Before members can receive client enquiries from us they must agree to this contract (available for signing in the members area).
Under the GDPR regulations, effective from 25th May 2018, AMPuk Members Ltd
will be the 'Controller' and members who receive client enquiries from the
public will be classed as 'Processors' of the information sent to them via our
web sites.
Before you can receive these client enquiries you must read
and agree to comply with the following contract.
Enquiries, sent via
email and available on-line in your members area, will contain information about
forthcoming events including the contact details of the organiser (name, email
address/phone number)
The member should respond to the enquiry in a
timely manner and within 7 days.
If the enquiry is not suitable or
relevant for any reason then it should be safely deleted.
If applicable,
members should respond to the client using the preferred methods stated in the
enquiry.
If the response is successful and the member secures the booking
then they may retain the original information until after the date of the event
when it should then be safely deleted. In all other cases the information should
be deleted at the earliest opportunity.
All information contained within
the enquiry should be treated in confidence and not shared with any other person
or organisation or on any other site (including social media).
The
information should only be used to contact the client about the specified event
and should not, under any circumstances, be used for any other purpose.
Members should ensure that the information is kept secure whilst in their
possession. This includes password protecting devices that hold personal
information and locking filing cabinets when the information is in paper format.
Members are also expected to:
- assist the controller in providing subject access and allowing data subjects to exercise their rights under the GDPR;
- assist the controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments;
- delete or return all personal data to the controller as requested at the end of the contract; and
- submit to audits and inspections, provide the controller with whatever information it needs to ensure that they are both meeting their Article 28 obligations, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state.