The types of personal data that the Fredericksburg Regional Chamber of Commerce may be required to handle include information about current, past and prospective members and others that we communicate with for the purposes of carrying out business. This policy sets out the basis on which we will process any personal data we collect from data subjects or that is provided to us by data subjects or other sources.
Why this policy exists
This data protection policy ensures the Fredericksburg Regional Chamber of Commerce:
- Follow good data protection practice
- Protects the rights of staff, members and partners
- Is open about how it stores and processes individuals’ data
- Protects itself from the risks of a data breach
Everyone who works for or with the Fredericksburg Regional Chamber of Commerce has some responsibility for ensuring data is collected, stored and handled appropriately.
Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles.
However, these people have key areas of responsibility:
The Technology Team is responsible for:
- Keeping staff updated about data protection responsibilities, risks and issues.
- Reviewing all data protection procedures and related policies
- Arranging data protection training and advice for the people covered by this policy.
- Handling data protection questions from staff and anyone else covered by this policy.
- Dealing with requests from individuals to see the data the Fredericksburg Regional Chamber of Commerce holds about them
- Checking and approving any contracts or agreements with third parties that may handle the company’s sensitive data.
IT Service Provider is responsible for:
- Ensuring all systems, services and equipment used for storing data meet acceptable security standards
- Performing regular checks and scans to ensure security hardware and software is functioning properly.
- Evaluate any additional third-party services the organization is considering using to store or process data. For instance, cloud computing services.
- Provide an annual IT Security training for staff.
The Marketing & Communications Department, is responsible for:
- Approving any data protection statements attached to communications such as emails and letters.
- Addressing any data protection queries from journalists or media outlets
- Where necessary, working with other staff to ensure marketing initiatives abide by data protection principles.
General Staff Guidelines
- The Fredericksburg Regional Chamber of Commerce will provide training to all employees to help them understand their responsibilities when handling data.
- Employees should keep all data secure, by taking sensible precautions and following the guidelines below.
- In particular, strong passwords must be used, and they should never be shared.
- Personal data should not be disclosed to unauthorized people
- Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of.
- Employees should request help from the Technology Team or IT Service Provider if they are unsure about any aspect of data protection.
These rules describe how and where data should be safely stored. Questions about storing data safely can be directed to the Technology Team or IT Service Provider.
When data is stored on paper, it should be kept in a secure place where unauthorized people cannot access it.
- When not required, the paper or files should be kept in a secure drawer or cabinet.
- Data printouts should be shredded and disposed of securely when no longer required.
- Secured at approved off-site storage facility
When data is stored electronically, it must be protected from unauthorized access, accidental deletion and malicious hacking attempts:
- Data should be protected by strong passwords
- Data should only be stored on designated drives and servers and should only be uploaded to an approved cloud computing services.
- Servers containing personal data should be sited in a secure location, away from general office space.
- Data should be backed up frequently. Those backups should be tested regularly, in line with the company’s standard backup procedures.
- Sensitive data should never be saved directly to laptops or other mobile devices like tablets or smart phones.
- All servers and computers containing data should be protected by approved security software and a firewall.
- When working with personal data, employees should ensure the screens of their computers are always locked when left unattended.
- Personal data should not be shared informally. In particular, it should never be sent by email, as this form of communication is not secure.
- Data must be encrypted before being transferred electronically. The IT Service Provider can explain how to send data to authorized external contacts.
- Personal data should never be transferred to unverified sources
It is the responsibilities of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible
- Data will be held in as few places as necessary. Staff should not create any unnecessary additional data sets.
- Staff should take every opportunity to ensure data is updated. For instance, by confirming a member’s details when they call.
- The Fredericksburg Regional Chamber of Commerce will make it easy for data subjects to update the information the organization holds about them. For instance, via the company website.
- Data should be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number or email, it should be removed from the database.
The Fredericksburg Regional Chamber of Commerce aims to ensure that individuals are aware that their data is being processed, and that they understand:
- How the data is being used
- How to exercise their rights
To these ends, the organization has a privacy statement, setting out how data relating to individuals is used by the organization.
General Statement of Privacy
The Fredericksburg Regional Chamber of Commerce respects the privacy of its members and of those who visit this website. Subject to the provisions of applicable laws, any information you submit to the Fredericksburg Regional Chamber will not be used in any manner to which you have not consented. While the Fredericksburg Regional Chamber does analyze its website logs to monitor the flow of traffic and make improvements to the site’s content, its website logs are not personally identifiable, and no attempt to link them to individual visitors to the site is made.
Personally Identifiable Information
We do not collect Personally Identifiable Information about you on the Fredericksburg Regional Chamber website without your knowledge or action. Your information is collected through webforms concerning membership, products and services, e-news registration and/or event registration forms. This information includes, but is not limited to, your name (first and last), company name, company address, phone number, fax number, e-mail address, and credit card information.
Third Party Use of Personal Information
The Fredericksburg Regional Chamber website contains links to other Internet websites. Unless otherwise explicitly stated, we are not responsible for the privacy practices or the content of such websites, including such sites’ use of any information.
You understand and agree that “perfect” security does not exist anywhere, including on the Internet. When you send credit card information, we encrypt this information. Other information you send to this site, including email messages, will not be encrypted unless we advise you otherwise. Our website is protected by a firewall and monitored for security.
You may be able to access certain information related to third parties at this site, or via links, banner ads or clickthroughs from this site, regarding the goods or services of third parties. You understand and agree that your access to or use of those services is a matter entirely between you and the associated third parties, and the Fredericksburg Regional Chamber of Commerce shall have no liability whatsoever for any such access or use.
This provides information designed to help users cope with their own legal, business, financial, and other needs. This information is not the same as retaining experts in those fields for advice. Although we go to great lengths to ensure the information is accurate, we strongly recommend you consult an expert, including but not limited to a lawyer, accountant, financial services consultant, or other professional as appropriate. Nothing contained in this website is to be considered as the rendering of legal, financial, professional or other advice for specific cases, and users are responsible for obtaining such advice from their own legal, financial or other counsel. The information contained on this site is intended for educational, background and informational purposes only.