We are committed to safeguarding the privacy of our members and apprentices. The Company will only use the information that we collect about you lawfully and in accordance with the Data Protection Act 1998 (the "Act").
Data Protection legislation is currently going through a period of change. The introduction of the European Union's General Data Protection Regulation (GDPR) and the new British Data Protection Bill, which will replace the Act and is currently passing through Parliament, is the basis of this change. This Privacy Notice is therefore intended to comply with the Act and GDPR but may change over time.
Broadly, personal data means any information about a living individual, provided that the Company is able to identify that the information is specifically about that person as opposed to anyone else. For example, your personal data includes your name and your email address. Information about you would cease to be your personal data if the Company removed the elements which enabled the Company to know that it was specifically about you. Broadly, ‘processing’ personal data means storing or using it in any way, for example having it in a database or viewing it on a screen.
The Data Subjects in relation to whom the Company processes personal data are the members and apprentices (‘you’), and their spouses, partners and dependants to the extent that the member or apprentice in question has provided such information
The Merchant Taylors’ Company (‘the Company’) is the Data Controller.
The Company processes members’ and apprentices’ personal data primarily to:
- support and advance the Company’s charitable and educational works
- promote the existence, continuity and flourishing of the Company itself as a membership organization informed by a spirit of fraternity and with a diverse range of activities
- contribute appropriately to the corporate life of the City of London.
Subject to the exception in the next paragraph, the lawful basis on which the Company processes your and your family’s personal data is that it is necessary in the Company’s legitimate interests, with no disproportionate adverse impact on you or your family. The legitimate interests in question are the purposes explained under the preceding paragraph. The exception is that the Company will only publish personal data about your financial giving to the Company or its charities with your express consent. ‘Publishing’ in this context means publicizing the fact of your pledge to make a gift to the Merchant Taylors’ Company or its charities in your will, or if at any time you are a donor to the Livery and Freemen Fund, in communications intended primarily for Company Members and Apprentices (for example, Number 30).
The type or categories of personal data which the Company processes includes
- postal address
- email address
- mobile, and/or landline number
- information you have provided to the Company about your family
- other information, eg your interests, whether you wish to play in any Company sports teams, participation in the Charity Visits Scheme, and your financial or non financial contributions to the Company and its charities
- advancement to the Freedom, Livery and Court
- membership of any Company Committees or governing bodies of any schools affiliated to the Company.
If you apply for further roles or appointments within the Company, we may request
further information and retain additional records, such as interview notes and your
Equally minutes of meetings and records of decisions may include your name and
other information about you.
Your name and contact details will primarily only be used internally within the Company. However, if you participate in a dinner or charitable outreach or sporting or other social activity, we will normally have to provide your name and possibly other details to other stakeholders eg, other members of a sports team or a charity which you have committed to visit under the Charity Visits Scheme.
‘Sensitive personal data’ means personal data about a person’s:
- political opinions
- trade union membership
- sex life
- sexual orientation
The Company will only process sensitive personal data about you or your family in two circumstances.
- If the Company has asked you for explicit consent to process the sensitive personal data, with a clear explanation why that is thought necessary, or
- If you have volunteered the sensitive personal data to the Company, and the Company then processes it in the course of its legitimate activities with appropriate safeguards, and does not disclose the information outside the Company except with your consent.
An example of the second circumstance would be as follows. A Committee member alerts the Clerk that she will be unable to attend a meeting due to ill health, but doesn’t expressly say whether she is content for the reason to be made known within the Company. Relying on the second circumstance, the Clerk explains the reason for her absence to the Chairman of the Committee.
In the case of sensitive personal data about your family, both the above circumstances should be read as if references to you were references to your family.
The Company will not sell your or your family’s personal data to any commercial or charitable organization. If you are attending a Company event, the Company may pass your personal data to the Merchant Taylors’ Catering Company for the purposes of facilitating your attendance and enjoyment of the event. If you are attending an event at the Hall involving a charity supported by the Company, such as the Master’s Charity or a Livery and Freemen Fund charity, the Company will only pass your personal data to the charity if it is necessary for the proper functioning of the event (for example, if the charity is organizing a seating plan). If you are involved in a due diligence visit under the Charity Visits Scheme, in order to facilitate the visit the Company will pass your name and your email address to the charity involved. The Company uses various cloud-based software packages to administer Company events, for example to facilitate sending out invitations to multiple people and tracking who has accepted. Technically, use of these packages constitutes the Company passing personal data such as your name and email address to the third party cloud-based software provider. The Company provides the names of the Livery to the publisher of the Company diary for inclusion in the diary, and provides complementary copies of the diary itself to third parties affiliated to the Company, such as schools and military affiliates, and to other third parties such as the Company’s professional advisors. In common with all other City Livery Companies, the Company provides the name and address of members of the Court and Livery to the following bodies in connection with the functioning of the City of London:
- to the Corporation of the City of London, for inclusion in the Common Hall Register which operates as the electoral roll for elections to official offices in the City such as the office of Lord Mayor
- to the publisher of the City of London Directory and Livery Companies Guide (‘the Blue Book’), which lists members of the Courts and Liveries of all the City Livery Companies.
Finally, the Company’s staff are employed by a subsidiary company. In that sense, your and your family’s personal data are provided to that subsidiary company.
Personal data will only be transferred outside the EEA or other areas of adequacy determined by the EU to the extent that the Company uses cloud-based software where, as a standard precaution against cyber-attack, the cloud provider stores data on multiple servers, some of which may be located outside these areas.
If you are a member or apprentice, the Company will retain your and your family’s personal data throughout your life. In the unlikely event of an apprentice not proceeding to the Freedom, or of a member ceasing to be a member during their lifetime, the Company reserves the right to retain the personal data of the individual and his or her family throughout their lives. The reason is to give the Company the fullest latitude to maintain its archives as it sees fit, given the context that the Company’s archive is a key feature of its corporate memory, and that the archives of the City of London Livery Companies collectively embody a tradition of great historical value.
Under the Act and even more so under the GDPR you have a number of rights, outlined below.
Right of Access
You are entitled to access your personal data by making a Subject Access Request (SAR), so that you are aware of and can verify the lawfulness of the processing. You have the right to obtain :
- confirmation that your data is being processed
- access to a copy of your personal data, and
- other supplementary information that corresponds to the information in this privacy notice.
To make a SAR, please make your request by email to email@example.com with the words ‘Subject Access Request’ in the subject bar.
Under GDPR and from 25 May 2018, this information will be provided without charge and within one month. If an extension is required or requests are considered manifestly unfounded or excessive, in particular because they are repetitive, the
Company may choose to charge a reasonable fee taking into account the administrative costs of providing the information, or refuse to respond. The reasons for this will be formally notified to you and your rights to appeal to the UK Information Commissioner's Office (ICO) will be highlighted.
The Company will normally use an electronic format to release information in response to a SAR.
To protect your personal data, the Company will seek to verify your identity before releasing any information in response to a SAR about you. In most cases,verifying identity is likely to be simple, but will probably involve additional steps if a SAR is made by a member living outside the UK, or a former member, or a relative or personal representative of a deceased member.
Right of Rectification
You are entitled to have personal data rectified if it is inaccurate or incomplete. The Company will respond within one month of your request to rectify your data. In the unlikely event of the Company not taking action to fulfil a request for rectification, the Company will inform you of your rights (if any) to complain or seek judicial remedy.
Right of Erasure
You may request the deletion or removal of personal data under the Right of Erasure. The Right of Erasure does not provide an absolute 'right to be forgotten'. Rather, it is a right to have personal data erased and to prevent processing in the
following specific circumstances:
- where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
- when you withdraw consent for data where your consent was our legal basis for processing it
- when you object to the processing and there is no overriding legitimate interest for continuing the processing
- the personal data was unlawfully processed
- the personal data has to be erased in order to comply with a legal obligation
- the personal data is processed in relation to the offer of information society services to a child. (The Company does not offer such services.)
Right to Restrict Processing
Under the Act, you have a right to 'block' or suppress processing of personal data. The restriction of processing under the GDPR is similar. When processing is restricted, the Company is permitted to store the personal data, but not to process it further. In this event, the Company will explain to you exactly what personal data is held and why.
Right to Data Portability
You may request to obtain and reuse your personal data for your own purposes across different services, subject to the caveat below. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The Right to Data Portability only applies:
- to personal data you have provided
- where the processing is based on your consent or is for the performance of a contract and
- when processing is carried out by automated means. (The caveat is that the Company considers that it does not carry out any processing by automated means.)
In these circumstances the Company will provide a copy of your data in CSV or PDF format free of charge, without undue delay and within one month. If there is a delay, you will be informed.
Right to Object
You have the right to object, on grounds relating to your particular situation, to:
- processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority
- direct marketing
- processing for purposes of scientific/historical research and statistics.
The Company does not carry out any:
- automated individual decision-making about Data Subjects (ie, making a decision about you solely by automated means without any human involvement), or
- profiling of Data Subjects (ie, automated processing of personal data to evaluate certain things about you).
The Company keeps its privacy policies under regular review and this may result in issuing updated versions of this Notice, which the Company will normally do on its website. This Notice was last updated on 11 May 2018.
If you have a query or concern about the Company’s processing of your personal data, please: • email firstname.lastname@example.org, or • write to ‘The Clerk (Data Protection)’, Merchant Taylors’ Hall, 30 Threadneedle Street, London EC2R 8JB.
DISCLAIMER: The information in this Privacy Notice is for general guidance on your rights and responsibilities and is not legal advice. Please contact a lawyer if you need legal advice