Privacy Policy

Customer Experience Management Association (CXMA.UK) fully complies with the General Data Protection Regulation in the UK and other relevant privacy legislation.

Your registration data will only be used for internal purposes and will not be sold, given away, or rented to third parties without your permission.

You will be contacted via your business email only for the purposes of Invisible Buyer event marketing and administration, general membership administration, and other club-related business.

PERSONAL DATA RETENTION

We will keep your personal data only for as long as is reasonably necessary for the purposes outlined in this Privacy Policy, or for the duration required by any legal, regulatory, accounting or reporting requirements, whichever is the longer. In particular, we retain membership records for six years after expiration or termination of your membership. When you consent to receive marketing communications, we will keep your data until you unsubscribe.

To determine the appropriate retention period for your personal data, we consider the amount, nature, and sensitivity of the personal data, the purposes for which we process your personal data, applicable legal requirements or operational retention needs, and whether we can achieve those purposes through other means.

Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations. In some circumstances we may anonymise your personal data so that it can no longer be associated with you, in which case it is no longer personal data.

YOUR PERSONAL DATA PROTECTION RIGHTS

Certain applicable data protection laws give you specific rights in relation to your personal data. In particular, if the processing of your personal data is subject to the GDPR, you have the following rights in relation to your personal data:

  • Right to erasure: You may ask us to delete or remove your personal data, such as where our legal basis for the processing is your consent and you withdraw consent. If we shared your data with others, we will tell them about the erasure where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data with so you can contact them directly. We may continue processing personal data where this is necessary for a legitimate interest in doing so, as described in this Privacy Policy.
  • Right to restrict processing: You may ask us to restrict or ‘block’ the processing of your personal data in certain circumstances, such as where you contest the accuracy of the personal data or object to us processing it. We will tell you before we lift any restriction on processing. If we shared your personal data with others, we will tell them about the restriction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.
  • Right to data portability: You have the right to obtain your personal data from us that you consented to give us or that was provided to us as necessary in connection with our contract with you. We will provide you with your personal data in a structured, commonly used and machine-readable format. You may reuse it elsewhere.
  • Right to object: You may ask us at any time to stop processing your personal data, and we will do so:
    If we are relying on a legitimate interest to process your personal data — unless we demonstrate compelling legitimate grounds for the processing or
    If we are processing your personal data for direct marketing.
  • Right to withdraw consent: If we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of processing of your data before we received notice that you wished to withdraw your consent.
  • Right to lodge a complaint with the data protection authority: If you have a concern about our privacy practices, including the way we handled your personal data, you can report it to the UK data protection authority (the Information Commissioner’s Office or ICO), or, as the case may be, any other competent data protection authority of an EU member state that is authorised to hear those concerns (you may find EU Data Protection Authorities’ contact information here.)
  • Right of access: If you ask us, we will confirm whether we are processing your personal data and, if so, provide you with a copy of that personal data along with certain other details such as the purpose of the data processing. If you require additional copies, we may need to charge a reasonable fee.
  • Right to rectification: If your personal data is inaccurate or incomplete, you are entitled to ask that we correct or complete it. If we shared your personal data with others, we will tell them about the correction where possible. If you ask us, and where possible and lawful to do so, we will also tell you with whom we shared your personal data so you can contact them directly.

If you wish to exercise any of these rights please contact us as described in the “Contact” section below. We may also need to ask you for further information to verify your identity before we can respond to any request.

CHANGES TO OUR PRIVACY POLICY

Any changes we may make to our Privacy Policy in the future will be posted on this page. Please check back frequently to see any updates or modifications. If required by the applicable law, we will notify you of any material or substantive changes to this Privacy Policy.