Privacy Notice

1. Introduction

This privacy notice explains when and why we collect personal information about our members, customers, people who attend our events and visitors to our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.

We may change this notice from time to time so please check this page occasionally to ensure that you’re up to date with any changes.

This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.

2. About the Centre

International Trade Services Centre (the Centre) is a business services provider and membership-based organisation. The International Trade Services Centre (ITSC) works with the DIT and other public sectors to secure UK and global prosperity by serving, promoting and financing international trade and investment, and championing free trade.

3. Data Controller

The Centre is controller and responsible for your personal data (referred to in this policy as “we” “us” and “our”).

If you have any questions about this privacy policy, our privacy practices, or if you want to exercise any of your legal rights, please contact us at [email protected].

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).  We would however appreciate the opportunity to deal with your concerns before you approach the ICO, so please contact us in the first instance.

4. What sort of personal data do we collect?

We collect the following types of personal information:

  • Customer contact name(s), invoicing and business address(es), email(s) and telephone number(s).
  • Contact information for specific individuals at each of our customer organisations.
  • Photographs or recordings of individuals who attend our events and courses.
  • Basic payment information for membership, training, event ticket payments etc.
  • Transaction information relating to any payments to and from you and other details of services you have purchased from us.
  • User social media username, if you interact with us through those channels, to help us respond to your comments, questions or feedback.
  • Data, including cookie data, about visitor use of our website and services which may include IP address, geographical location, browser type and version, operating system, page views and website navigation paths, as well as information about the timing, frequency and pattern of service use.  We do not use any of this information for advertising.  See our cookie policy here.
  • Profile data for our customer, including their username and password, information about their purchases and orders.

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific website feature. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we treat the combined data as personal data which will be used in accordance with this privacy policy.

We do not collect any special categories of personal data about you (including details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data).

5. How do we collect personal data and where is it stored?

The Centre collects information directly from individuals or their parent companies who are members or interested generally in the Centre, its services and activities. The information may be collected through e-mails, phone calls, online forms, events, face to face meetings, through the members’ dashboard area, by you requesting marketing or other information from us, or by you entering into our awards or a competition we may run from time to time.

We will also collect data about you from third parties such as analytics providers (e.g. Google based outside of the EU), advertising networks, search information providers, identity and contact information from publicly available sources (e.g. Companies House).

The members’ area is stored directly on our CRM and is accessed only via the website. Members are responsible for uploading and maintaining information about their company, including membership contact details, using their membership dashboard.  It is each member’s responsibility to ensure that their personal and business information is kept up to date.  Details of how to access your dashboard are provided in your membership package when you become a member.  If you need any assistance accessing your membership dashboard, please contact us at [email protected].

For details of how cookies are gathered and used to understand how people use our website, please see our cookie policy here.

6. Why do we use your personal data?

We use your personal information to:

  • Provide your membership services, e.g. the members’ dashboard.
  • Manage training course and event attendance.
  • Provide any services you may have purchased from us.
  • Seek the views or comments of business people on emerging political or economic issues, including through our Quarterly Economic Survey.
  • Process and respond to queries received.
  • Process payments for the services we provide.
  • Engage with businesses via social media.
  • Develop and customise our services to meet the needs and preferences of members, and to bring to their attention member services, events, networking opportunities and training courses.
  • Analyse the website statistics of user behaviour to measure interest in and use of the different sections of our website, and to improve the features and content of the website.
  • Comply with any legal obligation.
  • Further our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.

We do not pass information on to third parties for advertising purposes.

7. Our lawful bases for processing personal information

We rely on the following 5 lawful bases for processing personal information:

Contractual obligations

We need personal data to comply with our contractual obligations to you, for instance if your business becomes a member, you purchase any services from us or if you book onto a course.

Legal obligations

We are legally required to keep some information, such as certification and financial data.

Public task

We use personal information where we have been mandated by a public authority to issue, for example, international trade certificates.

Legitimate interest

We also use personal information to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, properly administering our website, the day-to-day provision of our services, responding to your queries about the Centre and its services, marketing our business and services which we think may be of interest to you.

Consent

We may explicitly ask for your consent to use your data, for example, when you tick a box to opt-in for your business to receive notification of events or training from us.  You have the right to withdraw your consent at any time.

8. When do we collect personal data?

  • When a business becomes a customer we collect contact details that identify the appropriate individuals for us to contact within the business.
  • As a security check when member businesses login to their account.
  • When businesses upload personal information to their membership dashboard.
  • When people book, or are booked in by their company, to attend training courses or events
  • When you attend our courses and events, which may be photographed and/or recorded for the purpose of marketing the Centre and our events generally.
  • When individuals pay for our services on behalf of their business.
  • When people lease a commercial property from us on behalf of their business.
  • When people engage with us on social media.
  • When people complete a survey on behalf of their business, including our Quarterly Economic Survey
  • When we are contacted with queries, complaints etc. including forms submitted through the website.
  • When individuals enter prize draws or competitions run by the Centre.
  • When individuals or businesses enter any awards we hold from time to time.
  • When individuals sign up to our newsletter.

9. How we protect personal data

All personal information generated via this website is stored in a secure server the overall security of which is managed by our website administration contractor. Access to the personal data is limited to those Centre employees, contractors or agents who have a legitimate business need, such as managing memberships, letting properties or processing payments.

The Centre’s employees, contractors and agents are subject to a duty of confidentiality and due care which includes proper handling of personal information. All employees are trained on data security and information protection.

10. How long do we keep personal data?

We retain your personal information on our CRM for the following periods:

  • We do not retain payment card information.  As soon as your card payment has been processed, your card details will be deleted / destroyed.
  • We will retain other details of financial transactions as required by law and/or taxation authorities.
  • Award entrant data is deleted 2 years after the finalists for that year are announced.
  • Details of attendees of our events is deleted after 2 years.
  • The lapsed membership data is deactivated after 1 year and deleted after 3 years.
  • Cancelled memberships are deactivated within a calendar month and deleted after 3 years unless specifically requested.
  • Services data (Google Analytics, Google Tag Manager, Sage Pay, Campaign Monitor, MailChimp, Survey Monkey and Akismet) varies according to the length given cookies are stored, most last for a session or a few days but some persist for up to 2 years. See our Cookie Policy for more information.

Members are responsible for updating and maintaining the accuracy of their information in the Members’ dashboard area.

Some data, such as financial information, must be kept for legally prescribed periods.  When deciding how long to keep personal information with no prescribed legal retention period, we take into account the purpose or purposes for which we hold the information.

11. Who do we share data with?

We share personal data with our contractors including our public relations company, our CRM and website administrator and our certified document provider. We use Google Analytics and Google Tag Manager for website analytics, MailChimp, Campaign Monitor and Rubi for member newsletter and information mailouts, Survey Monkey for collecting feedback and opinions and SagePay for online payments. Sometimes our contractors collect and administer personal information on our behalf, for example our website administrators implement website analytics and our PR company sends out our newsletters.

We transfer your personal data outside the EEA when using software such as Mailchimp. Whenever we transfer your personal data out of the EEA ensure that a similar degree is afforded to it by ensuring that they have contractual obligations to give personal data the same protection it has in Europe.

On an aggregate basis without any identifiers, personal data may be used to provide third parties with information such as the composition of our membership, to help us develop new member services and products, and to provide sponsors and others with aggregate information about members and visitors, and how they use our website and services.

Our policy is that:

  • We only provide the data needed for third parties to perform their specific services.
  • Third parties may only use personal data for the exact purposes we specify in our contract with them.
  • We work closely with third parties to ensure that personal privacy is respected and protected.
  • If we stop using the services of a third party, any personal data held by them will either be deleted or rendered anonymous.

We do not sell data on to third parties for advertising or any other purpose.

12. What are your rights?

An overview of your rights

You have the right:

  • To be informed of the ways in which we use your personal information.
  • To access any personal information we have about you (commonly known as a data subject access request).
  • To request the correction of your personal information when incorrect, out of date or incomplete.  Please note that we may need to verify the accuracy of any new data you provide to us, and in some cases we may need to hold the historic information on file as well as your new information.
  • To request the deletion of your personal information, where there is no good reason for us to continue to process it, or where you have successfully objected to us processing it.  Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
  • To request us to restrict or suppress the processing your personal information.
  • To request that we provide a copy of your personal information to you (or a third party) in a structured, commonly used and machine readable format.
  • To withdraw any consent you may have given to us to process your personal information, where we are reliant on your consent. Please note that this will not affect the lawfulness of any processing carried out before you withdrew your consent.
  • To object to us processing your personal information where we are relying on legitimate interest. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.

We do not use personal information for automated decision making or profiling.

If your business is a member and you wish to amend your information, please update your online account via your membership link (you will need your password) or contact [email protected] for assistance.

13. Exercising any of your rights

If you wish to exercise any of the rights set out above, please contact us at [email protected].

You will not usually have to pay a fee to access your personal data, or to exercise any of the other rights.  However, we may charge a reasonable fee is your request is clearly unfounded, repetitive or excessive.  Alternatively, we could refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We try to respond to all legitimate requests within one month.  Occasionally it may take us longer than one month if your request is particularly complex or if you have made a number of requests.  In this case, we will notify you and keep you updated.

14. Changes to this Privacy Notice

We will review this notice regularly, so please check back from time to time to ensure you are up to date.

The last date the notice was reviewed was August 2022.