Privacy Overview in brief
Your data privacy is incredibly important to us. We respect you and your data, we will not sell your data or email address to third parties.
We will do everything we can to keep your details and data private. The web is not 100% secure, but we will however do everything we can to keep your data private, with regular security updates/ patches, passwords, firewalls, backups and robust security systems and procedures to try our best to keep your data away from any malicious activity.
We collect anonymous statistical information about our users’ systems and browsing habits using systems from our server logs, cookies and from system such as Google Analytics to continually improve the NAS service.
We may use information held about you to provide you with news about service updates, things we think you might be interested in, or any changes to our business.
The NAS servers and Customer Relations Management system are all held within the United Kingdom naturally all server backups are all held and handled within the UK.
If you have signed up for newsletters or any other such information that the NAS provide and want us to stop contacting you. No problem, you have options:
The quickest way to stop receiving a newsletter or other such information is click on the unsubscribe link at the bottom of the email (this way we hold your details on a ‘suppression list’ to make sure you do not receive any more of these emails or newsletters).
If you are registered on multiple newsletters (e.g. daily news via email and Eventbrite), and you want to stop receiving one of the newsletters, we recommend clicking on the unsubscribe link at the bottom of the email you no longer wish to receive. If you want us to delete your records, please email firstname.lastname@example.org and we will handle your request within 28 days.
The difference between unsubscribe and deletion / removal. You can either unsubscribe or delete your details on request. If you unsubscribe, we will hold your details in a ‘suppression list’ to ensure you do not receive any future emails for a newsletter and so we can automatically manage your preferences on how we handle your data.
If we delete your details, this will be completed within 28 days, and we will completely delete/remove your records. So if you sign up for any company related information in the future, we will no longer hold any of your preferences and these will have to be set up again. Deletion of records will be completed as quickly as possible. We say that this will take 28 days, to ensure your details are also removed from any company database or server backups.
For the purpose of the Data Protection Act 1998 or any replacement legislation including the EU General Data Protection Regulation (the "GDPR") (together, the “Data Protection Legislation”), the data controller for National Association of Shopfitters is the NAS and their registered address is NAS House 411 Limpsfield Road Warlingham Surrey CR6 9HA United Kingdom http://www.shopfitters.org/
The NAS is committed to ensuring that your details are kept private and confidential and will do our utmost to guarantee this. In accordance with the Data Protection Act and the General Data Protection Regulation 9 GDPR), we endeavour to provide our users with a safe, secure and confidential experience. All of the information that you provide will only be used for the purposes set forth herein.
General Information Disclosure
Our policy is to keep details such as your name, address, e-mail address, telephone number, etc. private and confidential and do not disclose these details to outside parties, except when we are certain that the law requires it. As indicated earlier, we may share aggregate information with our stakeholders.
How we host and handle your data
The personal information that we collect from our stakeholders will, where possible, be stored and processed within the European Economic Area (EEA). The NAS website servers and Customer Relationship Management database servers are all hosted within the EEA region. We will only keep your personal information for as long as we reasonably require and, in any event, only for as long as Data Protection Legislation allows.
Although we will take extensive steps to protect your personal information, we cannot guarantee the security of your data transmitted via email and/or our website; any transmission is at your own risk. We take steps to protect your personal information from unauthorised access and against unlawful processing, accidental loss, destruction and damage. Unfortunately, the transmission of information via the internet is not completely secure.
In the event your personal information is transferred, stored or processed outside of the EEA, we will take all steps reasonably necessary to ensure that your personal information is treated securely.
Managing your data
In all of our e-communications you can unsubscribe. If you unsubscribe the NAS will then hold your details on a ‘suppression list’ to ensure we do not send any more emails to that registered email address for the selected subscription.
If you are subscribed to more than one email subscription list, you can be unsubscribed from one, or all email lists. If you unsubscribe from one service, you will still be registered and receive email from the other services you are subscribed to.
The NAS gives you the right to object from receiving further correspondence from the Company. On any subscription emails from the NAS there will be the option to ‘unsubscribe’ from receiving any further email correspondence.
You can also make a request to object by emailing email@example.com (Subject: Data Right to Object) or writing to the Data Controller, NAS House 411 Limpsfield Road Warlingham Surrey CR6 9HA United Kingdom We will handle all requests within 30 days.
Request for Deletion
It is important to understand the difference between a right to object / unsubscribe and a request for deletion. If you request deletion, we will remove any data we hold about you from our systems. This will also mean that we will remove you from our suppression files.
If you are removed from our suppression files, there is a risk that we may contact you again in the future if your details are re-added to our systems by a sales person who genuinely believes you may have a legitimate interest in the NAS services. If you do not wish to receive correspondence from the NAS in the future we recommend that you request a right to object / unsubscribe, as this will ensure that your details are always suppressed from receiving correspondence.
The option however is yours, and in either case we will process your request within 30 days.
Request for Data Held
You may request that we send you all of the data we hold that relates to you. Please make your request in writing by emailing firstname.lastname@example.org (Subject: Data Right to Object) or writing to the Data Controller, National Association of Shopfitters NAS House 411 Limpsfield Road Warlingham Surrey CR6 9HA United Kingdom. We will process and respond to your request within 30 days.
Feedback can be submitted to the NAS and any feedback that is submitted through the Contact Us area of the website becomes property of the NAS. We may use this feedback for marketing purposes and to contact you for further feedback on the site.
What information does the GDPR affect?
GDPR applies to the handling and storing of any personal data that could be used directly or indirectly to identify a person. GDPR applies to both automated personal data and to manual filing systems.
What constitutes as data?
Personal data – any information which relates directly to an individual and can be linked directly to them. This includes a person’s name, phone number, email address, photographs, genetic and economic data. This kind of data is the focus of GDPR and data protection.
Anonymous data – data which has been anonymised properly cannot be traced back to the original individuals in any way but can still be processed by organisations to conduct research. Fully anonymous data is not covered by GDPR as it contains no personal information to protect.
Pseudonymous data – data which has been properly pseudonymised can only be connected back to an individual using a specific ‘key’ or code. This can be an extra layer of security, but the data is still treated as Personal Data under GDPR because of the possibility of personal identification.
Who is a controller?
The NAS is a controller if you decide how data is collected, managed, stored, used and/or deleted. You have a legal responsibility for the personal data you manage.
What is a processor?
The NAS are a processor if you manage the data on behalf of controllers but do not determine its uses, purpose, collection or deletion. You are complying with (legal) instruction from the controllers.
How does it affect you?
GDPR details procedures that are required by law, so you need to comply with them. It is therefore essential to make sure that you – as a Contractor, or a supplier of goods or services relating to your business – are following best practice in terms of:
Ensuring that you have clear policies and acceptable processes in place will give you a strong case against a hefty fine in the event of non-compliance or data breach.