GDPR, Data Protection and Privacy – NewMR and The Future Place
This statement sets out our data protection and privacy status and provisions.
There is no such thing as NewMR
NewMR, #NewMR, and NewMR.org are operated by The Future Place Consultancy Ltd.
Who/what is The Future Place?
The Future Place Consultancy Ltd. (usually referred to as The Future Place) is a British based limited company, company number 04200947, whose registered address is 38 South View Road, Carlton, Nottingham, NG4 3QL, UK.
The Future Place’s main business relates to training and consultancy related to the market research and insights industry. The most visible aspect of The Future Place is NewMR, which produces a wide range of webinars, a widely-read blog and a weekly newsletter.
The Future Place has a single full-time employee, Ray Poynter, who is also the majority shareholder and Managing Director. In addition to Ray Poynter, the company has a network of contractors and one part-time employee.
Ray Poynter is a member of the MRS and ESOMAR, and has signed up to their codes of conduct.
Data Protection and Privacy Laws and Guidelines
As a UK-based company, The Future Place operates under The Data Protection Act, which will be superseded by GDPR from May 25, 2018.
No DPO (Data Protection Officer)?
GDPR specifies that three types of organisation are required to have a DPO, 1) ‘you are a public authority’, 2) ‘your core activities require large-scale, regular and systematic monitoring of individuals (for example, online behaviour tracking)’, 3) ‘your core activities consist of large-scale processing of special categories of data or data relating to criminal convictions and offences.’
The Future Place does not fall into any of these three categories, in particular we do not engage in large-scale processing of personal data and we do not process sensitive personal data.
A DPO needs to be independent of the person making the decisions, and in a one-person company that is something of a challenge. At some point in the future, if it proves desirable or necessary, The Future Place will engage an external DPO.
So Who is Dealing with the Duties of a DPO?
Ray Poynter is responsible for all queries and decisions about data privacy and protection.
Who do I Speak to about Data?
If you would like to raise any query about the data we hold, in particular about whether we hold any data about you, please contact Ray Poynter, via firstname.lastname@example.org or by post to Ray Poynter, 38 South View Road, Carlton, Nottingham, NG4 3QL, UK.
What Personal Data Do We Hold?
The key data items we hold include:
- The mailing list for the NewMR newsletter, an opt-in list that utilises MailChimp [legal basis Consent].
- Accounts related information, including people who pay us, and people we pay [legal basis Contract, Legal Obligation & Legitimate Interests].
- Email contacts, housed in Outlook, relating to people who have sent emails to us, or to whom we have sent emails [lega basis Legitimate Interests].
- Webinar attendees, everybody who signs up to a NewMR webinar provides an email address, along with some additional details. This information is stored in GoToWebinar (but other platforms may be used in the future). These emails are used by the webinar platform to send links to events and provide access. People who sign up to webinars have the opportunity to opt-in to receive the NewMR newsletter and they have the option to be connected with NewMR’s sponsors and partners. [legal basis Consent]
- Survey data, we conduct a small number of online surveys, some of which gather or are linked to personal information. [legal basis Consent & Legitimate Interest]
- We use Google Analytics, this does not provide us with personally identifiable data, but Google has information. [legal basis Legitimate Interests]
- Various miscellaneous documents acquired during our normal business, for example: letters received, names attached to published articles, biographies and social media contact details for speakers etc. [legal basis Contract, Legal Obligation & Legitimate Interests]
We are continuing to review and audit the data held and this list is likely to evolve over time.
Where is Data Stored?
We use Dropbox as our main storage platform, with personal data protected via passwords. Data is also stored in MailChimp, Outlook, Eventbrite, QuickBooks and GoToWebinar.
Will there be any changes in our data policies?
Yes! GDPR is new for all of us. We are doing our best to comply, but we expect the duties and responsibilities to be further clarified and perhaps modified over the forthcoming years.