General Privacy Policy
Introduction
The CEA is committed to protecting the privacy and personal information of our members, partners, exhibitors, sponsors, advertisers and visitors.
This Policy is about:
- The information that we hold from which individuals can be identified (‘Personal Data’)
- How we deal with Personal Data; and
- With whom it can be shared.
This Policy also provides information on your legal rights in relation to your Personal Data.
Changes to this Policy
From time to time we may change the way we use your Personal Data and amend this Policy. The current version of this Policy will be displayed on our website or can be requested by emailing info@thecea.org.uk.
Who we are
Construction Equipment Association Ltd (CEA) is a limited company registered in England and Wales (Company number: 04930967). Further information about the company can be found at Companies House.
The CEA acts as Data Controller in respect of the information it collects from you and is registered with the Information Commissioner’s Office for the purposes of the Data Protection Act 2018.
The CEA outsources some services such as but not limited to bookkeeping, event administration, and secretariat services. The relationship between the CEA and our providers is regulated by a contract that contains safeguards for your rights. All communications are handled via CEA data systems.
What Personal Data do we collect and use?
The Personal Data about you that we collect and use is principally:
- Your name and postal address, normally a business address but may include a home address if given
- Your contact details including email and phone numbers
- Bank details to make payments to you.
In some cases, it may include other Personal Data that you may provide to us from time to time.
What Personal Data do we collect and use?
We collect Personal Data about you from:
- Membership applications
- Any information you supply to us as a change of address or change of email address
- Payments made by you to us
- Magazine advertising and editorials
- Exhibition booking forms
- Recommendations
- Requests for information
- Registration to attend events
- Emails requesting information
- Contracts to act as contractors or suppliers.
Only in extraordinary circumstances would we hold Personal Data relating to you which had been supplied by anyone other than you.
If you decide to supply Personal Data to us about another person, please ensure that you do so only with that person’s approval.
What we use your Personal Data for
We may use your Personal Data for one or more of the following purposes:
- Sending information regarding membership
- Sending information for sponsorship or advertising
- Sending information to register to attend an event
- Sending information for surveys
- Sending industry magazines and publications by email or post
- Processing payments to you
- Ordering supplies and/or services from you.
Your rights in relation to your Personal Data
You can tell us that you no longer wish to receive communications from us in the following ways:
- You can opt-out by unsubscribing from the communications you receive at the bottom of emails
- You can email marketing@thecea.org.uk to update your communication preferences.
Our legal obligations regarding your Personal Data
We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the Data Protection Act 2018, together with other applicable laws that regulate the collection, processing, and privacy of your Personal Data (together, ‘Data Protection Law’).
Disclosing your Personal Data to third parties
Subject to the exceptions listed below, the CEA does not sell, share, or transfer any information gathered during the registration process to any third parties.
The exceptions are:
- As indicated earlier, the CEA outsources some day-to-day administration services
- Sub-contractors of the CEA which include press and PR, advertising sales, and exhibition stand builders
- Where we use third party data processors who are engaged under contract to handle data on our behalf (for example, an IT supplier or database hosting provider). In relation to these data processors, we will take all reasonable steps to ensure that they:
- Act only in accordance with our instructions
- Only use your Personal Data for lawful purposes and in compliance with applicable data protection law; and
- Put adequate safeguards in place to protect your Personal Data.
It is unlikely, but conceivable, that we might disclose your Personal Data to third parties who make their own determination as to how they process your Personal Data and for what purpose(s) (called ‘Data Controllers’). In those circumstances, we would expect to notify you so that you could check the relevant privacy policies of those organisations to understand how they may use your Personal Data. Since they would be acting outside of our control, we would have no responsibility for the data processing practices of such Data Controllers.
Other than in the rare and unlikely circumstances described above, we will treat your Personal Data as private and will not disclose your Personal Data to third parties without you knowing about it.
How long we retain your Personal Data for
We shall only retain your Personal Data for as long as you remain a member, advertiser, exhibition attendee, supplier, or sub-contractor with the CEA and for five years after you have had no contact with us, (when we will delete or anonymise it), together with our legal duties in respect of HMRC and other bodies.
In accordance with our legal duties, we have a Personal Data Retention Policy (available on request) that sets out the different retention periods for Personal Data. The criteria we use for determining these retention periods is based on various legislative requirements; the purpose for which we hold Personal Data; and guidance issued by relevant regulatory authorities including but not limited to the Information Commissioner’s Office.
Security that we use to protect Personal Data
We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and so we cannot guarantee the security of all data sent to us (including Personal Data).
Your Personal Data rights
You have a statutory right (‘Subject Access Request’) to request information, including information about:
- The Personal Data that we hold about you
- What we use that Personal Data for; and
- To whom it may be disclosed.
Usually, we will have a month to respond to such a Subject Access Request. We reserve the right to verify your identify to make such a Subject Access Request and we may, in case of complex requests, require a further two months to respond. We may also rely upon certain legal exemptions when responding to your request.
You also have the following statutory rights, which are exercisable by making a request to us in writing:
- To require that we correct Personal Data that we hold about you which is inaccurate or incomplete
- To require that we erase your Personal Data without undue delay, if we no longer need to hold or process it
- To object to our use of your Personal Data for direct marketing; or
- To require that we do not use your Personal Data otherwise than in compliance with the policy statements above unless we have a legitimate reason for so using it.
All of these requests may be forwarded to a third party provider who is involved in the processing of your Personal Data on your behalf.
If you would like to exercise any of the rights set out above, please contact us via the contact details below.
If you make a request and are not satisfied with our response or believe that we are illegally processing your Personal Data, you have the right to complain to the Information Commissioner’s Officer – see https://ico.org.uk.
Contact details
If you have any queries regarding this Policy or wish to make a further request relating to how we use your Personal Data as described above, please email info@thecea.org.uk or write to us at:
Construction Equipment Association
Unit 19, Omega Business Village
Thurston Road
Northallerton
North Yorkshire
DL6 2NJ
This Policy was last reviewed on 1 September 2024.