Privacy Notice for Members, Apprentices and Applicants

Overview

We are committed to safeguarding the privacy of our members, apprentices and those applying for apprenticeship, or any status of membership of the Company ('Applicant'). The Company will only use the information that we collect about you lawfully and in accordance with the Data Protection Act 2018 (the "Act").

This Privacy Notice is intended to comply with the Act and General Data Protection Regulation (GDPR) but may change over time to reflect changes in the law.

Broadly, personal data means any information about a living individual, provided that the Company is able to identify that the information is specifically about that person as opposed to anyone else. For example, your personal data includes your name and your email address. Information about you would cease to be your personal data if the Company removed the elements which enabled the Company to know that it was specifically about you. Broadly, ‘processing’ personal data means storing or using it in any way, for example having it in a database or viewing it on a screen.

The Data Subjects in relation to whom the Company processes personal data are the members, apprentices and applicants (‘you’), and their spouses, partners and dependants ('your family') to the extent that the member, apprentice or applicant in question has provided such information.

The Merchant Taylors’ Company (‘the Company’) is the Data Controller.

The Company processes members’ and apprentices’ personal data primarily to:

  • support and advance the Company’s charitable and educational works
  • promote the existence, continuity and flourishing of the Company itself as a membership organisation informed by a spirit of fraternity and with a diverse range of activities
  • contribute appropriately to the corporate life of the City of London.

Subject to the exception in the next two paragraphs, the lawful basis on which the Company processes your and your family’s personal data is that it is necessary in the Company’s legitimate interests, with no disproportionate adverse impact on you or your family. The legitimate interests in question are the purposes explained under the preceding paragraph.

The exception is that the Company will only publish personal data about your financial giving to the Company or its charities with your express consent. ‘Publishing’ in this context means publicising the fact of your pledge to make a gift to the Merchant Taylors’ Company or its charities in your will, or if at any time you are a donor to one of the charities for which the Company provides the trustees (for example, The Merchant Taylors' Foundation) in communications intended primarily for Company members and Apprentices, but which may also be seen by non-members (for example, No.30, other communications from the Company to members, public or members-only pages of the Company's website, etc.).

Under the Privacy and Electronic Communications Regulations, the Company will only send you electronic communications about the following if it has your consent:

  • communications promoting the Company and its activities
  • fundraising communications for the charities for which the Company provides the trustees (such as the Merchant Taylors' Foundation), or for any other charities which the Company is directly encouraging the members to support (for example, the Master's Charity).

The type or categories of personal data which the Company processes includes

your:

  • name
  • postal address
  • email address
  • mobile, and/or landline number
  • information you have provided to the Company about your family
  • other information, e.g. your interests, whether you wish to play in any Company sports teams, participation in philanthropic or charity/education-related activities (for example the Charity Visits Scheme), and your financial or non-financial contributions to the Company and its charities
  • advancement to the Freedom, Livery and Court
  • membership of any Company Committees or governing bodies of any schools affiliated to the Company
  • photographs or video footage in which you are identifiable by someone other than yourself
  • any information relating to you or your family not listed above, which you have provided to the Company

If you are an Applicant, or a member of an Apprentice applying for further roles or appointments within the Company, we may request further information and retain additional records, such as interview notes and your CV.

Equally, minutes of meetings and records of decisions may include your name and other information about you.

Your personal data will primarily only be used internally within the Company. See later in this policy for the limited circumstances in which the Company might share your personal data with third parties.

The rest of this section gives more detail about what the mot common examples of 'internal use within the Company'. However, in addition, 'internal use within the Company' always includes relevant Company staff having access to your personal data, to the extent they reasonably need it to fulfil their legitimate functions.

Applicants

As explained above, 'A/applicant' in this policy means anyone applying for apprenticeship, or for any level of membership of the Company regardless of whether the route to that level is apprenticeship, patrimony or redemption.

If you are an applicant, your name, contact details including email address, and CV will be provided to the Admissions Committee, and may also be shared with the following to enable the Admissions Committee to seek the views of a wider audience within the Company. The Admissions Committee may also ask any of the following to contact you find out more about you, for example, if it is thought that there is someone not on the Admissions Committee who is particularly well placed to talk to you due to the interests or expertise you have mentioned in your CV:

  • Any member of Court
  • The Chair of any committee of the Merchant Taylors' Company or of The Merchant Taylors' Foundation
  • Any charity trustee of The Merchant Taylors' Foundation or any other charity for which the Company provides the trustees

Spouses and partners of Court members of the Clerk

Spouses and partners of Court members and the Clerk are not necessarily themselves apprentices or members of the Company. However, given their spouses'/ partners' heavy involvement in the life of the Company, they often take a keen interest in Company affairs and, at second hand, the welfare of staff and Company members. Accordingly, the Company may share your contact details with any spouse or partner of a Court members or of the Clerk, for the sole purpose of enabling them to send you an appreciative or supportive personal message in relation to a particular occasion. Examples, might be congratulating a long-serving staff member on a significant work anniversary, or sending condolences to a Company member following a bereavement.

Your data and other members generally

Within the Company's membership portal, you control which facts about yourself (e.g. your contact details) you wish to be visible to other members using the portal.

If you are on a Committee of the Merchant Taylors' Company or The Merchant Taylors' Foundation or the board of trustees of any charity for which the Company provides trustees, your contact details including your email address are likely to be shared with other members of the Committee/ board for the sole purpose of communicating with you about relevant business.

If you participate in a dinner or charitable outreach, or sporting, or other social activity, we will normally have to provide your name and possibly other details to other stakeholders e.g. other members of a sports team or a charity which you have committed to visit under the Charity Visits Scheme.

Photographs and/or video footage in which you are identifiable by someone other than yourself may be used in communications intended primarily for Company Members and Apprentices, but which may also be seen by non-members (for example, No.30, other communications from the Company to members, public or members-only pages of the Company's website, etc).

If you volunteer in connection with Engage with Education or other activities relating to education, your personal data may be shared with other types of recipient. For more detail, please see the separate Privacy Policy for Education-related Work, which is available on the Company website.

‘Sensitive personal data’ means personal data about a person’s:

  • health
  • religion
  • political opinions
  • trade union membership
  • sex life
  • sexual orientation
  • genetics
  • biometrics.

The Company will only process sensitive personal data about you or your family in two circumstances.

  1. If the Company has asked you for explicit consent to process the sensitive personal data, with a clear explanation why that is thought necessary, or
  2. If you have volunteered the sensitive personal data to the Company, and the Company then processes it in the course of its legitimate activities with appropriate safeguards, and does not disclose the information outside the Company except with your consent.

An example of the second circumstance would be as follows. A Committee member alerts the Clerk that she will be unable to attend a meeting due to ill health, but doesn’t expressly say whether she is content for the reason to be made known within the Company. Relying on the second circumstance, the Clerk explains the reason for her absence to the Chairman of the Committee.

In the case of sensitive personal data about your family, both the above circumstances should be read as if references to you were references to your family.

The Company will not sell your or your family’s personal data to any commercial or charitable organization.

If you are attending a Company event, the Company may pass your personal data to the Merchant Taylors’ Catering Company for the purposes of facilitating your attendance and enjoyment of the event.

If you are attending an event at the Hall involving a charity supported by the Company, such as the Master’s Charity, the Company will only pass your personal data to the charity if it is necessary for the proper functioning of the event (for example, if the charity is organizing a seating plan).

If you are involved in a due diligence visit, or e-visit, under the Charity Visits Scheme, or any kind of interaction with third parties under Engage with Education, or any other kind of visit or interaction with third parties in order to further the Company's philanthropic or educational activities in any other way, in order to facilitate the (e-)visit, or other interaction, the Company will pass your name and your email address to the charity, educational institution, or other third party which you are visiting or interacting with.

If you volunteer in connection with Engage with Education or other activities relating to education, your personal data may be shared with various third parties. For more detail, please see the separate Privacy Policy for Education-related Work which is available on the Company website.

The Company uses various cloud-based software packages to administer Company events, for example to facilitate sending out invitations to multiple people and tracking who has accepted. Technically, use of these packages constitutes the Company passing personal data such as your name and email address to the third party cloud-based software provider.

The Company provides the names of the Livery to the publisher of the Company diary for inclusion in the diary, and provides complementary copies of the diary itself to third parties affiliated to the Company, such as schools and military affiliates, and to other third parties such as the Company’s professional advisors.

In common with all other City Livery Companies, the Company provides the name and address of members of the Court and Livery to the following bodies in connection with the functioning of the City of London:

  • to the Corporation of the City of London, for inclusion in the Common Hall Register which operates as the electoral roll for elections to official offices in the City such as the office of Lord Mayor
  • to the publisher of the City of London Directory and Livery Companies Guide (‘the Blue Book’), which lists members of the Courts and Liveries of all the City Livery Companies.

Finally, the Company’s staff are employed by a subsidiary company. In that sense, your and your family’s personal data are provided to that subsidiary company.

Personal data will only be transferred outside the EEA or other areas of adequacy determined by the EU to the extent that the Company uses cloud-based software where, as a standard precaution against cyber-attack, the cloud provider stores data on multiple servers, some of which may be located outside these areas. 

If you are a member or apprentice, the Company will retain your and your family’s personal data throughout your life. In the unlikely event of an apprentice not proceeding to the Freedom, or of a member ceasing to be a member during their lifetime, the Company reserves the right to retain the personal data of the individual and his or her family throughout their lives. The reason is to give the Company the fullest latitude to maintain its archives as it sees fit, given the context that the Company’s archive is a key feature of its corporate memory, and that the archives of the City of London Livery Companies collectively embody a tradition of great historical value.

If an applicant is not admitted for any reason to the apprenticeship or level of Company membership which the person is seeking, the Company reserves the right to retain the person's personal data for 20 years. This is to enable the Company to compare the information with that provided in any further application the person makes.

Under the Act and even more so under the GDPR you have a number of rights, outlined below.

Right of Access

You are entitled to access your personal data by making a Subject Access Request (SAR), so that you are aware of and can verify the lawfulness of the processing. You have the right to obtain :

  • confirmation that your data is being processed
  • access to a copy of your personal data, and
  • other supplementary information that corresponds to the information in this privacy notice

To make a SAR, please make your request by email to data@merchant-taylors.co.uk with the words ‘Subject Access Request’ in the subject bar.

Under GDPR and from 25 May 2018, this information will be provided without charge and within one month. If an extension is required or requests are considered manifestly unfounded or excessive, in particular because they are repetitive, the Company may choose to charge a reasonable fee taking into account the administrative costs of providing the information, or refuse to respond. The reasons for this will be formally notified to you and your rights to appeal to the UK Information Commissioner's Office (ICO) will be highlighted.

The Company will normally use an electronic format to release information in response to a SAR.

To protect your personal data, the Company will seek to verify your identity before releasing any information in response to a SAR about you. In most cases, verifying identity is likely to be simple, but will probably involve additional steps if a SAR is made by a member living outside the UK, or a former member, or a relative or personal representative of a deceased member.

Right of Rectification

You are entitled to have personal data rectified if it is inaccurate or incomplete. The Company will respond within one month of your request to rectify your data. In the unlikely event of the Company not taking action to fulfil a request for rectification, the Company will inform you of your rights (if any) to complain or seek judicial remedy.

Right of Erasure

You may request the deletion or removal of personal data under the Right of Erasure. The Right of Erasure does not provide an absolute 'right to be forgotten'. Rather, it is a right to have personal data erased and to prevent processing in the following specific circumstances:

  • where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
  • when you withdraw consent for data where your consent was our legal basis for processing it
  • when you object to the processing and there is no overriding legitimate interest for continuing the processing
  • the personal data was unlawfully processed
  • the personal data has to be erased in order to comply with a legal obligation
  • the personal data is processed in relation to the offer of information society services to a child. (The Company does not offer such services.)

Right to Restrict Processing

Under the Act, you have a right to 'block' or suppress processing of personal data. The restriction of processing under the GDPR is similar. When processing is restricted, the Company is permitted to store the personal data, but not to process it further. In this event, the Company will explain to you exactly what personal data is held and why.

Right to Data Portability

You may request to obtain and reuse your personal data for your own purposes across different services, subject to the caveat below. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The Right to Data Portability only applies:

  • to personal data you have provided
  • where the processing is based on your consent or is for the performance of a contract and
  • when processing is carried out by automated means. (The caveat is that the Company considers that it does not carry out any processing by automated means.)

In these circumstances the Company will provide a copy of your data in CSV or PDF format free of charge, without undue delay and within one month. If there is a delay, you will be informed.

Right to Object

You have the right to object, on grounds relating to your particular situation, to:

  • processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority
  • direct marketing
  • processing for purposes of scientific/historical research and statistics.

The Company does not carry out any:

  • automated individual decision-making about Data Subjects (ie, making a decision about you solely by automated means without any human involvement), or
  • profiling of Data Subjects (ie, automated processing of personal data to evaluate certain things about you).

The Company keeps its privacy policies under regular review and this may result in issuing updated versions of this Notice, which the Company will normally do on its website. This Notice was last updated in February 2021.

If you have a query or concern about the Company’s processing of your personal data, please:

  • email data@merchant-taylors.co.uk, or
  • write to ‘The Clerk (Data Protection)’, Merchant Taylors’ Hall, 30 Threadneedle Street, London EC2R 8JB.

The Charity is committed to safeguarding the privacy of applicants for almshouse accommodation. The Charity will only use the information that we collect about you lawfully and in accordance with the Data Protection Act 2018 (the "Act"). 

Please find further information here.

The Company is committed to safeguarding the privacy of those involved with our education-related work. We will only use the information that we collect about you lawfully and in accordance with the Data Protection Act 2018 (the "Act"). 

Please find the privacy notice for education-related work here.

For funding applications, please read our privacy policy here.

DISCLAIMER: The information in this Privacy Notice is for general guidance on your rights and responsibilities and is not legal advice. Please contact a lawyer if you need legal advice