Here we explain what data we collect, why we collect it, how we use and what we do to protect it as well as your choices with regard to your data.
Effective date: May 25, 2018. Last Updated: June 19, 2020
GDPR stands for General Data Protection Regulation. For European individuals, GDPR expands their data privacy rights and gives them more power to control their data. For companies that process the personal data of European individuals, GDPR requires compliance with a new set of regulations. The GDPR applies on all personal data that is handled within the borders of the EU, or relates to individuals in EU – no matter where the organization handling the data is located. The main aim of the GDPR is to unify and simplify the regulatory environment and to strengthen the data protection of individuals in the same way across the EU. For individuals this means increased control over their personal data, and to businesses active in Europe the GDPR comes with additional requirements on how to handle personal data. Even though some things change, a lot of things stay the same.
Our ambition is to build great products that benefit our customers and theirs. To do that, personal data is required not only to provide our core services and fulfil legal obligations but also to remove unnecessary repetitive steps and allow for personalisation providing a smoooth user experience. For example - on a simple level - we will try and pre-fill form fields intelligently where it makes sense or inject someone's name into an email to personalise it. At membermeister we treat personal data with the utmost of care and where needed adapt our products, systems, and processes to the standards outlined in the GDPR. Beyond the introduction of GDPR we will keep enhancing our services even further with our customers’ privacy in mind.
In order to provide this service to our customers we store their details as well as their customers' details, including some related information as well as some personal details such as medical conditions. We keep this data as secure as we possibly can while also weighing up the benefits of having - for example - someone's allergy details at hand versus the option of not knowing this information at all. The GDPR, whilst welcome from a privacy point of view, will not override other legislation and obligations that our customers. This may include safekeeping obligations, health and safety requirements as well as accounting and record keeping requirements and other legal obligations.
It is important that you are aware of how we handle your personal information. There are different scenarios where we need to store your information. Typical examples are:
- We might need to follow up with you by email after you have contacted us
- We will send you an invoice relating to your business activities with you
- If you use membermeister as a customer of one of our merchants we will store your details in our customers' account so they can provide you with their services or contact you
Depending on the technical setup between membermeister and the merchant you are dealing with, we will need to pass on some of data collected by us. This could be for the simple reason to provide the merchant with your email address so that they know how to contact you. In many cases you would have provided this data to the merchant directly on a previous occasion.
We collect personal information with great consideration for your privacy. We will never pass your data on to third parties without your explicit consent unless we are required to do so by law.
A common misconception is that you require consent if you want to contact someone or store their personal details. This is not correct. You do need to have a legal basis to process an EU citizen's personal data, but consent is only one of several such bases. In most cases, membermeister customers already have an ongoing business relationship with the people whose personal data they store and as such they have a contractual basis for contacting them. In other cases the legitimate interest clause of the GDPR can take effect and this allows you to contact your existing customers with relevant information about matters in which they may have a legitimate interest. As an example, it is generally fine to send your dance school student the dance school newsletter even if they haven't given you explicit consent. That's because it is reasonable to assume that they have an interest in the content because they take dance lessons with you.
If you do need consent then that requires a written record of when and how someone agreed to let you process their personal data. Consent must also be unambiguous and involve a clear affirmative action. This means clear language and no pre-checked consent boxes.
We keep your data as long as needed to fulfil the purpose for which it was collected, for instance to fulfill our contractual obligations towards you or pursue our legitimate interests until there is no longer any legal requirements or rights for us to keep the data. Typically this means that - if you are a membermeister customer - until you close your account with us or - if you are a customer of one of our merchants - until they decide to delete your data. Each membermeister customer will have their own GDPR compliance requirements and obligations and you should contact them for more details about that.
Please refer to our data processing terms below for a detailed background on our GDPR related activities.
|applicable law||means applicable law of the United Kingdom (or of a part of the United Kingdom);|
|Controller||has the meaning given in applicable Data Protection Laws from time to time;|
|Data Protection Laws||means, as binding on either party or the Services:
|Data Subject||has the meaning given in applicable Data Protection Laws from time to time;|
|GDPR||means the General Data Protection Regulation, Regulation (EU) 2016/679, as it forms part of domestic law in the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018 (including as further amended or modified by the laws of the United Kingdom or of a part of the United Kingdom from time to time);|
|International Organisation||has the meaning given in applicable Data Protection Laws from time to time;|
|Personal Data||has the meaning given in applicable Data Protection Laws from time to time;|
|Personal Data Breach||has the meaning given in applicable Data Protection Laws from time to time;|
|processing||has the meaning given in applicable Data Protection Laws from time to time (and related expressions, including process, processed and processes shall be construed accordingly);|
|Processor||has the meaning given in applicable Data Protection Laws from time to time;|
|Protected Data||means Personal Data received from or on behalf of You in connection with the performance of Our obligations under these Data Processing Terms;|
|Services||means the web services, services delivered through membermeister accounts, any associated software, and other services related thereto provided to You by Us in accordance with this agreement and with the characteristics and features as described at www.membermeister.com from time to time;|
|Sub-Processor||means any Processor engaged by Us (or by any other Sub-Processor) for carrying out any processing activities in respect of the Protected Data on Your behalf;|
|Us/We||means Membermeister Ltd (Co. No. 08405687) whose registered address is at 20-22 Wenlock Road, London, England, N1 7GU; and|
|You/Your||means the business customer paying for a licence to use the Services|