Digital Jersey Limited, referred to as “Digital Jersey”, “we” or “us”) For this notice, we are the
data controllers. We are a Private Limited Company and registered with the Jersey Office of
the Information Commissioner, registration number 58252.

We are working hard to serve our members and clients a little better every day. Protecting
the personal data, you share with us is a crucial part of this. We want you to be confident that
your data is safe and secure with us and understand how we use it to offer you a better
service.

What this Notice covers:

We are committed to doing the right thing when it comes to how we collect, use and protect
your personal data. That’s why we’ve developed this Privacy Notice, which:

Sets out the types of personal data that we collect.
Explains how and why we collect and use your personal data.
Explains when and why we will share personal data within Digital Jersey and with other
organisations.
Explains the rights and choices you have when it comes to your personal data.

We offer a wide range of services to our members and visitors, so we want you to be clear
about what this Policy covers. This Policy applies to you if you use our services (referred to in
this Policy as “our Services”). Using our Services means:

Using the website (“Website”) where this Policy is posted.
Contacting us or we contact you about our Services.
When you submit a membership application form.
When you book an event hosted by Digital Jersey.

Our website contains links to other websites operated by our members or other organisations
that have their own privacy policies. Please make sure you read their privacy policy carefully
before providing any personal data on another website, as we do not accept any responsibility
or liability for websites of other organisations.

Personal Data we Collect:

This section tells you what personal data we may collect from you when you use our Services
and what other personal data we may receive from other sources.

When you submit a form to apply for membership or a general enquiry, you may provide
us with:

Your personal details, including your name, postal addresses, email addresses, phone
numbers and title, business information.

When you contact us, or we contact you about our Services, we may collect:

Personal data you provide about yourself anytime you contact us about our Services
(for example, your name and contact details), including contacting us by phone, email
or post.
Details of the emails and other digital communications we send to you that you open,
including any links in them that you click on; and
Your feedback and contributions to improving our services.

When you contact us to register an interest in an event, you may provide us with:

Your personal details, including your name, postal addresses, email addresses, phone
number and business details.

How and Why We Use Personal Data:

This section explains in detail how and why we use personal data. To collect and process
personal data about you, we need to have a lawful basis. The main lawful bases we rely on
are contract, where processing is necessary to perform our agreement with you (such as your
membership); consent, where you have agreed to your information being used for a specific
purpose (for example, sharing details with a third party running an event you have registered
for); and legitimate interests, where the processing is in the legitimate interests of Digital
Jersey and aligns with what you would reasonably expect.

We use personal data to:

Make our Services available to you:
We need to process your personal data so that we can manage your membership, attendance
at an event or use of our facilities as a visitor, so we can provide you with the services you
want from us and help you with any assistance you may ask for.

Help to develop and improve our services, the information we provide you and the way we
communicate with you
We rely on the use of personal data to send you updates about Digital Jersey, for example,
any upcoming events we believe may be of interest to you, and we have a lawful basis to send
them to you.

Detect and prevent fraud or other crimes
We need to monitor how our Services are used to detect and prevent fraud, other crimes and
the misuse of services. This helps ensure that you can use our Services safely.

Contact you about our services
We want to serve you better as a user of the facilities of Digital Jersey, so we use personal
data to provide clarification or assistance in response to your communications with us.

To resolve legal claims or disputes involving you or us
For example, if you have an accident or there is an incident at Digital Jersey. We have an
obligation to complete an accident / near miss form, which may contain health information
if you were injured or hospitalised.

Sharing personal data with third parties:

We may, on occasions, pass your Personal Information to third parties exclusively to process
work on our behalf. Digital Jersey requires these parties to agree to process this information
based on our instructions and requirements consistent with this Privacy Notice. For information on these processors, please see the table below. We do not share your information with any processors for direct marketing purposes.

Events and presentations at Digital Jersey booked through our own booking systems on behalf
of individuals or organisations outside of Digital Jersey, we pass on your details to make them
aware of the booking/registration. You have a right to object to this sharing of information
by contacting DPM-DJ@Propelfwd.com.

We do not broker or pass on information gained from your engagement with us without your
consent. However, we may disclose your Personal Information to meet legal obligations,
regulations or valid governmental requests. We may also use your personal data to detect,
prevent or mitigate fraud.

The current data processors used by DJ are as follows:

Processor	Description of processing	Link to Privacy Notice
Propelfwd	Data Protection Managers	Privacy Notice – PropelFwd
SystemLabs	IT support and Cyber Security	SystemLabs
Slingshot Films	Our video partner who hold stock footage of film and video	SSF Privacy Policy (slingshotfilms.co.uk)
Switch Digital	Website design and Website Contact forms	Privacy Policy \| Switch Digital
Trax	Digital Jersey Hub sign-in	trax_je_privacy_notice_202011091613.pdf
Polygon	Door entry system for DJ Hub out-of-hours members entry	Privacy Notice – Polygon Serviced Offices (polygon-servicedoffices.co)
Award Force	We use this for nominations to events such as the Tech Awards	Privacy Policy – Creative Force
HubSpot	Membership Database CRM and email campaigns/newsletter (replacing Mailchimp)	HubSpot Privacy Policy
Max Burnett	We use for event photography	Let’s Talk — Documentary Wedding Photographer – (max-burnett.com)
Andrew Fleming	Drone event footage
Office 365	Internal document system	Microsoft Privacy Statement – Microsoft privacy
Eventbrite	The main event booking system for DJ events, courses, and sponsored members events	Eventbrite Privacy Policy \| Eventbrite Help Centre
Monday.com	This is the main project management tool used in DJ, and in some cases, we record personal data on the project plans.	Privacy Policy – monday.com Legal Portal
DocuSign	DJ uses this electronic signature and CDD platform for digital contracts and agreements.	Privacy Notice
123 Form builder	This is the tool DJ uses to collect personal data using digital forms	123FormBuilder Terms of Service – Terms & Conditions
Zapier	This is an interface DJ uses to automate data flows.	Zapier Privacy Policy
Gravity Forms	This is a platform used by DJ for all the website forms that collect personal data.	Privacy Policy – Gravity Forms

Processors are other organisations/services carefully chosen by DJ to process your information correctly and securely. In the case of organisations outside of Jersey, the United Kingdom and the European Economic Area (EEA);

(a) we have prior written instructions for the transfer or

(b) we have entered into specific contractual terms with them to ensure that they treat your personal data in a way equivalent to what they would be required if they were established in Jersey.

We ensure that your privacy rights are respected in line with this notice and the same protection is given to your data as laid down by the DPJL.

Marketing

Digital Jersey is the ambassador of the innovation and technological development sector in Jersey, and we want to tell everyone about what is happening. There are unique, creative people and companies in Jersey doing amazing things with technology every day, from intelligent fields to laser tagging Asian Hornets so we can locate their nests.

So, how do we let you know about all of this stuff? If you are a Digital Jersey, Hub, Xchange or Academy member, we will use Legitimate Interest to send you our newsletter and other cool stuff to let you know what is happening. We will always place an ‘Unsubscribe’ button on our digital communications.

If you have nothing to do with Digital Jersey but want to know what is going on with the digital revolution in Jersey, subscribe to our website and consent to send you this information. Again, use the Unsubscribe when you want this to stop.

You can also contact us or our DPM to withdraw consent anytime.

Some of our website pages will auto-direct to other websites like Award Force. This is a platform we use to receive nominations for our Digital TechAwards. When you register on this platform, they ask you for your preference for receiving notifications. These notifications are from us at Digital Jersey, not them.

Images and Video

During events organised by Digital Jersey or held at one of the Digital Jersey premises, we will, from time to time, take photographs or video the events, presentations, or training sessions to showcase them in our newsletter or to use as marketing materials for future events. Legitimate Interest is the legal basis for processing personal data in images or videos.

Where possible, an announcement will be made before each event, presentation, or training session informing the attendees of the photographs and/or video and a ‘safe area’ where their facial image will not be captured. Making these announcements at all events, presentations, or training sessions may not be possible.

How do we protect personal data?

We know how important it is to protect and manage your personal data. This section sets
out some of the measures we have in place.

We apply physical, electronic and procedural safeguards in connection with the
collection, storage and disclosure of personal data.
We protect the security of your information while it is being transmitted by
password-protected documents or encryption.
We use computer safeguards such as firewalls and data encryption to keep this data
safe.
We only authorise access to employees and trusted partners who need it to carry
out their responsibilities.
We regularly monitor our systems for possible vulnerabilities and attacks.
We will ask for proof of identity before we share your personal data with you.

The personal data that we collect from you may be transferred to, and stored at, a
destination outside the European Economic Area (“EEA”). It may also be processed by
companies operating outside the EEA who work for us or for one of our service providers. If
we do this, we ensure that your privacy rights are respected in line with this Policy.

How long do we use personal data for?

We will not keep your personal data longer than we need to. How long this depends on
several factors, including:

Why did we collect it.
Whether there is a legal/regulatory reason for us to keep it.
Whether we need to archive information for historical public interest.
Whether we need it to protect you or us.

You can ask us to provide you with the retention schedule relating to your own personal
data. We will provide this information in accordance with our policy and procedure for Data
Subject Access Requests.

Your rights as a data subject

At any point whilst we have, or are processing your data, you have the following rights:

Right of access – you have the right to request a copy of the information that we
hold about you. We will respond to you as quickly as possible, but certainly within 4
weeks.
Right of rectification – you have a right to correct data that we hold about you that
is inaccurate or incomplete. Please let us know if you believe we hold inaccurate or
incomplete information, and we will correct it.
Right to be forgotten – in certain circumstances, you can ask for the data we hold
about you to be erased from our records. There are several situations when you can
have us delete your personal data, including (but not limited to):
– When we no longer need to keep your personal data.
– You have successfully made a general objection.
– You have withdrawn your consent to us using your personal data (and we do
not have any other grounds to use it).
Right to restriction of processing – where certain conditions apply, you have a right
to restrict the processing. There are several situations when you can restrict our use
of your personal data, including (but is not limited to):
– You have successfully made a general objection.
– You are challenging the accuracy of the personal data we hold.
Right of portability – you have the right to have the data we hold about you
transferred to another organisation.
Right to object – you have the right to object to certain types of processing, such as
direct marketing. Where your rights are deemed to outweigh our interests in using
your personal data, we will, upon request, restrict our use of it or delete it.
Right to object to automated processing, including profiling – you also have the
right not to be subject to the legal effects of automated processing or profiling.

Where we refuse a request made under your right of access, we will provide the reason for
our decision, which you have the right to legally challenge.

Subject Access Rights

You have the right to see the personal data we hold about you. This is called a Data Subject
Access Request (DSAR).

If you would like a copy of the personal data we hold about you, you can use the online Data
Subject Access Request Form on our websites or write to:

Data Protection Manager
Digital Jersey, Forum 3, Grenville Street St Helier, Jersey, JE2 4UF

You can also email us at DPM-DJ@Propelfwd.com

To access what personal data is held, identification will be required

We will accept the following forms of ID when information on your personal data is requested:

A copy of your national ID card, driving license or passport.
A minimum of one photographic ID listed above and a supporting document, such as a utility bill not older than three months.

If we are dissatisfied with the quality of the ID provided, further information may be sought
before personal data can be released.

All requests should be made to DPM-DJ@Propelfwd.com or in writing to us at the address
above. We will respond to your request within a four-week period once your identification
has been verified.

Changes to this Privacy Notice

We reserve the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates.

We may also notify you in other ways from time to time about processing your personal information or requesting you to confirm the accuracy of the information we hold on you.

Queries

Questions or comments regarding our Privacy Notice or our use of your information may be directed to our Data Protection Manager:

Propelfwd
De Carteret House, 7 Castle Street, St Helier,Jersey JE2 3BT
Telephone: 01534 488235 Email: DPM-DJ@Propelfwd.com

Complaints

You have the right to complain to our Data Protection Manager about how your personal
data is processed. Should you not receive a response within 30 days, or should you be dissatisfied with the response, you may complain to the Office of the Information Commissioner:

Office of the Information Commissioner – Jersey
2nd Floor, 5 Castle St, St Helier, Jersey JE2 3BT
Telephone +44 (0) 1534 716530 or Email: enquiries@dataci.org

Privacy Policy