- We are The Royal Academy of Culinary Arts Limited (company number 09242241) and The Royal Academy of Culinary Arts “Adopt a School” Trust (company number 04144824) (hereinafter referred to collectively as ‘we’ or ‘us’). We can be contacted at our registered office, 53 Cavendish Road, London, SW12 0BL; by email at ‘firstname.lastname@example.org’; or by telephone on 0208 673 6300.
- As Britain’s leading professional membership association of head chefs, head pastry chefs, restaurant managers and suppliers The Royal Academy of Culinary Arts Limited (‘RACA’) seeks to promote and enhance the reputation of the hospitality sector. This is achieved by connecting and utilising its extensive network of contacts and members in the provision of education and training programmes, including apprenticeships; talent recognition awards; career opportunities for young people; and in the provision of a broad range of networking initiatives.
- The Royal Academy of Culinary Arts “Adopt a School” Trust is a national charity (registered charity number 1087567) formed to help children develop healthy eating habits and encourage an enthusiasm and interest in food, cooking, food provenance and sustainability, as well as giving an insight into the hospitality industry. Members of RACA have, in their Charter of Admission and Engagement for Membership, agreed to participate in programmes run by The Royal Academy of Culinary Arts “Adopt a School” Trust (‘AAS’).
- When carrying out our activities, we process personal data about our Academician and Associate Members; Fellows; Friends; Sponsors; Apprentices; Winners and Entrants of the Awards of Excellence; and Employees, Trustees and Volunteers (all referred to collectively as ‘members of RACA and AAS’). We also process the personal data of Fundraising, Press and Other Contacts.
- We understand that privacy is important to you, whatever your relationship with us. We respect and value your privacy and will only collect and use your personal data in ways that are described here, and in a way that is consistent with our objectives and obligations, and your rights under the law.
- For clarity, one of the specific purposes of RACA is to promote and encourage networking and contact between members of RACA and AAS. To achieve this and fulfil our obligations of membership we will organise promotions, programmes, competitions and networking events and notify members of RACA and AAS about them in order that they have opportunity to participate and thereby fulfil their commitments as members.
What Does This Policy Cover?
Data Protection Officer
- We have a dedicated Data Protection Officer (“DPO”), whom you can contact using the details in Part 1 above, marking your communication ‘For the attention of the DPO’.
What Are My Rights?
Under the General Data Protection Regulation (EU Regulation 2016/679) (the ‘GDPR’), you have the following rights in respect of any personal data from which you can be identified, which we will always work to uphold:
- The right to access the personal data we hold about you. Part 10 will tell you how to do this.
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the details in Parts 1 and 3 to find out more.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we have. Please contact us using the details in Parts 1 and 3 to find out more..
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling, save that we do not use your personal data in this way.
Further information about your rights can also be obtained from the Information Commissioner’s Office (‘https://ico.org.uk’) and/ or your local Citizens Advice Bureau.
If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.
Information We Collect
We may collect some or all of the following personal data from you, which varies according to your relationship with us:
- Full name;
- Date of birth;
- Gender; (for Annual Awards of Excellence only)
- Home address, telephone number and email address;
- Business name, address, telephone number and email address;
- Twitter and Instagram accounts;
- Job title and/or profession;
- Qualifications, previous work experience (disclosed in your curriculum vitae) and references;
- Bank accounts details;
- Graduation and Award marks;
- Chest size information (for Chef’s jackets);
- Safeguarding declarations; and
- DBS certificates
Why We Process Your Personal Data
Under the GDPR, we must always have a lawful basis for collecting and using personal data. We process your personal data on the basis that it is necessary for our performance of the membership agreement or other contract with you; because you have consented to our use of your personal data (relevant for direct marketing by email or other electronic means); because it is in our legitimate business interests to do so; or it is necessary in compliance with a legal obligation.
When we use your personal data, we will always consider if it is fair, does not adversely affect your rights and if it is within your reasonable expectations. We will balance your rights and our legitimate interests to ensure that we use your personal data in ways that are not unduly intrusive or unfair.
Depending on your relationship with us, we may process your personal data for one or a number of the following reasons:
- Providing, managing and administering our relationship with you as members of RACA and AAS, including informing you about the services we are required to provide to you, keeping a record of your membership and facilitating payment of your membership fees;
- Facilitating participation and administration of the AAS programme, including making arrangements with those delivering and participating in AAS sessions, ensuring safeguarding and DBS obligations are fulfilled, and keeping records of the events;
- Making arrangements for and conducting and keeping records of all entrants and winders of the Awards of Excellence and other competitions and awards;
- Running and keeping records of the apprenticeship schemes;
- Communicating with you, which may include responding to emails or calls from you and notifying you about news events, promotions, programmes, competitions and networking events for members of RACA and AAS;
- Where applicable, supplying you with information by email or other electronic means that you have opted-in to receive (noting that you may unsubscribe or opt-out at any time by notifying the DPO as detailed with Parts 1 and 3;
- Fundraising and campaigning if applicable about current issues, including administering such campaigns and making arrangements to receive donations; and
- For charitable, statutory, financial reporting, other regulatory compliance, employment, and recruitment purposes.
With your permission and/or where permitted by law, we may also use your personal data for direct marketing purposes, which may involve providing you with information by email, telephone, post or other electronic means.
You will not be sent any unlawful marketing or spam and we will always work to fully protect your rights and comply with our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003, and you will always have the opportunity to opt-out.
How Long Will You Keep My Personal Data?
We will not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected. Unless we explain to you otherwise, we will hold your personal information:
- For as long as we have a reasonable business need, such as managing and administering our relationship with you, managing our operations and answering questions and addressing issues raised by past members of RACA and AAS;
- For as long as you remain a member of RACA or AAS or are otherwise involved with them;
- As long as we consider reasonable and necessary in terms of historic records for past Award and Competition winners and entrants, subject to appropriately reducing the detail of the personal data held over time; and
- Otherwise in line with legal and regulatory requirements and best practice guidance concerning recommended retention periods.
Security, Storing and Transfer Of Personal Data
We use appropriate technical and organisational measures and precautions to protect your personal data and to prevent the loss, misuse or alteration of your personal data
Whilst, unfortunately, the transmission of information via the internet is not completely secure, we will do our best to protect your personal data transmitted in this way and will put in place appropriate encryption and, where relevant, password protection of documents. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access
We use Microsoft Office 365, [Mailchimp] [and/or DropBox] products, which are multi-tenant cloud services, for our internal office use. This means that internal documents and information generated by us are stored in cloud services hosted within the European Economic Area (EEA).
Do You Share My Personal Data?
Save as set out below, we will not share any of your personal data with any third parties for any purposes. We will never share or sell your personal data to a third-party organisation for marketing, fundraising, or campaigning purposes
We might transfer your personal data to a secure data processor for them to carry out data processing operations on our behalf. This might, for example, include payment processing and/or payroll and tax matters and other operations where considered beneficial. Where this occurs we will take steps to ensure that your personal data is handled safely, securely, and in accordance with your rights and our obligations.
In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
On some occasions we might consider it necessary to approach you to seek consent before releasing your personal data to a third party.
For the purpose of this Part 9 it is worth clarifying that this applies to ‘third parties’ and not to the disclosure of your name, address and contact details to members of RACA and AAS which you have agreed for us to do by publishing these details in the Members’ Directory, a copy of which is provided to all RACA and AAS members to fulfil the objective of enabling them to network and make contact with each other. You have specifically undertaken that you will refrain from any behaviour that would bring RACA or its name into disrepute and this would include the use or mis-use of the personal data made available to you other than for the purpose intended by RACA.
How Can I Access My Personal Data?
If you want to know what personal data we have about you, you can ask us for details of that personal data and for a copy of it (where any such personal data is held). This is known as a “subject access request”.
All subject access requests should be made in writing and sent to the email or postal addresses shown in Part 1, marked for the attention of the ‘Data Protection Officer’, as detailed in Part 3.
There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will normally respond to your subject access request within 3 weeks and, in any event, not more than one month of receiving it and aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.