WHAT IS THE PURPOSE OF THIS POLICY?
The Forum is a “data controller”. This means that We are responsible for deciding how We hold and use your Personal Data. We are required under the GDPR and other applicable data protection legislation to notify you of the information contained in this Policy.
We may update this Policy at any time in which case we will make available the new policy at www.gvf.org.
It is important that you read this Policy together with any other privacy notice We may provide you on specific occasions when We are collecting or processing your Personal Data, so that you are aware of how and why We are using your Personal Data.
DATA PROTECTION PRINCIPLES
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
We will comply with data protection law in relation to your Personal Data. This law says that the Personal Data We hold about you must be:
- Used lawfully, fairly and in a transparent way.
- Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
- Relevant to the purposes we have told you about and limited only to those purposes.
- Accurate and kept up to date.
- Kept only as long as necessary for the purposes we have told you about.
- Kept securely.
THE KIND OF PERSONAL DATA WE HOLD ABOUT YOU
Personal Data means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (i.e. anonymous data).
We will collect, store, and use the following categories of Personal Data relating to you:
• If you are a member of the Forum, your contact details such as name, title and addresses, information required for billing.
• If you are an employee of the Forum, your employment records and details of your employment with us.
• If you are a supplier to the Forum, your contact details and details of your work for us
We may process additional Personal Data relating to you where this is permitted by law.
HOW WE WILL USE PERSONAL DATA ABOUT YOU
We will only use your Personal Data when the law allows us to. Most commonly, We will use your Personal Data in the following circumstances:
- Where We need to perform a contract we have with you.
- Where We need to comply with a legal obligation.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This interests may include the situation where We enter into discussions to sell and/or sell all or part of the business of the Forum.
- Where you give your consent to processing.
We may also use your Personal Data in the following situations:
- Where We need to protect your interests (or someone else’s interests).
- Where it is needed in the public interest.
Where you must provide Personal Data to use under a contract or in relation to a requested step We may not be able to perform that contract or take that step without such data.
We may process your Personal Data to assist in the prevention of crime or to protect the vital interest of you or any other person.
If required by law or necessary for our legitimate interests We may use your Personal Data to undertake searches against sanction lists maintained by United States and other governments.
“Special categories” of personal data require higher levels of protection. We need to have further justification for collecting, storing and using this type of Personal Data, for example as part of you employment with us. We may process such special categories of Personal Data about you in the following circumstances:
- With your explicit written consent.
- Where We need to carry out our legal obligations and in line with this Policy.
- Where it is needed in the public interest, such as for equal opportunities monitoring in line with this Policy.
Less commonly, We may process this type of Personal Data where it is needed in relation to legal claims or where it is needed to protect your interests (or someone else’s interests) and you are not capable of giving your consent, or where you have already made the information public.
We may have to share your Personal Data with third party service providers, including in particular hosting service providers. Where we do so we will use reasonable endeavours to ensure that your Personal Data is protected in accordance with this Policy and require third parties to respect the security of your Personal Data and to treat it in accordance with the law.
HOW LONG WILL YOU USE MY PERSONAL DATA FOR?
We will only retain your Personal Data for as long as necessary to fulfil the purposes We collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. To determine the appropriate retention period for your Personal Data, We will consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which We process your Personal Data and whether We can achieve those purposes through other means, and the applicable legal requirements.
Our standard data retention periods are set out in the Annex to this Policy.
In some circumstances We may anonymise your Personal Data so that it can no longer be associated with you, in which case We may use such information without further notice to you and it will no longer be treated as Personal Data.
We may transfer your personal data to different countries, including countries that do not apply the same protections to such data as apply in the European Union. We will make all such transfers in accordance with applicable data protection laws.
RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
If you have any questions about this Policy or how We handle your Personal Data, please contact the GVF Secretary General. You have the right to make a complaint at any time to a supervisory authority. For the UK, this is the Information Commissioner’s Office (“ICO“). You can find out more about your rights in relation to your personal data at www.ico.org.uk.
Please note that you have rights to obtain a copy of your Personal Data and in certain situations to obtain correction, erasure and restriction of processing of your Personal Data. You have a right of data portability.
Where processing of your Personal Data is based on your consent you have a right to withdraw this at any time.
You are able to opt-out of our processing of your Personal Data to the extent that such processing is not required for us to exercise our rights or to discharge our obligations under the Agreement.
We reserve the right to update this Policy at any time.
OUR CONTACT DETAILS
The Company can be contacted at
Global VSAT Forum, Ltd.
63-66 Hatton Garden
5th Floor, Suite 23
London, United Kingdom, EC1N 8LE
Data Retention Periods
|Document Type||Retention Period|
|Accounting and Finance Records||7 years (or permanently for annual financial statements and audit reports)|
|Credit Card Receipts||3 years|
|Employee/Business Expense Reports/Documents||7 years|
|Corporate documents and records||Permanent|
|Health and Safety Event Assessments||3 years after event|
|Individual Health Reports||3 years after employment ends|
|Personnel Records||7 years after employment ends|
|Employee contracts||7 years after termination of employment|
|Retirement and pension records||Permanent|
|Recruitment records, including background checks||6 months after notifying candidate of the outcome of the recruitment exercise|
|Immigration checks||3 years after termination of employment|
|Payroll records||At least 3 years after the end of the relevant tax year up to 7 years after termination of employment|
|Compliance records||3 years after the relevant period|
|Accident records||4 years after date of report|
|Maternity records||4 years after the end of the relevant tax year|
|Enhanced Criminal Record Checks||4 years after position ends|
|Non-Employee Director and Trustee Records||7 years after position ends|
|Contracts||7 years after termination, unless executed as a deed, in which case 12 years|
|Related correspondence and other supporting documentation||Correspondence, including circulated drafts, to be reviewed every 3 years; final destruction with destruction of contract file|
|Litigation Case Files||6 years after final action|
|Complaints Files||3 years after last action on complaint|
|Correspondence with Government Regulators||7 years, the Secretary General to review prior to destruction|
|Strategic Plans||7 years after expiration|
|Policies and Procedures||4 years from adoption of replacement policy|