Data Protection And Privacy Policy

(Last updated: 22nd May 2018)

I. Introduction

We (AΦE) need to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees and other people we have a relationship with or may need to contact.

This data management policy ensures AΦE:

Complies with the General Data Protection Regulation (GDPR) effective 25th May 2018 and follows good practice
Protects the rights of customers, staff and partners
Is transparent about how it stores and processes individuals’ data
Protects itself from the risks of a data breach
For legislative purposes, the data controller is JiaXuan Hon, Producer.

II. We collect data for four purposes:

To publicise company activities and updates to individuals, including invitation to events that we hold or are affiliated with.
To invite individuals to give support to the company, financially or otherwise.
To measure performance of our activities based on anonymised qualitative and quantitative information, evaluate and report to funders and supporters.
To invite individuals to respond to our surveys to help our company better understand our supporters and followers.

III. General Practice

Data is used only for legitimate needs within the business, via Consent or Legitimate Interest. We do not pass on data which could be used to identify you to third parties, unless required by law.
We hold your name and email by Consent, or your name, email, job title and organisation which are publically available and comply with “valid lawful basis” number six: “Legitimate Interest”.
You will be able to update information that we hold of you via links available on our newsletter, or by contacting us.
You have the right to request for us to remove your information on our database. We will remove obsolete information from our database.

IV. Keeping Your Data Secure

We will digitalise all data on paper forms, which will be securely destroyed after that. Your data is then kept secure digitally in the cloud of our service providers Mailchimp and G Suite. Under GDPR, they are the data processors and we have signed an agreement with them that they will also comply with the latest GDPR.

Our agreement with Mailchimp could be found here. An updated list of all current Sub-processors after the date of agreement can be found here.

Our agreement with Google for the use of G Suite could be found here.
Our website is powered by Wordpress who collects data to help us measure our website performance. More on how Wordpress is compliant to GDPR could be found here.

Other projects