Before a member can receive client enquiries from us they must agree to this contract (from within the AMPdj members area).
Under the GDPR regulations, effective from 25th May 2018, AMPuk Members Ltd will be the 'Controller' and members who receive client enquiries from the public will be classed as 'Processors' of the information sent to them via our web sites.
Before you can receive these client enquiries you must read
and agree to comply with the following contract.
Enquiries, sent via email and available on-line in your members area, will contain information about forthcoming events including the contact details of the organiser (name, email address/phone number)
The member should respond to the enquiry in a timely manner and within 7 days.
If the enquiry is not suitable or relevant for any reason then it should be safely deleted.
If applicable, members should respond to the client using the preferred methods stated in the enquiry.
If the response is successful and the member secures the booking then they may retain the original information until after the date of the event when it should then be safely deleted. In all other cases the information should be deleted at the earliest opportunity.
All information contained within the enquiry should be treated in confidence and not shared with any other person or organisation or on any other site (including social media).
The information should only be used to contact the client about the specified event and should not, under any circumstances, be used for any other purpose.
Members should ensure that the information is kept secure whilst in their possession. This includes password protecting devices that hold personal information and locking filing cabinets when the information is in paper format.
Members are also expected to:
- assist the controller in providing subject access and allowing data subjects to exercise their rights under the GDPR;
- assist the controller in meeting its GDPR obligations in relation to the security of processing, the notification of personal data breaches and data protection impact assessments;
- delete or return all personal data to the controller as requested at the end of the contract; and
- submit to audits and inspections, provide the controller with whatever information it needs to ensure that they are both meeting their Article 28 obligations, and tell the controller immediately if it is asked to do something infringing the GDPR or other data protection law of the EU or a member state.