We understand that your privacy and the security of your personal information is extremely important.
This notice sets out what we do with your personal information, what we do to keep it secure, from where and how we collect it, as well as your rights in relation to the personal information we hold about you.
This notice contains some important information so please read it carefully.
- We do use a number of third parties to process your personal information on our behalf however, we have processes in place to ensure they also maintain the security of your information.
- You have a number of rights over your personal information. How you can exercise these rights is set out in this notice.
- We do send direct marketing, if we’re allowed to and we do this to encourage you to make best use of our products and services by sending you offers and ideas that we feel will be of benefit to you. If you want us to stop then please get in touch.
- We will limit the collection and processing of Sensitive Information (as defined under the General Data Protection Regulation (GDPR) as much as is practically possible.
Who are we?
When we say ‘we’ or ‘us’ in this policy, we’re referring to the separate and distinct legal entities that make up UKPDA from time to time.
Our registered address is: 27 Old Gloucester Street London WC1N 3AX
You can contact us in the following ways:
- By writing to The Data Protection Officer the above address
- By emailing us at firstname.lastname@example.org
What sorts of personal information do we hold?
- Information that you provide to us such as your name, address, date of birth, telephone number, email address, bank account and payment card details and any feedback you give to us, including by phone, email, post, or when you communicate with us via social media;
- Information about the services that we provide to you (including for example, the things we have provided to you, when and where, what you paid, the way you use our products and services, and so on);
- Information required to make decisions about your application for certain products and services offered by UKPDA such as your employment details, financial position, information taken from identification documents such as your passport or driving licence, your insurance, criminal and medical history, and details about additional insured parties
- Your account login details for our services, including your user name and chosen password;
- Information about whether or not you want to receive marketing communications from us;
- Information about any device you have used to access our Services (such as your device’s make and model, browser or IP address) and also how you use our Services. For example, we try to identify which of our apps you use and when and how you use them. If you use our websites, we try to identify when and how you use those websites too;
- Your contact details and details of the emails and other electronic communications you receive from us, including whether that communication has been opened and if you have clicked on any links within that communication. We want to make sure that our communications are useful for you, so if you don’t open them or don’t click on any links in them, we know we need to improve our Services; and
- Information from other sources such as specialist companies that provide customer information (like credit reference agencies such as Experian, fraud prevention agencies, claims databases, marketing and research companies) and social media providers, as well as information that is publicly available.
Further information about the specific types of information that we collect and process are set out in the “How we use your information” section below.
Our legal basis for processing your personal information
Whenever we process your personal information we have to have something called a “legal basis” for what we do. The different legal basis we rely on include:
Consent: You have agreed to us processing your personal information for a specific purpose;
Legitimate interests: The processing is necessary for us to conduct our business, but not where our interests are overridden by your interests or rights.
Performance of a contract: We must process your personal information to meet the terms of your contract with us;
Prevention of fraud: Where we are required to process your data in order to protect us and our customers from fraud or money laundering;
Vital interests: The processing of your personal information is necessary to protect you or someone else’s life;
Legal claims: The processing of your personal information is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity; and
Legal obligation: We are required to process your personal information by law.
How do we use your information?
There are a number of ways in which we use your personal information, depending on why you are interacting with us.
If you are a one of our client/member firms
As part of our service
When you apply to join us as a client/member, we will collect certain information about you including your name, phone numbers, email address, bank details and business address. We will also ask you about your business processes, financial information and for answers to questions relevant to the product or service you have applied for. The relevant teams will have access to all of this information. Some of this information will also be made available to other departments as needed, for example the finance team to process your payment information.
The data subjects of our membership varies based on the type of business joining us and could include directors, officers, sole traders, partners, financial advisors and other employees. We process this data to ensure we comply with our contractual obligations we have with you.
To provide you access to software solutions
We use personal information such as your name and business email address to set up and administer access to both UKPDA and Third Party Software solutions. This data is processed on the basis of the contractual obligations we have with you.
To advise you of products and services
We use your personal data to market our services and products by phone, mail and email and this processing is conducted on the basis of our legitimate interests in providing our members with support. You can change your preferences on this marketing activity by contacting our Marketing Department.
We share data with third party product providers and partners for the purpose of them receiving feedback on events you may attend and so that they can provide you with further information on products or services that may be of interest to you.
To keep you safe at events
We use your information to advise our event venue partners of the delegates expected so that they can ensure all health and safety provisions are in place including adhering to any dietary or access requests made. We process this data on the basis of the contractual obligations we have with you.
If you are one of our other customers or a supplier
In order to work with our other customers and suppliers, we will collect information such as the names, contact numbers and email addresses of relevant employees discuss your services, to manage our contractual obligations and billing arrangements. This information may be shared with colleagues within UKPDA that are involved in our supply chain including finance team members, contract managers and service users.
If we have a legal obligation to do so
Occasionally, we may receive requests from third parties with authority to obtain disclosure of personal data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, to establish, exercise or defend legal rights. We will only fulfil requests for personal data where we are permitted to do so in accordance with applicable law or regulation.
How will you obtain my consent when required?
As outlined above, there may be instances where our basis for processing your personal data is that you have provided your consent. In these circumstances, we will explain to you in writing what personal data we need and why, whether we need to disclose your personal data to any third party who and why, how long we will store the personal data, your rights of access to the personal, your options for consenting or refusing to consent or withdrawing consent, and the implications of consenting or refusing to consent or withdrawing consent. Please note that it is not a condition of engagement with us that you have to agree to any request for consent from us. We will only process your personal information without your knowledge or consent where this is required or permitted by law.
Recipients we share your data with
We may share your personal information with the following recipients:
- Provider partners and service delivery companies that support us in the provision of goods and services to you under membership of UKPDA
- Government bodies and agencies (e.g. HMRC for tax purposes)
- Regulators (e.g. Payment Systems Regulator, Information Commissioner’s Office, Financial Conduct Authority)
- Agents and sub-contractors who help us provide services (we employ other companies and individuals to perform functions on our behalf. Examples include IT support service and performing legal and other professional services. Those companies and individuals have access to your data as needed to perform their functions, but they are not permitted to use it for other purposes)
- Third party service providers (e.g. when we outsource some of the operations of our business to third party service providers. We restrict how such service providers may access, use and disclose your data)
- Credit reference agencies
- Legal and professional advisors, including auditors
- Courts, to comply with legal requirements, and for the administration of justice
- In an emergency to protect your vital interests
- To protect security or integrity of our business operations
- When we restructure our business or have a merger or re-organisation
- Anyone else where we have your consent or as required by law
Transfer of personal data outside the European Union (EU)
We are committed to implementing technical and organisational measures that, by default meet the requirements of the data protection legislation and the appropriate level of security. We will not share your personal data with a third party organisation without a valid business reason, a contract or Data Sharing Agreement in place, or without your consent. We will not transfer your personal data to organisations outside the European Union (EU) unless that country or territory can ensure an adequate level of protection in relation to the processing of your personal data.
Automated decision making including profiling
Your personal data is not subject to automated decision-making, including profiling.
How long do we keep your data?
We retain your data primarily to meet statutory and regulatory obligations; secondly, your data is retained to enable us to pursue our legitimate business interests in relation to our clients, current and future requirements. Our retention schedules are available on request.
In some circumstances, we may anonymise your personal information so that it can no longer be associated with you; in such circumstances we may use such information without further notice to you.
You have a number of rights under data protection legislation which, in certain circumstances, you may be able to exercise in relation to the personal information we process about you. These include:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
Where we rely on consent as the legal basis on which we process your personal information, you may also withdraw that consent at any time.
If you are seeking to exercise any of these rights, please contact us using the details in the “Contact Us” section below.
Requests, complaints or queries
We try to meet the highest standards when processing personal information. For this reason, we take any requests, complaints or queries we receive about this very seriously. We encourage people to bring it to our attention if they think that our collection or use of information is unfair, misleading or inappropriate.
This privacy notice does not provide exhaustive detail of all aspects of our processing of personal information. However, we are happy to provide any additional information or explanation needed.
If you want to make a query, request, or a complaint about the way we have processed your personal information you can contact us directly:
- By writing to us at our registered address (above)
- By emailing us at email@example.com
Alternatively, you have the right to lodge a complaint with the regulator which oversees data protection law:
Information Commissioner’s Office
Tel: 0303 123 1113