Privacy Policy

updated 3rd July 2018

 

 

Information about us 

PSNGB Limited is a limited company registered in England and Wales under company number 07525501, whose registered office is at 5, Jupiter House, Calleva Park, Aldermaston, Reading, Berkshire RG7 8NN.  The main trading style of PSNGB Limited is Innopsis and the trading address of PSNGB Limited is the same as its registered office.

The PSNGB Limited is registered as a data controller for personal data under reference ZA330878 as defined by the  Data Protection Act 2018.

This notice states:

What information we capture (click to find out more)

we gather:

  • traffic data about systems and browsers (i.e. network addresses, and types of systems and brokers) through Google Analytics (more details here)
  • preferences for the EU cookie banner, mobile view, Captcha completion and a random traffic tracking cookie through the Jetpack application within WordPress (more details here)
  • contact information (i.e. name and email address) through enquiries via the ‘contact us’ page element at https://www.innopsis.org/home/who-we-are/, our tools (governed by the terms and conditions of the operating system used) and any activities with members (i.e. title/forename/surname, email address, phone numbers) (processed within the Microsoft Office 365 Cloud system or MailChimp email service operated by PSNGB’s Directors).
  • employer and job function in relationship to membership status.
  • registration details for attendance at events and meetings (processed within Eventbrite Event Management Cloud Service and operated by PSNGB’s Directors).

 

How we use the information (click to find out more)

we use:

  • information from Google Analytics to determine how people use our site
  • information from Jetpack to track site usage and manage customer experience (i.e. Cookie popups and Captchas)
  • contact details entered into WordPress, Eventbrite or Mailchimp to communicate with individuals/organisations who have made an enquiry or registered to attend events or requested updates on communication topics.
  • contact detailed within Microsoft Office 365 to undertake communication activities related to the Innopsis activity.​
Our legal bases for processing information (click to find out more)

Legal obligations – we will process contact details and financial information in accordance with our legal obligations under:

  • Anti-Terrorism, Crime and Security Act 2001

  • Borders, Citizenship and Immigration Act 2009

  • Bribery Act 2010

  • Business Names Act 1985

  • Civil Evidence (Scotland) Act 1988

  • Civil Evidence Act (Northern Ireland) 1971

  • Civil Evidence Act 1995

  • Communications Act 2003

  • Companies Act 1985

  • Companies Act 1989

  • Companies Act 2006

  • Computer Misuse Act 1990

  • Copyright and Rights in Databases Regulations 1997

  • Copyright, Designs and Patents Act 1988

  • Copyright, etc. and Trade Marks (Offences and Enforcement) Act 2002

  • Corporate Manslaughter and Corporate Homicide Act 2007

  • Counter-Terrorism Act 2008

  • Criminal Evidence (Northern Ireland) Order 1988

  • Criminal Justice and Immigration Act 2008

  • Criminal Justice and Public Order Act 1994

  • Data Protection Act 2018

  • Data Protection Act 1998
  • Digital Economy Act 2017

  • Disability Discrimination Act 2005

  • Electronic Communications Act 2000

  • Employment Act 2002

  • Employment Rights Act 1996

  • Enterprise Act 2002

  • Equality Act 2006

  • Evidence Act (Northern Ireland) 1939

  • Fraud Act 2006

  • General Data Protection Regulation

  • Human Rights Act 1998

  • Income and Corporation Taxes Act 1988

  • Income Tax Act 2007

  • Insolvency Act 1986

  • Insolvency Act 2000

  • Latent Damage Act 1986

  • Limitation Act 1980

  • Obscene Publications Act 1959

  • Obscene Publications Act 1964

  • Police and Criminal Evidence (Northern Ireland) Order 1989

  • Police and Criminal Evidence Act 1984

  • Privacy and Electronic Communications (EC Directive) Regulations 2003

  • Protection from Harassment Act 1997

  • Protection of Freedoms Act 2012

  • Race Relations Act 1976

  • Regulation of Investigatory Powers Act 2000

  • Sex Discrimination Act 1975

  • Sex Offenders Act 1997

  • Taxes Management Act 1970

  • Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000

  • The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011

  • Value Added Tax Act 1994

  • Welfare Reform Act 2012

  • Wireless Telegraphy Act 2006

  • Work and Families Act 2006

Membership

Where you have:

  • Applied for membership
  • Have an active membership

we will process your contact details and financial information to maintain your membership.

Event participants

Where you have attended an Innopsis event, we will let you know about other Innopsis events that may interest you (but you will be given the opportunity to unsubscribe at any time).

We will only process personal information for contact purposes, as a result of consent, when they have been provided from the contact page (http://eepurl.com/duUMlv) or from meeting event partners where we obtain explicit consent for that specific purpose.

How we handle personal information (click to find out more)

all personal information that is captured as part of the provision of our services, or membership, are logged within an asset register, subject to risk assessment, application of controls and only handled/retained for the requirements stipulated in legislation, regulation and/or contractual obligation.

For clarity, applicable legal obligations are considered first, then applicable regulations, contracts and finally consent; in all cases, the most stringent requirements shall apply to information handling and retrieval of assets and where they are captured, processed, communicated and/or stored.

All personal data is processed in alignment with:

How long we will retain personal information (click to find out more)

We will retain all details of financial transactions for seven years, all personal contact information gathered from our events and other activities will be retained for a year after after the last contact.

Any other personal information shall be assessed to determine if there are any other retention requirements from law, regulation and/or contractual obligations relevant to it, and these will be complied with.

Where clients request it, we shall immediately securely erase any personal information in our care where the requestor is the data controller and the personal information has come from the requestor.

Your rights relating to personal information (click to find out more)

you have a range of rights with regards to your personal information (detailed within https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/), if you wish to exercise these rights, then please contact us. For details on how to contact us, please visit https://www.innopsis.org/company-information/

Who we share personal data with (click to find out more)

we use Microsoft for Cloud hosting of email, MailChimp for Email broadcasts, Eventbrite for Event Management and WordPress for website hosting.  We do not share any information with any of these organisations, but we do store and process personal data using these services.  We do not engage either organisation as a data processor for your personal data.

We will share information as required by law with government agencies, in accordance with those statutes.

If personal data is shared with any other body (ie Crown Commercial Service and NHS-Digital), you will be advised beforehand and given the option the opt out.

Our policy towards transfer of personal information outside of the UK (click to find out more)

Where possible, we do not use any service or system that processes personal information outside of the United Kingdom (UK).  Where services are located outside the UK, the services have Data protected by a Data Processing Agreement and Privacy Shield. We take all reasonable steps to ensure that processing of personal information occurs within this policy.

Our policy towards processing of children's personal data (click to find out more)

we do not provide information society services or services for children.  We do not accept any data from any person under 18. If any data is found to be added in breach of this condition, we will erase the data as soon as possible. As such, we do not take specific measures for children, although this privacy notice is designed to be understood by a child over the age of 13 years of age.