Version 2.0 4th April 2019
1.2 Marine Energy Wales and its associated projects, including the Marine Energy Test Area (META), are operated by Pembrokeshire Coastal Forum (PCF), a Community Interest Company (CIC) limited by guarantee. PCF manage and deliver a number of marine based projects, including Marine Energy Wales, Pembrokeshire Outdoor Charter Group and Pembrokeshire Marine Code.
1.3. This Data Protection Policy (DPP) has been prepared to demonstrate how we are meeting the requirements of the General Data Protection Regulations (GDPR) in our routine communications and practice with contacts and clients.
1.4. This policy covers the following activities undertaken by Marine Energy Wales:
- E-Newsletters to the Marine Energy Wales mailing list.
- Accounting and financial dealings with clients purchasing our services.
- Routine, day to day office activities and archive office procedures, contacts and clients.
These sections are described in more detail below.
1.5. Overall policy – It has been and is our policy to conduct our activities in line with current data protection policies i.e. GDPR. Since we have to subscribe to a high standard of business accounting and the compliance standards imposed by credit card companies this approach extends to our financial transactions with business clients. It is our intention to make our DPP policy and process as transparent as possible.
1.6. Requirements of GDPR: Contact and client (data subjects) rights – We will seek to respond to any inquiries about the new rights under the GDPR including:
- Your right of access to personal information records
- Your right to correct data
- Your right to be forgotten, for records to be deleted
- Your right to withdraw your consent for processing at any time
- Your (the) right to complain to the Information Commissioners Office
1.7. Security breach – We will communicate with contacts or clients should we have a security breach.
2. Bulk emailing to the Marine Energy Wales contact list
2.1. Introduction – We write a monthly Marine Energy Wales E-Newsletter to keep subscribers up to date with latest industry news, innovations and job opportunities across the sector. In order to do this we use MailChimp, a white listed emailing system (with an unsubscribe option on every email), and a consent based, opt-in policy.
2.2. Mailing Lists – In addition to our monthly E-Newsletter, we use a CRM, Hubspot, to send specific contact lists mailings on project updates, our annual conference announcements, events, consultations and important industry news. These are predominantly to communicate to our members and other important key stakeholders. There is an unsubcribe option on every email should contacts wish to remove themselves from the list.
2.3. Personal data held – For routine mailings using the MailChimp emailing service we hold the name, email address and in some cases organisation details. Other details such as the date contacts subscribed (evidence of consent based opt-in), and mailing preferences are also held.
We do not hold postal address information for our email contacts.
It is our policy only to hold the personal data consistent with our current practice e.g. emailing.
2.4. Marine Enegry Wales does not share or sell personal information about contacts or customers with third parties for the purposes of marketing.
2.5. Risk Assessment – From our understanding of the GDPR regulations the data we hold with regard to our bulk emailing contacts would be a ‘low risk’ in relation to our contacts.
2.6. Consent based subscription and unsubscribing – We process this data on the basis of consent. We have the details of when contacts subscribed to the Marine Energy Wales e-newsletter and since 2014 we have and continue to use a consent based opt-in approach via our website Contact | Marine Energy Wales. We have no desire to send people unwanted emails. All emails carry an unsubscribe option to enable recipients to unsubscribe at any point. Any queries regarding this should be directed to our Marketing & Communications Manager firstname.lastname@example.org
3. Accounting and financial dealings with clients
3.1. Introduction – We maintain records of our financial transactions with clients or bookings made by credit card or cheque as would any business. In this regard these are subject to standard accounting procedures not least the need to retain transaction/account records for seven years.
We comply with the data protection standards of our credit card company which explicitly requires that credit card details are destroyed after transactions. This data is not used for any other purposes.
4. Routine, day to day office activities and archive office procedures
4.1. Introduction – Our business activities fall into two main categories: routine and day to day contacts with clients and business associates, and archive records that arise from the completion of projects. In this regard we follow procedures that ensure a high level of security on our computing activities as well as offline storage of information in locked cabinets. The data involved is not used for any other purposes.
5. Other Questions
Should you have any questions concerning our work and data protection issues please contact PCF’s HR, Finance and Policy Manager email@example.com