ESTnet LIMITED trading as Technology Connected
Members, Prospective Members
Third Parties GDPR Privacy Policy
Dated 17th June 2020

1. Introduction
We are committed to protecting and respecting your privacy. Although our members are businesses, not individuals, we do collect and use personal information relating to individuals as part of our activities. This is generally in order to manage our membership and to carry out our wider work representing the interests of technology businesses in Wales. We also collect some personal information about individuals
who sign up to our events or surveys or to receive our briefings and who work for or with us. Everyone has rights regarding the way in which their personal information is handled. During the course of our activities we will collect, store and process personal information about our
members, our members’ employees aggregated and anonymised suppliers and other third parties, and we recognise that the correct and lawful treatment of this data will maintain in confidence in the organisation and will provide for successful business operations. This Policy is intended for members, prospective members, suppliers, users of our website and other third parties with whom we engage. We have a separate privacy notice for Employees and Prospective Employees. This policy sets out the basis on which any personal information we collect from you, or that
you provide to us, will be processed by us. Please read the following carefully to understand our views and practices regarding your personal information and how we will treat it. For the purpose of UK data protection laws and General Data Protection Regulation (GDPR),
the data controller for both Technology Connected and ESTnet is ESTnet Limited whose registered office is at Queens Chambers, 2 North Street, Newport, NP20 1TE.

2. Data protection principles
We should only process your data where we have legal grounds to do so. This means your
personal information must be:-

  • processed lawfully, fairly and in a transparent manner;
  • processed for specified, explicit and legitimate purposes;
  • adequate, relevant and limited to what is necessary;
  • accurate and kept up-to-date;
  • kept for no longer than is necessary; and
  • processed in a manner than ensures appropriate security.

3. Information you give to us:

We may collect, use, store and transfer different kinds of personal information about you, including:-

  • Identity Data, such as your name, title, job title and your employer;
  • Contact Data, such as your work addresses, work email addresses and work telephone
    numbers;
  • Activities Data which means data relating to the activities of ESTnet that you
    participate in;
  •  Transaction Data, including details about payments to and from your organisation,
    and the details of services and activities that your organisation pays for with ESTnet;
  •  Technical Data, including IP addresses, your log-in data, browser type and version,
    time-zone setting and location, browser plug-in types and versions, operating system
    and platform and other technology on the devices you use to access our website;
  • Profile Data, such as your username, password, purchases or orders made by you,
    your interests, preferences, feedback and survey responses;
  • Usage Data, including information about how you use our website, products and
    services; and
  • Marketing Data, such as your preferences in receiving marketing from us and our
    third parties, and your communication preferences.

4. Children
Our website and services are not aimed specifically at children because we are a membership organisation for supporting business and accordingly, we do not collect data in relation to children.

5. How we collect your personal information
We may obtain personal information by directly interacting with you, such as:-

  • meeting with you in our offices, online events, at physical events or elsewhere;
  • receiving information about you from other parties involved in transactions or
  • discussions with you or who have sought to introduce you to ESTnet;
  • filling in forms on our website;
  • participating in discussion boards or other social media functions on our website;
  •  giving us your business card;
  • entering a competition, promotion or survey organised by us, or otherwise providing
    us with feedback;
  • subscribing to our services or publications, or otherwise requesting marketing
    material to be sent to you; or
  • correspondence with us by phone, email, letters or otherwise by yourself and other
    third parties.

We may obtain personal information via automated technology when you interact with our website by using cookies, server logs and other similar technologies.

We may also collect personal information about you from third parties or publicly-available sources, such as:-

  • your business colleagues and other contacts such as sub-contractors who work for us marketing Technology Connected, ESTnet or helping us provide events.
  • professional advisers;
  • business networks with which both you and we are connected;
  • analytics providers (such as Google and Full Story);
  • advertising networks;
  • providers of technical, payment and delivery services; and
  • by conducting searches of publicly-available databases or social media sites, such as Companies House, Facebook, Twitter, and LinkedIn.

6. When can we use your personal information
GDPR and UK Data protection law sets the lawful legal bases (or ‘conditions’) which allow us to collect, hold and use your personal information. For Technology Connected and ESTnet, these are:

  • for the purposes of our own legitimate interests. We believe that we have a legitimate interest in being able to provide our services to our member and prospective member organisations and to represent our members and the interests of businesses in Wales and across the UK. As set out in this notice, this sometimes requires us to collect and use personal information about individuals. We only use this legal basis where these interests are not overridden by your interests and fundamental rights or and freedoms;
  • where we have entered into a contract with you. In these circumstances, we may need to process your personal information in order to fulfil the contract. For example, this may apply if you book to attend one of our events;
  • where we are under a legal obligation to process personal information. For instance, we are required to collect certain information in accordance with our obligations under equalities legislation;
  • sometimes, we will ask you for your agreement to process your personal information. This is particularly the case when we wish to collect or use any special categories of personal information (see below);
  • data protection law recognises certain ‘special categories’ of personal information, which include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic information, biometric information for uniquely identifying a person, information concerning health, and information concerning a person’s sex life or sexual orientation;
  •  these special categories are considered particularly sensitive and so we will only collect and use this information where you have given us your explicit consent or where we consider it necessary to do so. For example, you may choose to tell us about your health condition before attending one of our events. We will only use this information for the particular event and not for any other purposes.

7. We will only use ‘special category’ information:-

  • provided we have your explicit consent to use it, for example, medical information
    that you have provided to us to facilitate your attendance at an event;.
  • where we believe that we need to use that data to protect your vital interests where
    you are not able to provide us with your explicit consent;
  • where it is necessary for reasons of substantial public interest;
  • where you have previously made that data public knowledge;
  • if we need to use that data to establish, exercise or defend legal claims; or
  • where there is some other legal basis that allows us to use that information.

8. Purposes for which we will use your personal information
The primary reason for asking you to provide personal data is to allow us to carry out our activities as a membership organisation.
We may use information we hold about you in the following ways:

  •  to confirm your identity.
  •  to administer the membership of your company/organisation.
  •  to let you know about other relevant services, both ours and those of other parties
    whose products and services we have agreed should be made available to you (see the section below on contacting you for more information about this).
  •  to update and correct our membership records and financial records of your transactions with us.
  • to carry out statistical and market analyses, including benchmarking exercises, to enable us to understand you better and improve our services.
  •  to develop, test and improve our systems.
  •  to notify you about changes to our services.
  •  to ensure the content of our website is presented in the most effective manner for you and for your computer.
  • to administer our website and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes.
  • to improve our website to ensure that content is presented in the most effective manner for you and for your computer.
  • Internal management and planning, which includes:-
     Resource management;
     Planning of tasks or meetings;
     Keeping records of sources of new enquiries; and
     Storage and archiving of files and documents.

We will only use your personal information for the purpose(s) for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an
unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal information without your knowledge or consent, in compliance with the above rules, or where this is required or permitted by law.

9. Cookie policy
Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse our website and also allows us to improve our website. A cookie is a small file of letters and numbers that we store on your
browser or the hard drive of your computer if you agree. Cookies contain information that is transferred to your computer’s hard drive.
We use the following cookies:-

  •  Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website, use a shopping cart or make use of e-billing services.
  • Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users
    are finding what they are looking for easily.
  • Functionality cookies. These are used to recognise you when you return to our website. This enables us to personalise our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
  • Targeting cookies. These cookies record your visit to our website, the pages you have visited and the links you have followed. We will use this information to make our website and the advertising displayed on it more relevant to your interests. We may also share this information with third parties for this purpose. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our website. Except for essential cookies, all cookies will expire after a maximum of two years.

10. Disclosure of your information

We may share your personal information with the parties set out below :-

  •  Event venues, attendees, speakers, sponsors and organisers contracted by Technology Connected and ESTnet.
  • Online service providers such as event booking systems, marketing systems and survey tools.
  • We may also share your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect our
    rights, property, or safety of our members and their employees, or others.
  • HM Revenue & Customs, the Information Commissioner’s Office and any other regulators and other authorities who require reporting of processing activities in certain circumstances;
  • business partners, suppliers and sub-contractors to the extent we consider it reasonably necessary for us to perform our services;
  • analytics and search engine providers that assist us in the improvement and optimisation of our website; and
  • third parties to whom we may choose to sell, transfer, or merge parts of our business or our assets. Alternatively, we may seek to acquire other businesses or merge with them. If a change happens to our business, then the new owners may use your personal information in the same way as set out in this policy.
  • We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to
    process your personal information for specified purposes and in accordance with our instructions.

11. Where we store your personal information
Most matters with which we deal will have either electronically on password protected computers in password protected data bases stored in cloud-based servers. We will take all steps reasonably necessary to ensure that your data is treated securely,
including taking the following safeguards:-

  • Methods of disposal. Paper documents are disposed of by shredding in a manner that ensures confidentiality.
  • Equipment. Our internal policies require that users lock or log-off from their computer when it is unattended.
  • Training. We ensure our employees are trained in the importance of data security.
  • Electronic access. All data stored electronically is password-protected. Where we have provided an authorised user with a password, that user is responsible for keeping this password confidential and is not permitted to share the password with anyone.
  • Payment details. Where appropriate, we will send payment and banking details by secure messaging system to reduce the risk of those emails being unlawfully intercepted.
  • Overseas transfers. We will only transfer data overseas, outside of the EEA, where lawful to do so. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.

12. How long we will store your personal information
We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy.
We will generally keep personal information about you no longer than is needed for us to carry out the functions described in this notice.
We will usually delete personal information that we collect related to our events after six months. However, we may retain some information (such as attendance records) for longer where it is in our legitimate interests to do so. We will keep personal information held as part of our membership records for the duration of that organisation’s membership. At the end of the membership, we will delete the majority of
records and only retain the minimum information necessary to deal with any future issues.

13. Your rights
You have various legal rights in relation to the information you give us, or which we collect
about you, as follows:-

  • You have a right to access the information we hold about you free-of-charge, together with various information about why and how we are using your information, to whom we may have disclosed that information, from where we originally obtained the
    information and for how long we will use your information.
  • You have the right to ask us to rectify any information we hold about you that is inaccurate or incomplete.
  •  You have the right to ask us to erase the information we hold about you (the ‘right to be forgotten’). Please note that this right can only be exercised in certain circumstances and, if you ask us to erase your information and we are unable to do so, we will explain why not.
  • You have the right to ask us to stop using your information where:-
    o the information we hold about you is inaccurate;
    o we are unlawfully using your information;
    o we no longer need to use the information; or
    o we do not have a legitimate reason to use the information. Please note that we
    may continue to store your information, or use your information for the purpose
    of legal proceedings or for protecting the rights of any other person.
  • You have the right to ask us to transmit the information we hold about you to another person or company in a structured, commonly-used and machine-readable format. Please note that this right can only be exercised in certain circumstances and, if you
    ask us to transmit your information and we are unable to do so, we will explain why not.
  • Where we use/store your information because it is necessary for our legitimate business interests, you have the right to object to us using/storing your information. We will stop using/storing your information unless we can demonstrate why we believe we have a legitimate business interest which is more important than your interests, rights and freedoms.
  • Where we use/store your data because you have given us your specific, informed and unambiguous consent, you have the right to withdraw your consent at any time.
  • You have the right to object to us using/storing your information for direct marketing purpose

If you wish to exercise any of your legal rights, please contact Avril Lewis by writing to the address at the top of this policy, or by emailing us at avril.lewis@technologyconnected.net. You also have the right, at any time, to lodge a complaint with the Information Commissioner’s Office if you believe we are not complying with the laws and regulations relating to the use/storage of the information you give us, or that we collect about you.

14. Contacting you and opting out of receiving marketing communications
An important part of our work is communicating with our membership and prospective membership, telling them about our activities and how we are supporting their interests, and seeking their views on current issues. To do so, we use personal information to keep in touch
with individuals within our member organisations, as well as partners and other individuals.

We will use the contact information you have given us to send you important information. This may be by post, social media, email, text message or telephone. We may also use the information we hold about you to provide you with information about other products or services we feel may interest you. Because we operate primarily with businesses rather than individuals, we do not generally seek your consent to send you marketing communications. We believe that such communications are both in our legitimate interests, to raise awareness of our work and
promote our services, and in your interests. However, you do have the right to ask us to stop sending you marketing communications. If you would like to stop receiving these, please visit the preferences centre or contact enquiries@technologyconnected.net to update your
preferences.

15. Automated decision-making
We do not use automated decision-making processes.

16. Third party links
Our website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy
statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

17. Identifying you as a Member of Technology Connected & ESTnet

If you are a member, we may identify you as a member in our marketing material, although we will never publicly disclose any confidential information without having obtained your prior consent. If you do not agree to us identifying you as a member please notify Avril
Lewis, Managing Director, by emailing us at avril.lewis@technologyconnected.net. If you are an individual member, we will also ask for your consent before identifying you as member of ESTnet or Technology Connected.

18. Changes to our policy
Any changes we make to our policy in the future will be posted on our website and, where appropriate, notified to you by email or via social media.

19. Contact
Questions, comments and requests regarding this policy are welcomed and should be addressed to our Managing Director, by writing to the address at the top of this policy, or by emailing us at avril.lewis@technologyconnected.net

This Privacy Policy is valid through to 16 th June 2021, and is subject to annual review.