General Data Regulation Act Record of Processing Activity
GDPR Requirement Description Detail
Purpose of processing To arrange and manage SREG Community data SREG use personal information to enable them to contact members individually or in group mailings in regard to business support activities and events
Categories of individuals Members of the SREG Community which include:-  
  • SREG approved Mentors and prospective mentors
  • SREG Client applicants
  • SREG Business Associates
  • Other individuals who have provided their contact information and expresses interest in SREG
Categories of personal data
  1. First Name, Surname and position/role
  2. Business Name
  3. Business Email address (this occasionally can be the personal email)
  4. Contact Telephone number Office and/or Mobile
  5. Business Address and Postcode (this occasionally can be the home address)
  6. Mentor’s business profile
  7. Client application background
  8. Event attendance record
SREG hold personal details, such as name, address, contact number and e-mail so they can contact and manage mentor support, distribute business support information and updates and invitation to SREG and other business related events. SREG will keep this information in order to contact the SREG community regarding business information and events and will remove individual records upon request.
Special Category
Sensitive information Dietary requirements SREG will ask for any dietary or personal requirements so SREG can cater for specific needs, SREG only keep these as long as needed to manage each event.
Data Management
Data controller and Processor The Data Controller and Processor is the current SREG CEO (Data Manager) Only personal data necessary for SREG to perform its business support activity is collected and is processed in accordance with this aim.
Data Sharing
  • All data is accessible upon request by, but not retained by the SREG Committee.
  • Client application background data is available to the selected Mentor only.
  • Mentor Profiles are sent to the prospective client. This may include some personal data such as email address and telephone number.
  • Mentor Profile summaries with personal data removed are available to the general public via the website.
  • Event delegate and attendee lists, which usually include the name, email address, company name and occasionally the telephone number, are available to event organisers and presenters.
SREG will keep your details safe and only share them where SREG needs to.
How long data is held Personal data may be held throughout the lifetime of the relationship with SREG Individual personal data will be removed from the SREG if requested by that individual
Security measures
Access Access limited to the Data Manager, Website Administrator and the Website hosting company Cloud and platform access passwords are known only to the Data Manager. Access to the website is limited to the Website Administrator and Website hosting company.
Location of personal data
  1. Data for mentor support activities and the master SREG Community database
  2. Data from Client Applications and Mentor Profiles
  3. Data for general business support communications and events
  1. All data is held on Microsoft Onedrive cloud with access that is password protected
  2. SREG Client Applications and Mentor Profiles are also held on the website which is password protected and accessible by the Website Administrator and Website hosting company.
  3. Mailing Lists are also held on MailChimp platform with access that is password protected
Lawful basis
  • Consent is assumed if personal data is provided via a business card.
  • Consent is assumed if the personal data is publicly available through the individuals’ website, company website or social media platform.
  • Consent is contractual if the personal data is provided via the website application form.
Registration Data protection registration Z3083033 Information Commissioners Office
  • To be informed how personal data is used, shared and how long it’s held for.
  • Inaccurate or incomplete data corrected
  • Erasure of data when no longer needed, consent withdrawn
You have a right to know what personal information SREG hold, access the information, have inaccurate or incomplete information corrected, withdraw your consent and have information deleted when it’s no longer needed.
Who is personal data obtained from Directly from members of the SREG Community or via publically available sources such as a business website or social media platform such as LinkedIn