Print Friendly, PDF & Email

Data Protection and Privacy Policy Statement – 29.04.18

Devonshire House is a people-focused membership club for Director-level professionals in leadership roles who have an instinctive focus on the human side of enterprise. Membership is targeted at this broad group. Our purpose is to create, for our members, thinking time and space for key business issues and where people make the difference. Delivered through our website and through Events throughout the year, our members discover more about Enterprises and how the effectiveness of their people can be nurtured and grown.

GDPR compliance is built into all three categories of the Membership Agreement, full details of which are set out on the website.  Where we hold personal details of individuals who are not DHN Members, we have written evidence of authority to hold this information.

Our contacts with names on our files are by email, telephone or letter and are about our Events.

Our website – – reflects the senior level at which we work and the national leaders who come to talk to us.

This statement provides detail of our Data Protection and Privacy Policy.  We have updated this Policy Statement in the light of the new requirements to be implemented on 25.5.18, as we currently understand them. If changes are made in the interim period, we will review this Statement. We respect your right to privacy.

Hitherto, personal data that we have held on our files have related to our Members and to other parties who we have identified as reflecting our Membership Profile and, thereby, likely to want to know about us, come to our Events and, we hope, choose one of our Membership Categories – starting with the free one. We have not required your permission to hold this information but have always managed it in accordance with high and generally accepted standards of care and security and for the specific purpose of promoting their interest in Devonshire House.  This data has not been shared with any third parties and it is not our policy to do so. Where we have been requested to delete personal data by the data subject, we have done so.

With effect from 25.5.18, we require your consent to hold, record and manage this data – as set out in this Statement – and we are specifically requesting you to confirm your positive opt-in to this request.  We are keen to do this well ahead of the due date.  We are very keen to include you in our group of carefully selected contacts with whom we would like to keep in touch.  At any time, you may withdraw your consent by instructing us to do so.

These are the ways in which we manage our business specifically in the light of the GDPR

  1. All decision makers and key people in our organisation are aware that the law is changing under the GDPR. We document the personal data about you that we hold and where it came from. We maintain records of our processing activities. Devonshire House Network does have a Data Protection Officer. The Data Controller collecting the information described in this statement is Devonshire House Network.
  2. We uphold the GDPR’s accountability principle, which requires organisations to be able to show how they comply with the Data Protection principles. Generally accepted standards of technology and operational security have been implemented to protect personal information from loss, misuse, alteration or destruction. All personnel are required to keep personal information confidential and only authorised persons have access to such information.
  3. We continuously review our current privacy practices and will tell you about any changes that we make. When we collect personal data, in addition to current requirements, we will disclose to you our identity, how we intend to use your information, the lawful basis for processing the data and our data retention periods.
  4. Devonshire House assumes responsibility for keeping an accurate record of personal data once you have submitted the information to us or we have obtained it from other sources and seek your consent, but not for confirming the on-going accuracy of your personal information. If you tell us that your personal data is no longer accurate, it will be amended (where practical).
  5. Information is used only for the specific purpose for which it was provided which is centred around the 20 high level Events that we deliver and the material that supports these Events.
  6. Under the GDPR, you may complain to the ICO if you think there is a problem with the way we are handling your data. The GDPR requires the information to be provided in concise, easy to understand and in clear language.
  7. We recognise your rights under the GDPR including the right to be informed; the right of access; the right to rectification; the right to erasure; the right to restrict processing; the right to data portability; the right to object; and the right not to be subject to automated decision-making including profiling.
  8. We have the right procedures in place to detect, report and investigate a personal data breach. We are required to report to the GDPR certain types of data breach to the ICO, and in some cases, to individuals. Where a breach is likely to result in a high risk to the rights and freedoms of individuals, we will also have to notify those concerned directly in most cases. We have procedures in place to effectively detect, report and investigate a personal data breach.
  9. Data Protection Impact Assessment is required in situations where data processing is likely to result in high risk to individuals. Whilst we do not think this is likely at Devonshire House Network, we acknowledge It has always been good practice to adopt a privacy by design approach and to carry out a Privacy Impact Assessment (PIA) as part of this. However, the GDPR makes privacy by design an express legal requirement, under the term ‘data protection by design and by default’.

We reserve the right to amend our prevailing Data Protection and Privacy Policy Statement at any time and will place any such amendments on our website. This Data Protection and Privacy Policy Statement is not intended to, nor does it, create any contractual or legal rights on us in respect of any other party or on behalf of any party

If you have any questions about this privacy statement, please email us at