- the information that we hold from which individuals can be identified (‘Personal Data’);
- how we deal with Personal Data; and
- who we may share it with.
- Who we are
Administration Services Limited (ASL) is a private company limited registered in England and Wales (Company Number 02230784) further information about the company can be found at Companies House https://www.gov.uk/government/organisations/companies-house)
ASL acts as Data Controller and Data Processor in respect of the information it collects from you and is registered with the ICO as Data Controller for the purposes of the Data Protection Act 1998.
ASL also acts as Data Processor on behalf of our clients.
- What Personal Data do we collect and use?
The Personal Data about you that we collect and use is principally:
- your name and postal address, which may include a home address
- your contact details including e-mail and phone numbers
- date of birth
In some cases, it may include other Personal Data that you may provide to us from time to time.
How your Personal Data is collected
We collect Personal Data about you from:
- enquiries for services
- your membership application or enquiry
- any information you supply to us as to change of address or as to e-mail address
- payments made by you to us
- registration to attend events
Only in extraordinary circumstances would we hold Personal Data relating to you which had been supplied by anyone other than you. An example might be where contact details were provided by your employer as part of an event booking. If you decide to supply Personal Data to us about another person, please ensure that you do so only with that person’s approval.
- What we use your Personal Data for
We may use your Personal Data for one or more of the following purposes:
- sending membership information which includes, events, meetings, publications, services and membership updates
- sending enquirers details on how to join and invites to events
- sending membership subscriptions
- processing payments and supplier invoices
- updating you on our services
- Your rights in relation to your Personal Data
You can tell us that you no longer wish to receive communications from us either of a particular kind or at all by sending an e-mail to that effect to: email@example.com
- Our legal obligations regarding your data
We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) (‘GDPR‘) and the UK Data Protection Act 2018 (‘DPA‘) together with other applicable UK and EU laws that regulate the collection, processing and privacy of your Personal Data (together, ‘Data Protection Law‘).
- Disclosing your Personal Data to third parties
Subject to the exceptions listed below, ASL does not sell, share or transfer any information gathered during the registration processes to any third parties.
The exceptions are:
- Subcontractors that we engage to help us provide the necessary services to you.
- where we use third party data processors who are engaged under contract to handle data on our behalf (for example an IT supplier or database hosting provider). In relation to these data processors, we will take all reasonable steps to ensure that they:
- act only in accordance with our instructions;
- only use your Personal Data for lawful purposes and in compliance with applicable data protection law; and
- put adequate safeguards in place to protect your Personal Data.
It is unlikely, but conceivable, that we might disclose your Personal Data to third parties who make their own determination as to how they process your Personal Data and for what purpose(s) (called ‘data controllers‘). In those circumstances, we would expect to notify you so that you could check the relevant privacy policies of those organisations to understand how they may use your Personal Data. Since they would be acting outside our control, we would have no responsibility for the data processing practices of such data controllers.
Other than in the rare and unlikely circumstances described above, we will treat your Personal Data as private and will not disclose your Personal Data to third parties without you knowing about it.
- How long we retain your Personal Data for
We shall only retain your Personal Data for as long as you remain a client or supplier of ASL, or to comply with our legal duties in respect or HMRC and other bodies.
In accordance with our legal duties, we have a Personal Data retention policy (which is available on request) that sets out the different retention periods for Personal Data. The criteria we use for determining these retention periods is based on various legislative requirements; the purpose for which we hold Personal Data; and guidance issued by relevant regulatory authorities including but not limited to the UK Information Commissioner’s Office (ICO).
We shall take all reasonable steps to ensure that we dispose of Personal Data that we decide no longer to retain securely.
- Security that we use to protect Personal Data
We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and so we cannot guarantee the security of all data sent to us (including Personal Data).
- Your Personal Data rights
You have a statutory right (‘Subject Access Request‘) to request information, including information about:
- the Personal Data that we hold about you;
- what we use that Personal Data for; and
- to whom it may be disclosed.
Usually we will have a month to respond to such as Subject Access Request. We reserve the right to verify your identity if you make such a Subject Access Request and we may, in case of complex requests, require a further two months to respond. We may also rely upon certain legal exemptions when responding to your request.
You also have the following statutory rights, which are exercisable by making a request to us in writing:
- to require that we correct Personal Data that we hold about you which is inaccurate or incomplete
- to require that we erase your Personal Data without undue delay, if we no longer need to hold or process it;
- to object to our use of your Personal Data for direct marketing; or
- to require that we do not use of your Personal Data otherwise than in compliance with the policy statements above unless we have a legitimate reason for so using it.
All of these requests may be forwarded on to a third party provider who is involved in the processing of your Personal Data on our behalf.
If you would like to exercise any of the rights set out above, please contact us at the address below
If you make a request and are not satisfied with our response, or believe that we are illegally processing your Personal Data, you have the right to complain to the Information Commissioner’s Office (ICO) – see https://ico.org.uk.
- Contact details
31 October 2018