Introduction and Aim
Arena is a membership based foodservice and hospitality networking organisation. Arena’s members consist of individuals and companies who work in / provide services to the foodservice and hospitality market. Our business activity involves organising events providing our members, their guests and others who work in the foodservice and hospitality industry the opportunity to network face-to-face within a business environment and to hear from keynote speakers within / or related to the foodservice and hospitality industry. Our registered offices are in Great Portland Street, London.
By your company joining Arena as a member and our main contact within your company providing us with your business contact details you consent to our collection and use of your Information as described in this Policy. If we change our Policy and/or procedures, we will update this Policy to keep you aware of what Information we collect, how we use it and under what circumstances we may disclose it. Your continued use of our membership or event services after this Policy has been amended shall be deemed to be your continued acceptance of the terms and conditions of this Policy, as amended.
This General Data Protection Regulation (GDPR) policy applies to all of the company’s operations. The Director is responsible to the Board of Directors for ensuring that the policy is implemented.
In order to comply with all relevant and current legislation with regard to data protection, the Company will adhere to the following:
Duties and Obligations as a Data Controller
When collecting personal data from individuals in order to carry out the legitimate business of the Company, we will:
1. Maintain a written record, in electronic format, of the following:
1.1 where we have acquired the data from
1.2 what we intend to use it for
2. Ensure only the Director and Board of Directors has access to the data
3. Ensure the data is kept safe and secured, password protected if in electronic format and locked safely away when not in use if in a printed format.
4. Only share names, job titles and company names of attendees of our events.
5. Keep the data only for as long as is necessary, which will be reviewed annually
6. Remove data when requested by a customer.
7. Annual audits will take place in order to ascertain the data’s necessity to the company. Data will be removed at this time if the data is not deemed to be essential for the Company’s business needs.
8. Ensure that any data shared with third parties will be used within the guideline of GDPR.
Duties and Obligations as a Data Processor
Membership of Arena is a form of contract where members pay a subscription in return for key benefits and services provided. Arena asserts that it is a lawful processor by virtue of this relationship and does not need to obtain specific consent to process data. However, Arena will adhere to the following:-
1. When processing personal data, will do so in a controlled environment that will prevent the data being seen by an unauthorised third party.
2. When processing personal data on behalf of a member / potential member / event attendee the Director managing the data will obtain from the Client the authority to add their details to the database in order to receiving email or written information regarding Arena’s events or Arena’s newsletters. On occasions, Arena may also issue third party information to enhance the recipient’s industry knowledge / event experience.
3. Arena will not be able to release to a member or an event attendee, personal data about another member / event attendee including a telephone number or email address.
4. When you attend functions or events organised by Arena you consent to your name, job title and company name being added to the Arena database, publicised on our website and shared with other attendees prior to the event, at the event and post-event.
Legitimate Interest Assessment (LIA)
1. Much of the data held by Arena, is covered by the Legitimate Interest Basis (Article 6(1)(f)) due to the business to business nature of the majority of Arena’s event activity and communication.
2. Written consent will be obtained where this is not the case (individual employees, associates and sole traders).
3. This is covered in more detail in the Arena’s LIA document (available on request)
Monitoring and auditing
Progress against the Company’s GDPR compliance will be monitored at Company Board Meetings.
If you would like to discuss our Policy please contact the Director of Arena, Lorraine Wood. Email: firstname.lastname@example.org Telephone: 07803 853618