If you are a member of DPPE (including a prospective or past member), this Privacy Notice provides more information about the personal information that we collect, why and who we share it with.
Personal data we collect and how we collect it
- Identity and Contact Data, including your name, address, telephone number, email address, employer’s name and contact details, job title and function, and other personal information that you choose to provide;
- Opinions, if you choose to provide them on the DPPE Forum;
- Financial and Payment Data, including bank account and other data necessary for processing payments and fraud prevention and debt recovery, including credit/debit card numbers, security code numbers and other related billing information;
- Images and video may be recorded at our events such as a conference. (See below for further information about this)
Special Categories of Personal Data
Special Category Personal Data specifically means personal data relating to race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data.
With the exception of the categories identified below, DPPE does not expect to routinely collect or process special categories of personal data:
- We may need to collect information about a health or medical condition. For example, a disability, hearing or visual impairment where we need to make adjustments or ensure access arrangements at an event in order to meet your specific requirements.
- We may need to collect and record information about a health condition. For example, a dietary requirement at an event where we need to make alternative refreshments available for your needs and comfort.
This sort of information will only be used for these specific purposes.
We do not routinely collect any information about criminal convictions (including offences and alleged offences and any court proceedings or sentence) unless you give this sort of information to us.
Source of your personal information
DPPE expects to collect your personal information directly from you and from third party sources. For example:
- Directly from you: when you join DPPE or provide information via the DPPE Forum;
- Indirectly from third parties: where information is provided by third parties such as your employer as part of the joining process or in connection with the collection of membership subscription fees or event fees.
- Indirectly via our website: from connection data sent to our webserver by your browser when you connect to the DPPE website.
- Indirectly via web based services: for example, where analytical information is collected through electronic platforms made available to you in connection with services that we provide to you.
Information about other people
If you provide information to us about any person other than yourself, your employees, counterparties, your advisers or your suppliers, you must ensure that they understand how their information will be used, and that they have given their permission for you to disclose it to us and for you to allow us, and our outsourced service providers, to use it.
How will we use your personal information?
- To administer and manage your Membership application, your Membership, event bookings and communications;
- To process payments, billings and collection of payments;
- For promotional and marketing purposes.
Legal Basis for processing your personal data
Data protection law requires us to provide you with information about the legal basis for processing your personal data.
Contract:
When you apply to join DPPE, we will need to collect and process some personal information in order to administer your application. If you join DPPE, we will need to continue to process your information to manage your membership. Our legal basis for processing your personal information is contractual.
Consent:
We rely on your specific opt-in consent to process your personal information in the following circumstances:
- to publish a testimonial you have provided in conjunction with your name;
- to publish an image or video of you where you are the main focus (or your image is accompanied by your name), on our website or on a third-party social networking platform such as LinkedIn, Facebook or Twitter;
- to share your personal data with a third party for their own journalistic purposes;
- to share your personal information with a third party for their marketing purposes.
Legal Obligation:
We may need to use your personal data in order to comply with our legal obligations. For example, in order to comply with VAT rules.
Legitimate Interests:
In most other cases, our use of your personal data will be on the legal basis that it is necessary for our legitimate interests, or those of a third party such as an affiliate, providing those interests are not overridden by your own interests or fundamental rights and freedoms. For example:
- We will occasionally use your personal data to send you marketing information by email about DPPE (and our affiliates’) events, products and services such as legal seminars, training courses and conferences. DPPE direct marketing is necessary for our “legitimate interests” because it raises the profile of our organisation and increases our membership. It does not outweigh your rights and freedoms because you always have the right to object to the processing of your personal data on the legal basis of “legitimate interests”.
NB. We do not directly market general third party products and services unless you have specifically consented to this.
*Affiliates of DPPE are third parties with whom we have a close relationship and whose objectives are closely aligned with our own. - We may publish an image of you as part of a group of delegates or where you are not the main focus of the image, at a DPPE event on our website, in our Newsletter, on our social networking platform such as Facebook, Twitter or LinkedIn for the purposes of promoting and marketing DPPE;
- We may permit trusted affiliates to publish an image of you as part of a group of delegates at a DPPE event held in conjunction with that affiliate for the purposes of promoting DPPE and the affiliate’s joint working objectives;
- We may process your personal information for security purposes.
Explicit Consent and Substantial Public Interests Based Upon Law
Rarely, we need to process special categories of personal data such as health or medical information. For example, in order that we can cater for specific dietary needs or a hearing impairment at an event you are attending. We will only process this sort of information with your explicit consent or where it is necessary for reasons of substantial public interest that are based upon a law.
Legal Claims
DPPE may process special category personal information where it is necessary to establish, exercise or defend legal claims or where a court is acting in a judicial capacity.
DPPE’s Direct Marketing Policy
DPPE processes personal data for the purposes of direct marketing DPPE products and services (and occasionally those of our affiliates) and promoting our organisation. However, unless you expressly consent, it will never sell or rent your personal information to a third party, for that third party’s direct marketing purposes.
DPPE direct marketing is carried out on the legal basis of “legitimate interests” because it raises the profile of our organisation and increases our membership. However, to the extent that this involves the processing of your personal data, you have the legal right to object.
The Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR): Where DPPE sends direct marketing by email this is intended to be directed to Corporate Subscribers (i.e. our Member Organisations) rather than Individual Subscribers. However, you have the right to opt out of our direct marketing at any time. We will remind you of our policy in relation to direct marketing and of your right to opt-out, when we first collect your personal data and in every subsequent unsolicited direct marketing email.
Opting Out of DPPE direct Marketing:
You can opt-out of DPPE direct marketing at any point in time.
To stop electronic direct marketing by email, please follow the opt-out links on any marketing message sent to you or contact privacy@dppe.org.uk.
However, by opting out of direct marketing, you may not receive information about DPPE events (both paid for and free events) such as webinars, seminars and training courses.
Opting out of DPPE direct marketing, will not affect the processing of personal data for the provision of our membership services because the provision of these services is necessary for the contract between us. This means that you will continue to receive necessary service communications such as emails about meetings and potentially also subsidised training courses.
Disclosure of your personal data
Normally, we wouldn’t expect to share your personal data with another organisation except in the following circumstances:
- with our subsidiary undertakings and/or affiliates for the purposes of providing you with our services as described in this Privacy Notice;
- on a confidential basis with third parties for the purposes of collecting your feedback on our services, to help us measure our performance and to improve and promote our services;
- with service providers who we engage e.g. external software providers and mailers. For example, the DPPE forum platform and the DPPE website. Where we do this, the service providers are contractually required by us to keep your personal data secure and to only process it strictly in accordance with our instructions;
- where you have consented, with third parties for their marketing purposes;
- if we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets to whom we assign or novate any of our rights and obligations.
Information we transfer outside the European Economic Area (EEA) and the UK
Your information is normally kept within the UK or within the European Economic Area (EEA) and this is a priority for DPPE when choosing where we host and use your information.
On some occasions, we may have to use services that host your information outside of these areas. When this occurs, we will take steps to ensure that your information is protected by only using reputable suppliers that have gone through data protection due diligence checks and ensuring that the transfer complies with relevant data protection law.
If you require more information about this please contact the DPPE Privacy Manager.
How long we keep your personal data
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements and, where required for us to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled.
For example, records of past members are usually retained for 7 years after they have left DPPE. Beyond this, we will retain your contact details on our database unless you ask us to delete them.
Upon expiry of the applicable retention period we will securely destroy your personal data in accordance with applicable laws and regulations.
If you want to learn more about our specific retention periods for your personal data established in our retention policy, you may contact us at privacy@dppe.org.uk.