What data we collect and why
By joining the IBM Club, you agree that your personal information may be retained and used for the purposes of running IBM Club. Such information will not be used for any other purpose. The personal information retained by local IBM Clubs may include:
- Your IBM personnel number - to uniquely identify you.
- Your name and e-mail address - to facilitate contact with you on IBM Club business.
- Your address and telephone number, should you choose to provide them and would prefer to be contacted on Club business by post and/or phone as opposed to email (Retirees only).
- Details of IBM Club events and meetings that you attend, including details of payments made by you for such attendance. This is to enable Clubs to complete event reconciliations.
- Details of IBM Club subsections to which you subscribe, including details of payments made by you for such subscriptions. This is to ensure your membership subscriptions are up to date and the Club has an accurate membership listing for that Subsection.
How we collect your data
Your data is collected from your completed application form for joining the IBM Club.
For employees, by completing the online form on w3, your details are subsequently provided by the HR system. The data is then collected and kept as part of a master membership list (containing details on all IBM Club members) and individual membership lists (containing details on members affiliated to a specific club).
For Retirees, Pensions Trust provided a view of all Retiree members as of the 1st April 2018. Since then, data is collected directly from new Retiree members when they complete an application form.
When do we share your data and with whom?
The master membership list is shared with a small number of representatives from each Club, primarily to check eligibility for attending events. For example, if an IBM employee from North Harbour, would like to attend an event at IBM Basingstoke Club, the Basingstoke Club would need to consult the master membership list to see if that IBM employee was a Club member, and if so, which Club they're affiliated.
A further membership list is generated specific to each Club, which is made available to nominated Committee members of each Club. This specific individual list forms the basis for a distribution list for Club events.
It should be noted that Club Committees and therefore Club representatives include both IBM employees and IBM retirees.
Where we store your data
Both the master and individual membership lists are password protected files stored on Box and the password is provided separately to the Club representatives. Access is carefully monitored and controlled via regular CBN checks (Continued Business Need).
How long do we keep your data for?
Every new membership list supersedes the previous and any earlier version(s) will be deleted. If you decide to leave the IBM Club, your details will be deleted from the membership list effective from the 6th of the following month after the request is received (if received in time for payroll cut-off for employee members).
Know your rights
You have the right to ensure the data we hold is accurate, the right to see the data we hold on you and the right to delete your data as appropriate. Please contact EmployeeClubMembership@uk.ibm.com for employees or RetireeClubMembership@uk.ibm.com for retirees if you require further information on this.
Right to Lodge a Complaint
In the event you consider our processing of your personal information not to be compliant with the applicable data protection laws, you can lodge a complaint:
- Directly with IBM by using this form.
- With the competent data protection authority. The name and contact details of the Data Protection Authorities in the European Union can be found here.
Who is the data controller?
For the purposes of the EU General Data Protection Regulation (GDPR), the controller of your personal information is the IBM subsidiary (legal entity) that employs you, are where you are working for or on whose location you are working, with which you are collaborating, or which you are advising.
In readiness for GDPR, the UK IBM Clubs have taken the following actions:
Updated the Data Privacy Statement on:-
• all application forms
• all available websites, both internal and external
Provided clear guidance to Club Committees on the following:
• Data handling
• Data retention
• Data transfer