;
- To administer payments received from you;
- To facilitate our meetings and events which you have chosen to attend;
- To monitor the effectiveness of NECCUS and to ensure that we meet the needs of those who we serve;
- To verify your identity and to respond to any query that you may raise with us;
- To provide relevant information to you;
- To manage our relationship with you and to administer and maintain our records; and
- To meet our legal obligations.
If you no longer want us to use your data in this way, please write to our Data Protection Representative whose details are at Section 14.0.
We will not apply automated decision making to your information.
7.0 How we may share the information we collect
We may share your personal data with the parties set out below for the purposes described above:
- Third parties attending our events (in such circumstances information shared will generally be restricted to names and organisation);
- Third parties through social media, advertising or publicity material (in such circumstances information shared will be restricted to names and images);
- Third parties who provide services to NECCUS (in such circumstances information shared will be restricted to the least amount of information possible to provide the service);
- Third parties visiting our website if you are a member and choose to share your details in our member directory;
- Courts, regulatory bodies or law enforcement agencies;
- Third party companies and organisations contracted by us to help supply, maintain or facilitate our website including IT support teams for our databases;
- Our appointed solicitors and other professional advisors if necessary; and
Our people, but their use shall be limited to the performance of their duties. Our directors are required to keep personal information confidential and are not permitted to use it for any purposes other than administration of NECCUS.
The following activities are carried out by third-party service providers:
- Event ticket purchases are processed through a third-party service provider.
- Website is administered by a third-party service provider.
All our third-party service providers are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.
If the interests of NECCUS are transferred to or integrated with another organisation your details may also be disclosed to our advisors and any prospective transferees and their advisors and will be passed on to the new custodians of NECCUS. If a change happens to NECCUS then the new custodians of NECCUS may use your personal data in the same way as set out in this Notice.
We will not share, sell or trade your personal information with any other third party without your consent.
8.0 Whether information has to be provided by you
The provision of your personal data is necessary to enable us to administer your membership and attendance at our events. Without this information, we will not be able to administer these activities. You are under no obligation to continue your membership or attend our events. You can withdraw your consent at any time.
9.0 Legal grounds for using personal information
We rely on the following legal grounds to process personal information, namely:
Legitimate interests: We may use your personal data to provide you with information you have requested or with other promotional information or announcements. We will always act reasonably and give full and proper consideration to your interests when balancing them against our legitimate interest, and will only process the minimum data required in order to achieve this legitimate interest. We will process your personal data on our systems for as long as you are a member or to register you for the event(s) that you have signed up for and, for our Legitimate Interests, we will continue to process for a further 3 years. However, you may contact us at any time to remove your details from our database. Financial information, relating to membership and event payments, are retained as per HMRC requirements.
Consent: If you supply personal data to us as part of an application for membership or as part as an application to attend an event we will ask you to consent to its use for the purposes we have outlined above. You may withdraw your consent at any time. If you supply personal information relating to others as part of your application please ensure that you have obtained appropriate consents before sharing this information with us.
Performance of a contract: we may need to collect and use personal information to enter into a contract with you or to perform a contract that you have entered into with us.
10.0 The measures we have in place to protect and safely store the information we collect
The confidentiality and security of your information is of paramount importance to us. We have appropriate organisational and technical security measures in place to prevent personal information from being accidentally lost or accessed in an unauthorised way. However, no information system can be 100% secure. So, we cannot guarantee the absolute security of your information. We are not responsible for the security of information you transmit to us over networks that we do not control, including the internet and wireless networks.
We have taken appropriate steps to ensure that there are adequate procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
11.0 Retention of the information we collect
We retain the information we collect for no longer than is reasonably necessary to fulfil the purposes for which we collect the information and to comply with our legal obligations.
We will retain information required for administration of your membership for as long as you are a member of our organisation and for 3 year after your membership has lapsed.
We will retain information required for administration of your attendance at our events for 1 year after the event has taken place.
After the retention period has elapsed, information that could be used to identify you personally will be removed.
12.0 Your choices and rights in respect of the information we hold
Personal data must be processed in line with individuals’ rights, including the right to:
- Access your personal information and request a copy of it;
- Require us to correct any mistakes in your information which we hold;
- Require the erasure (i.e. deletion) of personal information concerning you, in certain situations;
- Opt out at any time to processing of personal information concerning you for direct marketing;
- Restrict our processing of your personal information in certain circumstances, and
- In limited circumstances, request the transfer of your personal information to another party.
As a data subject, you have a number of rights, as follows:
- To access and obtain a copy of your data, on request. If you would like a copy of your personal data, please email or write to the NECCUS Data Protection Representative. See Section 14.0 for contact details.
- To change incorrect or incomplete personal data.
- To delete or stop processing your personal data, for example where the data is no longer necessary
- for the purposes of processing.
- To object to the processing of your data, in certain circumstances.
- To stop processing data for a period, if data is inaccurate or there is a dispute about whether or not your interests override our legitimate grounds for processing.
13.0 How to make a complaint If you would like to exercise any of the rights referred to in Section 12.0 above, if you have any queries concerning your personal information or any questions on our use of the information or if you wish to raise a complaint on how we have handled your personal data, you can contact our Data Protection Representative. See Section 14 for contact details. If we cannot address your concerns, you can complain to the Information Commissioners Office via www.ico.org.uk 14.0 Contact Details Mike Smith, mike.smith@neccus.co.uk, 07769 936764 |
15.0 Changes to this privacy notice |
This Notice was last updated in August 2020.
16.0 More information
Detailed information about your rights under Data Protection legislation can be found on the website of the United Kingdom Information Commissioner, the address of which is (as at the date of this policy) www.ico.org.uk.
17.0 Defined words
In this Privacy Notice, the following terms have the following meanings:
recorded information whether stored electronically, on a computer, or in certain paper-
“data”
recorded information whether stored electronically, on a computer, or in certain paper-based filing systems;
“data controller”
a person who or organisation which determines how personal data is processed and for what purposes;
“data protection leader”
the person designated as the Data Protection Representative of NECCUS as set out in Section 12.0;
“individual” or “you”
the person whose personal data is being collected, held or processed;
“personal data”
Information which relates to an individual and from which he or she can be identified either directly or indirectly through other data which NECCUS has or is likely to have in its possession. These individuals are sometimes referred to as data subjects.
“our people”
means members, directors, consultants, employees, temporary workers and those on work placements providing services to/working for NECCUS;
“notice”
this Privacy Notice as amended from time to time;
“principles”
the core data protection principles set out in this Privacy Notice;
“process” or “processing”
any activity that involves use of personal data, including: obtaining, recording or holding personal data, or carrying out any operation or set of operations on personal data including organising, amending, retrieving, using, disclosing, erasing or destroying it. Processing also includes transferring personal data to third parties or allowing them access to it as set out in this Notice.