PRIVACY POLICY & GDPR NOTICES
The Worshipful Company of Tobacco Pipe Makers and Tobacco Blenders Registered Office: 14 Montpelier Road, Sutton, Surrey, SM1 4QE
PRIVACY NOTICE FOR LIVERYMEN AND FREEMEN
The Worshipful Company of Tobacco Pipe Makers and Tobacco Blenders (the “Company”) is committed to protecting your personal data and being transparent about what personal data we collect and how we use it. This Privacy Notice explains why we collect certain personal information about you and how we use it. It sets out the legal basis for our processing and outlines your data protection rights.
WHO WE ARE AND HOW TO CONTACT US
For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and any further UK legislation covering data protection, the Company is the controller of your personal data. That means that we determine the purposes (why) and the means (how) we process your data.
For further information regarding privacy and data protection at the Charity, or if you have any questions, please contact the Clerk via clerk@tobaccolivery.org.
WHAT TYPE OF PERSONAL DATA WE COLLECT
We collect a variety of personal data in order to conduct Company business, including:
- Basic identifiers for you and your spouse or partner;
- Key dates (date of birth, freedom date, liveryman date, dates of joining the Court, standing committees and becoming Warden or Master);
- Contact details;
- Proposer’s and seconder’s names;
- Education and occupation details;
- Financial information, including bank and building society details, direct debit information, gift aid status and donations to the Tobacco Pipe Makers & Tobacco Trade Benevolent Fund;
- Photographs; and
- Information concerning your attendance at Company events.
Certain types of personal data are considered by data protection law to be more sensitive than others. This includes “special category personal data” (information relating to your health, racial or ethnic origin, details of sexual life, sexual orientation, religious beliefs, political opinions or any genetic or biometric data that is used to identify you) and “criminal offences and conviction data”.
We do not routinely process any special category data. Our application form asks applicants to declare that they are neither undischarged bankrupts, nor convicted of a criminal offence which has not been spent, because these are requirements in order to obtain the Freedom of the City of London.
HOW WE COLLECT YOUR PERSONAL DATA
We may collect your personal data in a number of ways, for example:
- From the information you provide to us when you interact with us before making an application to join the Company;
- When you submit an application to join the Company;
- When you communicate with us by telephone, email or via our website or our social media channels; and
- In various other ways as you interact with us during your time as a freeman or liveryman of the Company.
HOW WE USE YOUR PERSONAL DATA
The main reason we use your personal data is to allow us to manage the day-to-day business of the Company. In particular, we use your personal data for the following purposes:
- Communicating with you, including sending you messages about Company activities and events, or news about the broader Livery movement;
- Organising events and activities;
- Compliance with legal and governance obligations and good practice;
- Managing the Company’s finances, including collecting quarterage and fines; and
- Collecting donations on behalf of the Tobacco Pipe Makers & Tobacco Trade Benevolent Fund.
OUR LEGAL BASIS FOR PROCESSING YOUR INFORMATION
Consent: here you have provided your consent for us to use your personal data. You may withdraw consent at any time by emailing the Clerk via clerk@tobaccolivery.org. This will not affect the lawfulness of processing of your information prior to your withdrawal of consent being received and actioned.
Legal obligations: It may be necessary for us to use your information to comply with our legal obligations, such as:
- To meet our compliance and regulatory obligations;
- For the prevention and detection of crime;
- In order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.
Where necessary for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property, and/or the rights or property of our grantees, partner organisations or supporters).
Legitimate interests: It may be necessary for us to use your personal data for the purposes of our legitimate interest or those of a third party. Where we are relying on this basis, we only do so where your interests do not override ours. Examples include:
- To run our day-to-day operations, including maintaining our records;
- To evaluate our work;
- To share information with trusted third parties, including the Tobacco Pipe Makers & Tobacco Trade Benevolent Fund.
HOW WE KEEP YOUR PERSONAL DATA SAFE
We understand how important it is to protect your personal data and take appropriate steps to safeguard it.
We implement adequate technical and organisational measures to ensure a level of security appropriate to the potential risks. For example:
- all persons authorised to access personal data are required to undergo appropriate training and must comply with organisational and technical measures that we have put in place;
- we have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We ensure that access to your personal data is restricted to those members of our staff, volunteers and contractors who need to access personal data to fulfil their roles. All authorised persons are appropriately trained and commit to ensuring confidentiality and security of your data.
Please note, we interact via the internet and email, and no external data transmission over the internet can be guaranteed to be 100% secure. While the Company strives to safeguard your personal data and mitigate any risks as far as possible, we cannot guarantee the security of the information you provide online and you do this at your own risk.
WHO HAS ACCESS TO YOUR PERSONAL DATA
Routinely, we may share your personal data with the following third parties, to enable us to provide our services, fulfil our charitable objectives, or comply with our legal obligations. These include:
- Our employees, agents and contractors where there is a legitimate reason for their receiving the information, including third parties where we have engaged them to process data on our behalf;
- The Tobacco Pipe Makers & Tobacco Trade Benevolent Fund;
- Third parties to whom we are required to disclose personal data under a legal obligation (for example for the purposes of fraud prevention or tax compliance);
- Third parties in connection with or as a result of restructuring or reorganisation of our operations, for example if we merge with another charity. In such event we will require that a third party commits to protecting your personal data and privacy rights;
- Organisations who provide services for us, for example our legal advisors, appointed accountants, auditors, IT services providers, mailing and marketing services providers. We select all third-party service providers with care and provide them with the minimum amount of information necessary to provide their service. We always a have an appropriate agreement in place that requires them to protect personal data to the same standard as we do;
- Courts, Government bodies, Law enforcement agencies or other competent authorities, for example by the Charity Commission.
TRANSFERS OF YOUR PERSONAL DATA TO OTHER COUNTRIES
For financial or technical reasons, we may need to transfer your personal data to countries outside the UK, which are subject to different data protection laws. We may do this where for example, we use suppliers in a third country or data is stored on servers outside the UK. We meet the UK GDPR requirements by ensuring that any personal data transferred outside the UK continues to be protected as if it were being held in the UK. If you would like more information about how we protect your personal data if it is transferred outside the UK, please contact us.
HOW LONG WE KEEP YOUR PERSONAL DATA FOR
We will only store your personal data for as long we need it to fulfil the purposes, we collected it for. When deciding how long to keep your personal data, we consider the amount and type of data, why we need it, how sensitive it is, and the potential harm if something went wrong. We keep all of the information we hold under review and will securely delete or anonymise personal data which is no longer required. For further information about how long we store your personal data, please contact us.
AUTOMATED DECISION-MAKING AND PROFILING
Automated decision-making is when a computer or similar electronic system uses personal data to make decisions about people without any human involvement. Profiling involves collecting various pieces of information about a person in order to analyse or evaluate certain aspects relating to that person or to make predictions about them (for example, how that person may behave or what their preferences are). Automated decision -making does not have to involve profiling, though it often will.
We do not use your personal data in automated decision-making, including profiling (i.e. we do not make decisions about you by way of automated means without human involvement).
If that changes, we will update this notice and notify you in writing (where appropriate).
YOUR RIGHTS
You have certain rights in relation to your personal data, namely:
- Right to be informed – You have a right to information about how we collect and use your personal data (this is contained within this privacy notice).
- Right of access to your personal data (commonly known as a "subject access request") –You can ask us to confirm if we are holding your personal data, request a copy of your personal data and certain other information to check that we are processing your data lawfully.
- Right to rectification – You can ask us to correct any information about you if you think it is wrong, or to update or complete information if you think it’s incomplete.
- Right of erasure – You can ask us to erase information about you in some circumstances although there might be reasons why we cannot do this.
- Right to restrict our processing of your personal data – You can ask us to stop processing your personal data, for example if you want us to establish its accuracy or you’re questioning our legal basis for processing it. This right only applies in certain circumstances.
- Right to object – You can object to our use of your personal data in certain circumstances. Please note, you always have a right to object to processing of your personal data for direct marketing purposes.
- Right to data portability – You can ask us to transfer your personal data to you or to another organisation free of charge and in a structured, commonly used format which is openly accessible to software (such as a CSV file). This right only applies where we hold your personal data to fulfil a contract or because we have gained your consent.
Some of these rights do not apply in all circumstances and we may be able to refuse or partially refuse requests in certain circumstances, such as where a legal exemption applies.
In most cases we have one month to respond. Occasionally, we may need to verify your identity before we are able to process a request.
You can exercise these rights by contacting the Clerk via clerk@tobaccolivery.org.
FAILURE TO PROVIDE PERSONAL DATA
When we collect personal information, we will make it clear whether you are required by law, or under a contract, to provide your personal data, and what will happen if you do not provide that data.
COMPLAINTS
In the first instance, please contact us to discuss any concerns and we will make every effort to resolve any issues.
You have the right to make a complaint to the Information Commissioner’s Office (ICO) if you are not happy with the way we are processing your personal data or our response to your attempt to exercise one of the rights above.
CHANGES TO PRIVACY NOTICE
We may revise this notice from time to time to reflect any changes to the way we handle your personal data or new legal requirements. We will advertise any changes on our website or, if the changes are material, we will bring them to your attention directly.
THE TOBACCO PIPE MAKERS AND TOBACCO TRADE BENEVOLENT FUND
PRIVACY NOTICE FOR GRANT RECIPIENTS AND DONORS
The Tobacco Pipe Makers and Tobacco Trade Benevolent Fund (registered charity number 1135646) (the “Charity”) is committed to protecting your personal data and being transparent about what personal data we collect and how we use it. This Privacy Notice explains why we collect certain personal information about you and how we use it. It sets out the legal basis for our processing and outlines your data protection rights.
WHO WE ARE AND HOW TO CONTACT US
For the purposes of the UK General Data Protection Regulation (“UK GDPR”) and any further UK legislation covering data protection, the Charity is the controller of your personal data. That means that we determine the purposes (why) and the means (how) we process your data.
For further information regarding privacy and data protection at the Charity, or if you have any questions, please contact the Secretary via BenevolentFund@tobaccolivery.org.
WHAT TYPE OF PERSONAL DATA WE COLLECT
Grant Recipients
We collect a variety of personal data in order to perform and administer our grant making function, including:
- Basic identifiers
- Contact details
- Occupation details
- Information concerning your engagement with us, including attendance at our events, responses to surveys or focus groups, records of meetings, etc.
- Any other information relevant to a grant funding application or award
- For promotional purposes, photographs of your charitable activities.
Certain types of personal data are considered by data protection law to be more sensitive than others. This includes “special category personal data” (information relating to your health, racial or ethnic origin, details of sexual life, sexual orientation, religious beliefs, political opinions or any genetic or biometric data that is used to identify you) and “criminal offences and conviction data”.
We do not routinely process any special category data or criminal offences and conviction data.
Donors
The type of personal data we process depends on the purposes for which we will need to use it, and may include:
- Basic identifiers
- Contact details
- Occupation details
- Information about our interactions with you
- Photos and videos, for example if you attend one of our events. We will always make sure you are aware if we plan to film an event you are attending.
We do not routinely process any special category data or criminal offences and conviction data.
HOW WE COLLECT YOUR PERSONAL DATA
Grant recipients
We may collect your personal data in a number of ways, for example:
- From the information you provide to us when you interact with us before making an application for grant funding
- When you submit a formal application
- From third parties, for example partner organisations, in order to verify details about you and/or your application for an award, or to administer your grant once awarded
- When you communicate with us by telephone, email or via our website or our social media channels, for example in order to make enquiries about an application or an award
- In various other ways as you interact with us during your time as a grant recipient.
Donors
We may collect your personal data in a number of ways, for example:
- From the information you provide to us when support our work
- From third parties, for example partner organisations, in order to verify details about you
- When you communicate with us by telephone, email or via our website or our social media channels
- When you attend our events
- In various other ways as you interact with us during your time as a supporter.
HOW WE USE YOUR PERSONAL DATA
Grant Recipients
The main reason we use your personal data is to allow us to work with you and perform our grant making function. In particular, we use your personal data for the following purposes:
- Reviewing and assessing applications for grant funding
- Maintaining records of previous grants and previously supported grantees
- Managing the grant, including coordinating any reporting obligations
- Monitoring your use of the grant
- Providing you with information and advice
- Administrative purposes, for example in connection with an event you have registered for or attended
- Conducting surveys, focus groups and other research
- Evaluating our work
- With your permission, featuring you or your representatives in promotional materials for marketing and fundraising purposes.
Donors
We will use your personal data for various purposes consistent with the legal basis we rely on. These purposes include:
- Processing and administering grants and donations
- Communicating with you
- Organising activities you have told us you wish to be involved in
- Sending you communications that may be of interest, including marketing information about our services and activities, campaigns and appeals for donations and other fundraising activities and promotions for which we seek support
- Seeking your views on the services or activities we carry on so that we can make improvements
- Maintaining our organisational records
- Carrying out analysis of our donor database. For example, this may include inviting prospective donors to events, or contacting past donors about new opportunities for donation
- Inviting you to take part in volunteering activities, where you have expressed an interest in this.
OUR LEGAL BASIS FOR PROCESSING YOUR INFORMATION
Grant Recipients
Consent: here you have provided your consent for us to use your personal data. For example, if you sign up to receive marketing communications from us. You may withdraw consent at any time by emailing the Secretary via BenevolentFund@tobaccolivery.org. This will not affect the lawfulness of processing of your information prior to your withdrawal of consent being received and actioned.
Legal obligations: It may be necessary for us to use your information to comply with our legal obligations, such as:
- To meet our compliance and regulatory obligations
- For the prevention and detection of crime
- In order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities
Where necessary for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property, and/or the rights or property of our grantees, partner organisations or supporters).
Legitimate interests: It may be necessary for us to use your personal data for the purposes of our legitimate interest or those of a third party. Where we are relying on this basis, we only do so where your interests do not override ours. Examples include:
- To manage grant applications
- To run our day-to-day operations, including maintaining our records
- To evaluate our work
- To share information with trusted third parties.
Donors
Consent: here you have provided your consent for us to use your personal data. For example, if you sign up to receive marketing communications from us. You may withdraw consent at any time by emailing Secretary via BenevolentFund@tobaccolivery.org. This will not affect the lawfulness of processing of your information prior to your withdrawal of consent being received and actioned.
Legal obligations: It may be necessary for us to use your information to comply with our legal obligations, such as:
- To meet our compliance and regulatory obligations
- For the prevention and detection of crime
- In order to assist with investigations (including criminal investigations) carried out by the police and other competent authorities.
Where necessary for the establishment, exercise or defence of legal claims (for example, to protect and defend our rights or property, and/or the rights or property of our grantees, partner organisations or supporters).
Legitimate interests: It may be necessary for us to use your personal data for the purposes of our legitimate interests, or those of a third party.
- Planning fundraising campaigns
- Inviting existing donors to increase engagement.
HOW WE KEEP YOUR PERSONAL DATA SAFE
We understand how important it is to protect your personal data and take appropriate steps to safeguard it.
We implement adequate technical and organisational measures to ensure a level of security appropriate to the potential risks. For example:
- All persons authorised to access personal data are required to undergo appropriate training and must comply with organisational and technical measures that we have put in place
- We have also put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We ensure that access to your personal data is restricted to those members of our staff, volunteers and contractors who need to access personal data to fulfil their roles. All authorised persons are appropriately trained and commit to ensuring confidentiality and security of your data.
Please note, we interact via the internet and email, and no external data transmission over the internet can be guaranteed to be 100% secure. While the Charity strives to safeguard your personal data and mitigate any risks as far as possible, we cannot guarantee the security of the information you provide online and you do this at your own risk.
WHO HAS ACCESS TO YOUR PERSONAL DATA
Routinely, we may share your personal data with the following third parties, to enable us to provide our services, fulfil our charitable objectives, or comply with our legal obligations. These include:
- Our partner organisations where necessary for the assessment of grant applications
- Our employees, agents and contractors where there is a legitimate reason for their receiving the information, including third parties where we have engaged them to process data on our behalf as part of administering the award application process
- Trusted third parties who help us to evaluate our work
- Third parties to whom we are required to do disclose personal data under a legal obligation (for example for the purposes of fraud prevention or tax compliance)
- Third parties in connection with or as a result of restructuring or reorganisation of our operations, for example if we merge with another charity. In such event we will require that a third party commits to protecting your personal data and privacy rights
- Organisations who provide services for us, for example our legal advisors, appointed accountants, auditors, IT services providers, mailing and marketing services providers. We select all third-party service providers with care and provide them with the minimum amount of information necessary to provide their service. We always a have an appropriate agreement in place that requires them to protect personal data to the same standard as we do
- Courts, Government bodies, Law enforcement agencies or other competent authorities, for example by the Charity Commission.
TRANSFERS OF YOUR PERSONAL DATA TO OTHER COUNTRIES
For financial or technical reasons, we may need to transfer your personal data to countries outside the UK, which are subject to different data protection laws. We may do this where for example, we use suppliers in a third country or data is stored on servers outside the UK. We meet the UK GDPR requirements by ensuring that any personal data transferred outside the UK continues to be protected as if it were being held in the UK. If you would like more information about how we protect your personal data if it is transferred outside the UK, please contact us.
HOW LONG WE KEEP YOUR PERSONAL DATA FOR
We will only store your personal data for as long we need it to fulfil the purposes we collected it for. When deciding how long to keep your personal data, we consider the amount and type of data, why we need it, how sensitive it is, and the potential harm if something went wrong. We keep all of the information we hold under review and will securely delete or anonymise personal data which is no longer required. For further information about how long we store your personal data, please contact us.
AUTOMATED DECISION-MAKING AND PROFILING
Automated decision-making is when a computer or similar electronic system uses personal data to make decisions about people without any human involvement. Profiling involves collecting various pieces of information about a person in order to analyse or evaluate certain aspects relating to that person or to make predictions about them (for example, how that person may behave or what their preferences are). Automated decision-making does not have to involve profiling, though it often will.
We do not use your personal data in automated decision-making, including profiling (i.e. we do not make decisions about you by way of automated means without human involvement).
If that changes we will update this notice and notify you in writing (where appropriate).
YOUR RIGHTS
You have certain rights in relation to your personal data, namely:
- Right to be informed – You have a right to information about how we collect and use your personal data (this is contained within this privacy notice)
- Right of access to your personal data (commonly known as a "subject access request") – You can ask us to confirm if we are holding your personal data, request a copy of your personal data and certain other information to check that we are processing your data lawfully
- Right to rectification – You can ask us to correct any information about you if you think it is wrong, or to update or complete information if you think it’s incomplete
- Right of erasure – You can ask us to erase information about you in some circumstances although there might be reasons why we cannot do this
- Right to restrict our processing of your personal data – You can ask us to stop processing your personal data, for example if you want us to establish its accuracy or you’re questioning our legal basis for processing it. This right only applies in certain circumstances
- Right to object – You can object to our use of your personal data in certain circumstances. Please note, you always have a right to object to processing of your personal data for direct marketing purposes
- Right to data portability – You can ask us to transfer your personal data to you or to another organisation free of charge and in a structured, commonly used format which is openly accessible to software (such as a CSV file). This right only applies where we hold your personal data to fulfil a contract or because we have gained your consent.
Some of these rights do not apply in all circumstances and we may be able to refuse or partially refuse requests in certain circumstances, such as where a legal exemption applies. In most cases we have one month to respond. Occasionally, we may need to verify your identity before we are able to process a request.
You can exercise these rights by contacting the Secretary via BenevolentFund@tobaccolivery.org.
FAILURE TO PROVIDE PERSONAL DATA
When we collect personal information, we will make it clear whether you are required by law, or under a contract, to provide your personal data, and what will happen if you do not provide that data.
COMPLAINTS
In the first instance, please contact us to discuss any concerns and we will make every effort to resolve any issues.
You have the right to make a complaint to the Information Commissioner’s Office (ICO) if you are not happy with the way we are processing your personal data or our response to your attempt to exercise one of the rights above.
CHANGES TO PRIVACY NOTICE
We may revise this notice from time to time to reflect any changes to the way we handle your personal data or new legal requirements. We will advertise any changes on our website or, if the changes are material, we will bring them to your attention directly.