We are committed to safeguarding the privacy of our members, apprentices and those applying for apprenticeship, or any status of membership of the Company ('Applicant'). The Company will only use the information that we collect about you lawfully and in accordance with the Data Protection Act 2018 (the "Act").
This Privacy Notice is intended to comply with the Act and General Data Protection Regulation (GDPR) but may change over time to reflect changes in the law.
Broadly, personal data means any information about a living individual, provided that the Company is able to identify that the information is specifically about that person as opposed to anyone else. For example, your personal data includes your name and your email address. Information about you would cease to be your personal data if the Company removed the elements which enabled the Company to know that it was specifically about you. Broadly, ‘processing’ personal data means storing or using it in any way, for example having it in a database or viewing it on a screen.
The Data Subjects in relation to whom the Company processes personal data are the members, apprentices and applicants (‘you’), and their spouses, partners and dependants ('your family') to the extent that the member, apprentice or applicant in question has provided such information.
The Merchant Taylors’ Company (‘the Company’) is the Data Controller.
The Company processes members’ and apprentices’ personal data primarily to:
Subject to the exception in the next two paragraphs, the lawful basis on which the Company processes your and your family’s personal data is that it is necessary in the Company’s legitimate interests, with no disproportionate adverse impact on you or your family. The legitimate interests in question are the purposes explained under the preceding paragraph.
The exception is that the Company will only publish personal data about your financial giving to the Company or its charities with your express consent. ‘Publishing’ in this context means publicising the fact of your pledge to make a gift to the Merchant Taylors’ Company or its charities in your will, or if at any time you are a donor to one of the charities for which the Company provides the trustees (for example, The Merchant Taylors' Foundation) in communications intended primarily for Company members and Apprentices, but which may also be seen by non-members (for example, No.30, other communications from the Company to members, public or members-only pages of the Company's website, etc.).
Under the Privacy and Electronic Communications Regulations, the Company will only send you electronic communications about the following if it has your consent:
The type or categories of personal data which the Company processes includes
If you are an Applicant, or a member of an Apprentice applying for further roles or appointments within the Company, we may request further information and retain additional records, such as interview notes and your CV.
Equally, minutes of meetings and records of decisions may include your name and other information about you.
Your personal data will primarily only be used internally within the Company. See later in this policy for the limited circumstances in which the Company might share your personal data with third parties.
The rest of this section gives more detail about what the mot common examples of 'internal use within the Company'. However, in addition, 'internal use within the Company' always includes relevant Company staff having access to your personal data, to the extent they reasonably need it to fulfil their legitimate functions.
As explained above, 'A/applicant' in this policy means anyone applying for apprenticeship, or for any level of membership of the Company regardless of whether the route to that level is apprenticeship, patrimony or redemption.
If you are an applicant, your name, contact details including email address, and CV will be provided to the Admissions Committee, and may also be shared with the following to enable the Admissions Committee to seek the views of a wider audience within the Company. The Admissions Committee may also ask any of the following to contact you find out more about you, for example, if it is thought that there is someone not on the Admissions Committee who is particularly well placed to talk to you due to the interests or expertise you have mentioned in your CV:
Spouses and partners of Court members and the Clerk are not necessarily themselves apprentices or members of the Company. However, given their spouses'/ partners' heavy involvement in the life of the Company, they often take a keen interest in Company affairs and, at second hand, the welfare of staff and Company members. Accordingly, the Company may share your contact details with any spouse or partner of a Court members or of the Clerk, for the sole purpose of enabling them to send you an appreciative or supportive personal message in relation to a particular occasion. Examples, might be congratulating a long-serving staff member on a significant work anniversary, or sending condolences to a Company member following a bereavement.
Within the Company's membership portal, you control which facts about yourself (e.g. your contact details) you wish to be visible to other members using the portal.
If you are on a Committee of the Merchant Taylors' Company or The Merchant Taylors' Foundation or the board of trustees of any charity for which the Company provides trustees, your contact details including your email address are likely to be shared with other members of the Committee/ board for the sole purpose of communicating with you about relevant business.
If you participate in a dinner or charitable outreach, or sporting, or other social activity, we will normally have to provide your name and possibly other details to other stakeholders e.g. other members of a sports team or a charity which you have committed to visit under the Charity Visits Scheme.
Photographs and/or video footage in which you are identifiable by someone other than yourself may be used in communications intended primarily for Company Members and Apprentices, but which may also be seen by non-members (for example, No.30, other communications from the Company to members, public or members-only pages of the Company's website, etc).
‘Sensitive personal data’ means personal data about a person’s:
The Company will only process sensitive personal data about you or your family in two circumstances.
An example of the second circumstance would be as follows. A Committee member alerts the Clerk that she will be unable to attend a meeting due to ill health, but doesn’t expressly say whether she is content for the reason to be made known within the Company. Relying on the second circumstance, the Clerk explains the reason for her absence to the Chairman of the Committee.
In the case of sensitive personal data about your family, both the above circumstances should be read as if references to you were references to your family.
The Company will not sell your or your family’s personal data to any commercial or charitable organization.
If you are attending a Company event, the Company may pass your personal data to the Merchant Taylors’ Catering Company for the purposes of facilitating your attendance and enjoyment of the event.
If you are attending an event at the Hall involving a charity supported by the Company, such as the Master’s Charity, the Company will only pass your personal data to the charity if it is necessary for the proper functioning of the event (for example, if the charity is organizing a seating plan).
If you are involved in a due diligence visit, or e-visit, under the Charity Visits Scheme, or any kind of interaction with third parties under Engage with Education, or any other kind of visit or interaction with third parties in order to further the Company's philanthropic or educational activities in any other way, in order to facilitate the (e-)visit, or other interaction, the Company will pass your name and your email address to the charity, educational institution, or other third party which you are visiting or interacting with.
The Company uses various cloud-based software packages to administer Company events, for example to facilitate sending out invitations to multiple people and tracking who has accepted. Technically, use of these packages constitutes the Company passing personal data such as your name and email address to the third party cloud-based software provider.
The Company provides the names of the Livery to the publisher of the Company diary for inclusion in the diary, and provides complementary copies of the diary itself to third parties affiliated to the Company, such as schools and military affiliates, and to other third parties such as the Company’s professional advisors.
In common with all other City Livery Companies, the Company provides the name and address of members of the Court and Livery to the following bodies in connection with the functioning of the City of London:
Finally, the Company’s staff are employed by a subsidiary company. In that sense, your and your family’s personal data are provided to that subsidiary company.
Personal data will only be transferred outside the EEA or other areas of adequacy determined by the EU to the extent that the Company uses cloud-based software where, as a standard precaution against cyber-attack, the cloud provider stores data on multiple servers, some of which may be located outside these areas.
If you are a member or apprentice, the Company will retain your and your family’s personal data throughout your life. In the unlikely event of an apprentice not proceeding to the Freedom, or of a member ceasing to be a member during their lifetime, the Company reserves the right to retain the personal data of the individual and his or her family throughout their lives. The reason is to give the Company the fullest latitude to maintain its archives as it sees fit, given the context that the Company’s archive is a key feature of its corporate memory, and that the archives of the City of London Livery Companies collectively embody a tradition of great historical value.
If an applicant is not admitted for any reason to the apprenticeship or level of Company membership which the person is seeking, the Company reserves the right to retain the person's personal data for 20 years. This is to enable the Company to compare the information with that provided in any further application the person makes.
Under the Act and even more so under the GDPR you have a number of rights, outlined below.
You are entitled to access your personal data by making a Subject Access Request (SAR), so that you are aware of and can verify the lawfulness of the processing. You have the right to obtain :
To make a SAR, please make your request by email to email@example.com with the words ‘Subject Access Request’ in the subject bar.
Under GDPR and from 25 May 2018, this information will be provided without charge and within one month. If an extension is required or requests are considered manifestly unfounded or excessive, in particular because they are repetitive, the Company may choose to charge a reasonable fee taking into account the administrative costs of providing the information, or refuse to respond. The reasons for this will be formally notified to you and your rights to appeal to the UK Information Commissioner's Office (ICO) will be highlighted.
The Company will normally use an electronic format to release information in response to a SAR.
To protect your personal data, the Company will seek to verify your identity before releasing any information in response to a SAR about you. In most cases, verifying identity is likely to be simple, but will probably involve additional steps if a SAR is made by a member living outside the UK, or a former member, or a relative or personal representative of a deceased member.
You are entitled to have personal data rectified if it is inaccurate or incomplete. The Company will respond within one month of your request to rectify your data. In the unlikely event of the Company not taking action to fulfil a request for rectification, the Company will inform you of your rights (if any) to complain or seek judicial remedy.
You may request the deletion or removal of personal data under the Right of Erasure. The Right of Erasure does not provide an absolute 'right to be forgotten'. Rather, it is a right to have personal data erased and to prevent processing in the following specific circumstances:
Under the Act, you have a right to 'block' or suppress processing of personal data. The restriction of processing under the GDPR is similar. When processing is restricted, the Company is permitted to store the personal data, but not to process it further. In this event, the Company will explain to you exactly what personal data is held and why.
You may request to obtain and reuse your personal data for your own purposes across different services, subject to the caveat below. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The Right to Data Portability only applies:
In these circumstances the Company will provide a copy of your data in CSV or PDF format free of charge, without undue delay and within one month. If there is a delay, you will be informed.
You have the right to object, on grounds relating to your particular situation, to:
The Company does not carry out any:
The Company keeps its privacy policies under regular review and this may result in issuing updated versions of this Notice, which the Company will normally do on its website. This Notice was last updated in February 2021.
If you have a query or concern about the Company’s processing of your personal data, please:
The Charity is committed to safeguarding the privacy of applicants for almshouse accommodation. The Charity will only use the information that we collect about you lawfully and in accordance with the Data Protection Act 2018 (the "Act").
Please find further information here.
The Company is committed to safeguarding the privacy of those involved with our education-related work. We will only use the information that we collect about you lawfully and in accordance with the Data Protection Act 2018 (the "Act").
Please find the privacy notice for education-related work here.
DISCLAIMER: The information in this Privacy Notice is for general guidance on your rights and responsibilities and is not legal advice. Please contact a lawyer if you need legal advice