Privacy Policy
The Aromatherapy Trade Council takes the collection and safekeeping of its members, enquiriers, and website visitors information very seriously. This privacy notice provides you with details of how we collect and process your personal data through your membership, enquiries, and use of this website.
ABOUT US
The Aromatherapy Trade Council (also referred to as ‘ATC’, ‘us’, ‘we’ or ‘our’) is a company registered in England No. 4118726 and our registered address is Cardinal House, 46 St Nicholas Street, Ipswich, Suffolk, IP1 1TT.
THE PURPOSE OF THIS NOTICE
This Notice is designed to help you understand what kind of information we collect in connection with providing membership benefits and technical and regulatory advice to both members and non-members and how we will process and use this information. In the course of providing you with the benefits of membership and/or technical and regulatory advice we will collect and process information about you commonly known as personal data.
This Notice describes how we collect, use, share, retain and safeguard personal data. It sets out your individual rights; we explain these later in the Notice but in summary these rights include your right to know what data is held about you, how this data is processed and how you can place restrictions on the use of your data.
WHAT IS PERSONAL DATA?
Personal data is information relating to an identified or identifiable natural person. Examples include an individual’s name, age, address, date of birth, gender and contact details.
Personal data may contain information which is known as special categories of personal data. This may be information relating to and not limited to, an individual’s health, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic and biometric data, or data relating to sexual orientation. Personal data may also contain data relating to criminal convictions and offences.
For the purposes of safeguarding and processing criminal conviction and offence data responsibly, this data is treated in the same manner as special categories of personal data, where there are legal obligations to comply with specific data processing requirements.
PERSONAL DATA WE COLLECT
In order for us to provide and administer membership benefits and consultancy services for you and/or provide you with technical and regulatory advice, we will collect and process personal data about you. We will also collect your personal data where you request information about our consultancy services and categories and conditions of membership. We may also need to collect personal data relating to others in order to provide and administer these services. In most circumstances, you will provide us with this information. Where you disclose the personal data of others, you must ensure you are entitled to do so.
You may provide us with personal data when completing online contact forms, when you contact us via the telephone, when writing to us directly or where we provide you with paper-based forms for completion or we complete a form in conjunction with you.
We will share your personal data with members of the management team, administrator and directors in order to provide you with membership and consultancy services and specialist advice. We also share personal data with authorised third parties, including our accountants and insurers and when booking venues for events like the Annual General Meeting and as required by law.
We will collect your personal data when you visit our website Contact Page and communicate with us, when we will collect your unique online electronic identifier; known as an IP address and any other personal data that you provide to us. We do not collect electronic personal data when you first visit our website. For more information please see our Cookie Policy. We may make a written record of your communications with us when contacting our administrator using our telephone contact point, but we do not record telephone calls electronically.
Where we collect data directly from you, we are considered to be the controller of that data i.e. we are the data controller. Where we use third parties to process your data, these parties are known as processors of your personal data.
– A data ‘controller’ means the individual or organisation which, alone or jointly with others, determines the purposes and means of the processing of personal data.
– A data ‘processor’ means the individual or organisation which processes personal data on behalf of the controller.
In the process of providing the benefits of membership, consultancy and technical and regulatory information to you we will we will process the following categories of data:
- Personal data such as an individual’s name, address, date of birth, gender, business and private contact details.
We do not intend to process special categories of personal data such as that related to health or data relating to criminal convictions and offences for example relating to Company law but if it is provided or we discover it as a result of performing due diligence we will process it according to the provisions laid down in the General Data Protection Regulation 2016. If you object to the collection, sharing and use of your personal data we may be unable to provide you with membership, the benefits of membership and/or consultancy and other services.
For the purposes of meeting the General Data Protection Regulation 2016 territorial scope requirements, the United Kingdom is identified as the named territory where the processing of personal data takes place. Further information can be obtained from The Administrator, and the contact details for them are on our Contact Page.
WHY DO WE NEED YOUR PERSONAL DATA?
For members we will use your personal data to provide you with the benefits of membership in accordance with our contractual obligations described in our terms and conditions and codes of practice and to administer ATC in accordance with our Articles and Memorandum of Association, to provide consultancy, technical and regulatory advice and other services related to membership, to respond to requests for help and advice we receive from you and to process complaints.
For non-members we will use your personal data to provide you with information and advice relating to membership and to provide you with technical, regulatory and business advice in response to requests for help and advice received from you. In addition, we will use both member and non-member personal data for the purposes of statistical analysis and to develop and provide additional benefits.
In becoming an ATC member, you are purchasing our products and services and you should understand that you are forming a contract with us. If, as a non-member you contact us or request details of the services we provide, we consider ourselves as having a legitimate business interest to provide you with further information about our products and services. However, we will never supply your personal data to any third party for marketing purposes. You may request to be withdrawn from all such marketing activities at any time.
In some situations, we may request your consent to collect additional data from you. Where we require consent, your rights and what you are consenting to will be clearly communicated to you. Where you provide consent, you can withdraw this at any time by contacting the ATC Administrator.
DATA RETENTION
For members and all classes of membership including interim membership we will retain your personal data at the end of any contractual agreement, i.e. when your membership ends for a period of 15 years. This data will be retained for both your protection and the protection of ATC it’s administrator, management team and its directors should a late discovered incident give rise to a claim under the terms of our Directors and Officer’s Indemnity insurance when we will be able to provide full disclosure to both yourself and our insurers concerning correspondence and contractual arrangements in place at the time of the incident. Where you make a complaint, we will retain the data for 15 years from the date of the complaint or termination of membership whichever is the later.
For non-members we will retain your personal data for a period of 15 years from the date of last contact. This data will be retained for both your protection and the protection of ATC it’s administrator, management team and its directors should a late discovered incident give rise to a claim under the terms of our Directors and Officer’s Indemnity insurance when we will be able to provide full disclosure to both yourself and our insurers concerning correspondence and contractual arrangements if any in place at the time of the incident. Where you make a complaint, we will retain the data for 15 years from the date of the complaint or date of last contact whichever is the later.
Where you or law enforcement agencies inform us about any active investigation or potential criminal prosecution, we will comply with legal requirements when retaining this data. The retaining of data is necessary where required for contractual, legal or regulatory purposes or for our legitimate business interests for statistical analysis and product development and marketing purposes.
Sometimes we may need to retain your data for longer, for example if we are representing you or defending ourselves in a legal dispute or as required by law or where evidence exists that a future claim may occur. For further information contact the ATC Administrator.
You should be aware that before membership of ATC is granted to a company or organisation where you are a director or sole trader we may seek and.or collect additional sources of information about you and your business activities including but not limited to a search at Companies House, and with financial and credit agencies. This information is required to complete our process of due diligence and to judge suitability for membership.
Please contact the ATC Administrator if you object to the use of, or you have any questions relating to the use of, your data, the retention of your personal data or the way we intend to collect data.
YOUR RIGHTS
GDPR provides individuals with legal rights governing the use of their personal data, including the right to understand what personal data relating to them is held, for what purpose, how it is collected and used, with whom it is shared, where it is located, to object to its processing, to have the data corrected if inaccurate, to take copies of the data and to place restrictions on its processing. Individuals can also request the deletion of their personal data.These rights are known as Individual Rights under the GDPR. The following list details these rights:-
- The right to be informed about the personal data being processed;
- The right of access to your personal data;
- The right to object to the processing of your personal data;
- The right to restrict the processing of your personal data;
- The right to rectification of your personal data;
- The right to erasure of your personal data;
- The right to data portability (to receive an electronic copy of your personal data);
- Rights relating to automated decision making including profiling.
Individuals can exercise their Individual Rights at any time. As required by law we will not charge a fee to process these requests, however if your request is considered to be repetitive, wholly unfounded and/or excessive, we are entitled to charge a reasonable administration fee. In exercising your Individual Rights, you should understand that in some situations we may not be able to fully meet your request, for example if you make a request for us to delete all your personal data, we may be required to retain some data for taxation, prevention of crime and for regulatory and other statutory purposes.
You should understand that when exercising your rights, a substantial public or vital interest may take precedence over any request you make. In addition, where these interests apply, we are required by law to grant access to this data for law enforcement, legal and/or health related matters. If you require further information on your Individual Rights or you wish to exercise your Individual Rights, please email the ATC Administrator, or write to: ATC PO Box 219 Market Rasen LN8 9BR, or to our registered office address Cardinal House, 46 St Nicholas Street, Ipswich, Suffolk, IP1 1TT.
PROTECTING YOUR DATA
We will take all appropriate technical and organisational steps to protect the confidentiality, integrity, availability and authenticity of your data, including when sharing your data within the management of ATC and authorised third parties.
COMPLAINTS
If you are dissatisfied with any aspect of the way in which we process your personal data please contact our Administrator on [email protected] . You also have the right to complain to the UK’s data protection supervisory authority, the Information Commissioner’s Office (ICO). The ICO may be contacted via its website which is https://ico.org.uk/concerns/, by live chat https://ico.org.uk/global/contact-us/live-chat or by calling their helpline on 0303 123 1113.
HOW TO CONTACT US
If you have any questions regarding this Notice, the use of your data and your Individual Rights please contact our Administrator on [email protected] or write to the Administrator ATC PO Box 219 Market Rasen LN8 9BR or by telephoning 01673 644 672
Aromatherapy Trade Council is not required to be registered with the UK Information Commissioner, and is therefore not registered with the UK Information Commissioner.
Version 1 May 2018