Research, privacy statement
Data Protection. Membership Matters comply in full by the “Data Protection Legislation” which means (i), the General Data Protection Regulation ((EU) 2016/679) and any national implementing laws, regulations and secondary legislation, as amended or updated from time to time, in the UK and then (ii) any successor legislation to the GDPR or the Data Protection Act 1998.
Membership Matters will comply with all applicable requirements of the Data Protection Legislation and will contractually require all clients to work to the same measures.
For the purposes of the Data Protection Legislation, the Client is the data controller and Membership Matters is the data processor. This means that each research sets out the scope, nature and purpose of processing.
The duration of the processing will be in line with an agreed detailed project plan and the types of personal data is typically restricted to email addresses (or alternatively as defined in the Data Protection Legislation, Personal Data) and categories of Data Subject.
All our clients are contractually obliged to ensure that all appropriate consents and notices are in place to enable lawful transfer of email addresses (or other personal data) to Membership Matters for the duration of a research.
Membership Matters strictly process Personal Data only on the basis of contractual agreements with clients or by written instructions, unless required otherwise by the law.
Membership Matters ensures that it has in place appropriate technical and organisational measures, to protect against unauthorised or unlawful processing of Personal Data and against accidental loss or destruction of, or damage to, Personal Data, (those measures include, where appropriate, encrypting Personal Data, ensuring confidentiality, integrity, availability and resilience of its systems and services, also ensuring availability of and access to Personal Data can be restored in a timely manner after an incident, and regularly assessing and evaluating the effectiveness of the technical and organisational measures);
All personnel who have access to and/or process Personal Data are obliged to keep the Personal Data confidential; and will not transfer any Personal Data outside of the European Economic Area
For any data transfer, safe practice will be contractually agreed.
Membership Matters will assist in responding to any request from a Data Subject and in ensuring compliance with its obligations under the Data Protection Legislation with respect to security, breach notifications, impact assessments and consultations with supervisory authorities or regulators.
All Personal Data and copies are deleted or returned to the client on termination of any agreement. For absolute clarity, email addresses and or personal data is never shared or sold to third parties by Membership Matters.