Effective Date: 14 July, 2025
1. Who We Are
Our website address is: https://westminsterbc.org.uk (“we”, “us”, “our”). We are committed to protecting your personal data and your privacy rights under the General Data Protection Regulation (GDPR).
2. Lawful Basis for Processing
We will only process your personal data when we have a lawful basis to do so under GDPR. This may include:
- Consent (for example, when you sign up for our newsletter)
- Contractual necessity (to provide services you request)
- Legal obligation
- Legitimate interests (such as managing our website and improving our services), unless your rights override our interests
3. Information We Collect
a) Information You Provide to Us
- Account and Profile Information: If you create a member profile, we collect the information you provide, such as your name, bio, images, links, and any other content you choose to display.
- Contact Information: We collect your name, email address, and other details when you subscribe to our newsletter, contact us, or sign up for events.
- Comments: When visitors leave comments on the site, we collect the data shown in the comments form, as well as the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available at https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.
- CRM Records: We may store communications and information in our CRM (Teamgate) to manage our relationship with you.
b) Information from Third Parties
- Event Information: We display event details that are imported from Eventbrite. All event bookings and payments are processed directly on Eventbrite’s platform. We do not store any payment or booking information on our servers. Please refer to Eventbrite’s Privacy Policy for further details.
- Email Marketing: We use Brevo (formerly Sendinblue) to manage and send our email marketing campaigns.
c) Media
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS). Visitors to the website can download and extract any location data from images on the website.
d) Automatically Collected Information
We may automatically collect technical data such as your IP address, browser type, referring URLs, and interactions with our site.
4. Cookies
If you leave a comment on our site you may opt-in to saving your name, email address, and website in cookies. These cookies last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies; this cookie contains no personal data and is discarded when you close your browser.
When you log in, we will set up cookies to save your login information and screen display choices. Login cookies last for two days, and screen options cookies last for one year. If you select “Remember Me”, your login will persist for two weeks. If you log out, login cookies will be removed. If you edit or publish an article, an additional cookie will be saved indicating the post ID of the article; this expires after one day.
You can control cookies through your browser settings and other tools.
5. Embedded Content from Other Websites
Articles on this site may include embedded content (e.g., videos, images, articles, etc.). Embedded content from other websites behaves in the same way as if you had visited the other website directly. These websites may collect data about you, use cookies, embed third-party tracking, and monitor your interaction with that content.
6. How We Use Your Information
We use your personal data to:
- Provide and maintain member profile pages
- Display event information from Eventbrite
- Allow you to leave comments and engage with our content
- Communicate with you via newsletters and marketing emails through Brevo (with your consent)
- Manage our customer relationships through Teamgate
- Improve and personalize our services
- Comply with legal obligations and protect our rights
7. Who We Share Your Data With
We do not sell your personal data. We may share your information:
- With trusted third-party providers such as Brevo (email marketing), Teamgate (CRM), and Eventbrite (event bookings)
- If you request a password reset, your IP address will be included in the reset email
- Where required by law, or to protect our legal rights
8. Member Profile Pages
If you create a member profile, the content you provide will be visible to other visitors. Please do not include any sensitive personal data you do not wish to make public.
9. Event Bookings
All event bookings and payments are handled directly through Eventbrite. Please review Eventbrite’s Privacy Policy for details on how they process your information.
10. How Long We Retain Your Data
If you leave a comment, the comment and its metadata are retained indefinitely to help us recognize and approve follow-up comments automatically. For users that register on our website (if any), we store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
11. Your Rights Under GDPR
Under the GDPR, you have the right to:
- Access your personal data and receive a copy
- Rectify any inaccurate or incomplete data
- Erase your personal data (“right to be forgotten”)
- Restrict or object to certain processing of your data
- Data portability — receive your data in a structured, commonly used, and machine-readable format
- Lodge a complaint with your local supervisory authority if you believe your rights are being infringed
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided. You can also request that we erase any personal data we hold about you, excluding data we are obliged to keep for administrative, legal, or security purposes.
To exercise any of these rights, please contact us using the details below.
12. Where Your Data Is Sent
Visitor comments may be checked through an automated spam detection service.
13. International Data Transfers
Your information may be transferred to and processed in countries outside the UK or EEA. We ensure that such transfers comply with applicable data protection laws and that appropriate safeguards are in place.
14. Data Security
We take reasonable and appropriate measures to protect your personal information. However, please remember that no method of transmission over the internet or electronic storage is 100% secure.
15. Changes to This Policy
We may update this Privacy Policy from time to time. When we do, we will update the “Effective Date” at the top of this page. Please review this policy periodically.
16. Contact Us
If you have any questions or wish to exercise your rights under GDPR, please contact us at website@westminsterbc.org.uk
Westminster Business Council
1 Kingsway
London
WC2B 6AN
https://westminsterbc.org.uk
info@westminsterbc.org.uk