This policy sets out the different areas where user privacy is concerned and outlines the obligations & requirements of the users, the website and website owners. Furthermore, the way this website processes, stores and protects user data and information will also be detailed within this policy.
We are committed to protecting your privacy and aim to be clear when we collect your information and use it only as you would reasonably expect.
How we use personal information
We will not use your personal information unless we have first told you how we will use it or it is obvious how we will use it.
NLPC will not sell or rent your personally identifiable information to anyone.
The NLPC website
This website and its owners take a proactive approach to user privacy and ensure the necessary steps are taken to protect the privacy of its users throughout their visiting experience. This website complies with all UK national laws and requirements for user privacy.
Personally Identifiable Information (PII)
Whilst using our website, software applications or services, you may be required to provide personal information (name, address, email, account details, etc.). We will use this information to administer our website, applications, client databases and marketing material. We will ensure that all personal information supplied is held securely in accordance with the General Data Protection Regulation (EU) 2016/679, as adopted into law of the United Kingdom in the Data Protection Act 2018. Further, by providing telephone and email details, you consent to NLPC contacting you using these methods. You have the right at any time to request a copy of the personal information we hold on you. Should you wish to receive a copy of this, or would like to be removed from our database, please contact us at firstname.lastname@example.org .
As an event organisation we need to collect and use your personal information for:
Processing ticket applications
Ticket administration including but not limited to: payment, providing event information, delivery of continuous professional development and accreditation, campaigning, keeping a record of our relationship with a delegate/ticket purchaser
Keeping a record of if you have opted-out of receiving marketing emails
Delivering relevant NLPC communications
Providing services and/or fulfilling orders for products. Ticket administration and fulfilment is by post, telephone, and electronic means
Event applications, registrations, administration and informing people about our events
Carrying out surveys
Forwarding surveys and consultations run by other organisations with whom we collaborate or are funding
Facilitating the registration process, discounts and or cashback with our partners (where applicable) should a member use their products & services offered via their website
Understanding the use of our website including details of your visits to our website including, but not limited to, traffic data, location data, weblogs and other communication data, whether this is required for our own billing purposes or otherwise and the resources that you access
Monitoring use of, and satisfaction with, NLPC services and communications
Contractor and Third-Party administration
Information collection and use
Our legal basis for processing PII
Our lawful basis for the purposes that we process personal information is for the performance of our contract with you to provide:
For our legitimate interests in informing delegates of the activities of the NLPC
News about the sector we serve
Products you have purchased from us
The law allows us to collect and use personal data if it is necessary for our legitimate business interest and so long as its use is fair, balanced and does not unduly impact your rights. In many situations, the best approach is to process personal data because of our contract with you and our legitimate interests as a professional body, rather than consent. However, we will ask for your consent to send you marketing emails and text messages. You can withdraw consent for this at any time.
We do not expect to receive or process sensitive personal data. In extreme situations, we may share your personal details with the emergency services if we believe it is in your ‘vital interests’ to do so. For example, if someone is taken ill during one of our events.
We may also share your personal information where we are compelled by law to do so.
How do we collect information?
NLPC collects information in two possible ways:
1. When you directly give it to us (“Directly Provided Data”)
When you sign up for membership, purchase our products or communicate directly with us or our members, you may choose to give us certain information – for example, by filling in text boxes or completing registration forms or purchasing products. All this information requires a direct action by you at that time in order for us to receive it and process it.
2. When you give us permission to obtain from other accounts (“User Authorised Data”)
Depending on your settings or the privacy policies for other online services, you may give us permission to obtain information from your account with those other services. For example, this can be via the payment method you use (PayPal, GoCardless, etc.) or by choosing to send us your location data when accessing our website from your smartphone.
We collect personal information from you directly through our website, over the phone, through surveys and sometimes paper forms.
We may collect information about the software on your computer or device (your browser version etc.) and your IP address (your connection with the internet) to improve your interaction with our website and for our records. This may happen automatically without your being aware of it.
Cookies are small files saved to the user’s computer’s hard drive that track, save and store information about the user’s interactions and usage of the website. This allows the website, through its server to provide the users with a tailored experience within this website.
We use anonymous session cookies (short-term cookies that disappear when you close your browser) to help you navigate the website and make the most of the features. If you log into the website, application or a course as a registered user, your session cookie will also contain your user ID so that we can check which services you are allowed to access.
Should users wish to deny the use and saving of cookies from this website onto their computer’s hard drive, they should take necessary steps within their web browser’s security settings to block all cookies from this website and its external serving vendors.
The personal information that we collect
The type and quantity of information we collect and how we use it depends on why you are providing it. The following is a more detailed explanation of what personal information we collect in each circumstance:
For event applications, registrations and administration we may also collect:
Name and contact details of the person or organisation making the booking
Name and contact details of the person attending the event (if different to the person making the booking)
Source of referral
Payment information details (this information is only securely passed to our third-party payments processing services and not stored by the NLPC)
Specific information such as relevant dietary and access requirements to facilitate event attendance, if given to us by you
For informing people about our events we may also collect:
Names and contact details of non-delegates
For managing applications for products and services with our partners we may also collect:
When you log in to partner sites when referred from our website
What products and services were purchased or used by you on those sites, including transaction details (date of transaction, cost and product or service purchased)
For administration of complaints and feedback
A written summary of your complaint or feedback about our products or services or those of relevant partners or members including the complainants PII
A written summary regarding an alleged breach of the code of ethics by you, received by us from a third party including related PII
A written record of any relevant actions, decisions and correspondence we may have taken.
Where we store your personal information
The data that you provide us with will typically be stored and processed within the European Economic Area ("EEA"). However, some of the services we use will mean that your data may be transferred to and stored at, a destination outside the EEA. In these cases, we ensure that the provider is able to operate under the EU Binding Corporate Rules arrangement. Binding Corporate Rules (“BCRs”) are company-wide data protection policies approved by European data protection authorities to facilitate intra-group transfers of personal data from the European Economic Area (“EEA”) to countries outside the EEA. BCRs are based on strict privacy principles established by European Union data protection authorities and require intensive consultation with those authorities.
All information you provide to us is stored on secure servers with our approved third party suppliers. Any payment transactions are encrypted and the NLPC do not store any payment information. Where we have given you (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask that you not to share a password with anyone.
Unfortunately, the transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our website; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
How we may share personal information
We may share some of your personal information with organisations that carry out processing operations on our behalf, such as payment gateways, companies or individuals who sell their products on our website, web services companies and mail distribution organisations. We carry out checks on these companies before we work with them and put a contract in place that sets out our expectations and requirements, especially regarding how they manage the personal information that we give to them.
We do not sell or share personal information with third parties for the purposes of marketing. If we run an event in partnership with another named organisation, your details may need to be shared with them. We will be very clear what will happen to your personal information if you register for such an event.
We will not sell personal information other than as part of a sale of a substantial part of our assets. We may disclose summary data only to a prospective purchaser, but only for use in connection with that sale.
We may, however, need to disclose your details, if required, to the police, other emergency services, regulatory bodies or legal advisors. We will only ever share your data in other circumstances if we have your explicit and informed consent.
We reserve the right to publish the names of individuals and or businesses on our website whose membership has been suspended or terminated by us, including the date that the suspension or termination came into effect.
How we protect personal information
We undertake regular reviews of who has access to information that we hold to ensure that your information is only accessible by appropriately trained staff and contractors.
We provide guidance and regular data protection training to our staff.
We ensure that there are appropriate technical controls in place to protect your personal details. For example, our computer network and servers are protected and routinely monitored and our staff who work from home are subject to our Home Worker Policy (available on request by emailing email@example.com ).
We store all PII that you supply us with on secured servers or in secured paper files. For your protection, any payment details that you provide us with will be encrypted using SSL (Secure Sockets Layers) technology.
Unfortunately, the transmission of information over the internet can never be completely secure. Although we will do our best to ensure that your personal information is protected, we cannot guarantee the security of your data transmitted to the website. Any transmission of your personal information by you is therefore at your own risk. Once we have received your information, we will use strict procedures and security features to try and prevent unauthorised access.
How long we keep personal information
NLPC will not retain your personal information longer than necessary. We will hold onto the information you provide either while your account is in existence, or as needed to be able to provide the Services to you, for as long as is necessary to provide support-related reporting and trend analysis only.
If legally required or if it is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse or to enforce our Terms and Conditions, we may also retain some of your information for a limited period of time as required, even after you have closed your account or it is no longer needed to provide the Services to you.
We keep personal information about:
Complaints and feedback.
Event applications, registrations and administration.
Surveys so that data can be referenced for statistical analysis.
Contractors for the duration of their employment engagement.
You have a right to know what personal data we hold, who we acquired it from, how we process it, the logic involved in any automatic processing, and who we disclose it to.
You have a right to ask us not to make decisions based solely on the automatic processing of your personal information.
You have a right to ask us not to process your personal information in a way that is likely to cause unwarranted and substantial damage or distress.
You have the right to request access to any of your personal data we hold, information about how and why it is processed, and to whom it may be disclosed.
You have a right to ask us to erase your personal information.
These statutory rights are qualified by exceptions and exemptions.
To exercise any of these rights, please contact us at firstname.lastname@example.org or on the telephone number or address at the beginning of this policy.
You can find out more about your rights from the Information Commissioner, who regulates data protection and privacy.
Changes to this policy