GDPR Policy

The following outlines the General Data Protection Regulation Policy for which is a brand name of Valleys of Chesterfield Limited – Company Number : 873513025

– Overview
– Data storage
– Membership
– Data Rights
– Additional Contact information


  • All data collected and/or stored by is done so for the sole purposes of’s business. This will include, but is not limited to, membership communication, internal marketing of events, notification of publications, CPD. Individual’s personal data will not be shared with a third party outside of or Valleys of Chesterfield Limited without prior written consent.
  • No member of staff or shareholder will share any personal data with a third party without the prior consent of the individual. This includes, but is not limited to Name, address, email address and phone details.
  • All’s Staff will sign to consent form for their business email address, phone number and associated business contact details to be circulated for the sole purposes of’s business.

Data Storage

  • From May 2018’s will not retain any paper files of personal data, except for order processing of financial transactional data.
  •’s will carry out a full IT security audit each year in collaboration with Dronfield Computer their specialist IT support contractor
    • Where financial transactional data is retained onsite it will be stored in a locked filing cabinet inside a locked room where access is restricted to the CEO, PA to the CEO and the financial administrator. The data is treated as confidential and is only shared with authorized personal.  Authorised personnel include,’s treasurer, the finance committee members, financial administrator and accountant.
    • Financial transactional data from previous financial years will be held off site in a secure locked building for 7 years within a secured locked room which only Valleys of Chesterfield Limited staff have access to.
    • After their expiry any paper records will be destroyed by a registered company authorized to dispose of confidential waste at least once per quarter.
    • Financial information for online payments are not held by’s and are all managed by Paypal UK,’s hold none of this payment information.
    • When processing financial information by telephone staff taking the call must not write down or record any of the information given to them except in the designated boxes in the WorldPay payment terminal. They must not repeat back any card details and if they require clarification they will ask the caller to repeat the details.  The transaction should not be processed on speaker phone
  •’s electronic membership database, “CRM” is hosted and maintained by Valleys of Chesterfield UK Limited.
    • No PC or workstation shall be left unmanned without a suitable password protected screen saver. All PCs and workstations should be closed or shutdown and password protected overnight.
    • All Staff should use only their own login to access PCs and membership databases and not share their login details with others.
  • From May 2018 the CEO, PA to the CEO and the membership administrator will meet quarterly to conduct a GDPR audit to ensure full compliance, audit log attached.
  • All staff have signed as part of their contract of employment a confidentiality clause.


  • On Data Input to our website(s) each members must be told that Valleys of Chesterfield Limited will not under any circumstances use their data for any other purpose than for processing and marketing of Valleys of Chesterfield Limited and membership deliverables. The data will not be circulated to third parties outside of Valleys of Chesterfield Limited unless members they give their prior written consent to do so.

Data Rights

  • The data held by Valleys of Chesterfield Limited can only be as accurate as the information supplied to’s. It is the responsibility of the individual to ensure their data is accurate.
  • Once an individual’s relationship with Valleys of Chesterfield Limited has become inactive their personal data will be retained electronically for 6 years before deletion.
  • An individual may at any time request the removal of their personal data by contacting It should be noted that the removal of all personal data (including email contact details) will result in & Valleys of Chesterfield Limited no longer being able to carry out the processing of the companies user details and membership deliverables.
  • An individual may at any time raise a concern by contacting

Additional contact information
If you have any further concerns or queries please use the below information to contact us regarding your concern.