For the purpose of the UK General Data Protection Regulation (the Act) and the PECR (Privacy and Electronic Communications Regulations), NextGen Planners Ltd of Maxwell House, Liverpool Innovation Park, Liverpool, Merseyside, UK, L7 9NJ is the data controller. You write to The Data Protection Officer at this address.
INFORMATION WE MAY COLLECT FROM YOU
We may collect and process the following data about you:
Information that you provide to us by filling in forms on our site or that you e-mail to us. This includes information provided when you take a course, subscribe and/or register for any service that we may provide via our site from time to time or when you report a problem with our site.
If you contact us, we may keep a record of that correspondence.
Notes from any meetings and reports written.
We may also ask you to complete surveys that we use for research purposes, although you do not have to respond to them.
Details of your visits to our site including, but not limited to, traffic data, location data, weblogs and other communication data and the resources that you access.
This information is held for 7 years then deleted unless there is a specific reason for retaining it, for example a legal obligation requires us to do so.
IP ADDRESSES AND COOKIES
We specifically use Google Analytics for this. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
If you do not wish to have cookies recorded on your machine, you amend the settings on your browser to prevent them from being created. The “Help” section in your browser should provide you with the necessary information to adjust your settings and control the creation and storage of cookies on your hard drive.
You can also use these guides:
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org
WHERE WE STORE YOUR PERSONAL DATA
Almost all data we store about you is stored in the UK. However, as described below, we do work with some third parties who are located overseas, for business purposes and operational, support and continuity purposes, for example, when we use IT service providers. when this happens we will take all steps reasonably necessary to ensure that the recipients of your data will treat that data securely and in accordance with this policy.
Depending on the product or service you have contracted us to provide, once your data has been processed it will be transferred to Dropbox, a file-hosting system and/or Wealthbox, a CRM system and data processor. Dropbox files are encrypted using 256-bit Advanced Encryption Standard (AES). To protect data in transit between Dropbox apps (currently desktop, mobile, API, web) and our servers, Dropbox uses Secure Sockets layer (SSL)/Transport Layer Security (TLS) for data transfer, creating a secure tunnel protected by 128-bit or higher Advanced Encryption Standard (AES) encryption.
We will store your name and email address with Mailchimp, a data processor to enable us to communicate service and product updates to you.
We do use a third party business, Stripe Payments Europe Limited, to collect payments on our behalf, who are based in the EU but may pass personal information to their parent company in the United States. Whilst this means data can be transferred outside the UK and EEA, Stripe comply with applicable laws to provide an adequate level of data protection for the transfer of your personal data to the US. Their international data transfer policy Privacy is here.
Similarly, we also use Mighty Networks, which is a US based app, as a social network and messaging system. Again, you are bound directly by their terms and use of the app is optional, however they are subject to the EU Standard Contractual Clauses (SCC) and their Privacy Statement can be found here.
Both Stripe and Mighty Networks are businesses who you will contract with direct so you will be asked to accept their own terms and conditions directly, they are not sub-processors purely acting on our behalf, but we felt it was useful to highlight these here.
Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
You are responsible for keeping your own password for the website secure.
USES MADE OF THE INFORMATION
We use information held about you in the following ways:
To ensure that content from our site is presented in the most effective manner for you and for your computer.
Where you have consented to be contacted for such purposes, to provide you with information or services that you request from us or which we feel may interest you.
To carry out our obligations arising from any contracts entered into between you and us.
To promote and allow you to participate in any events or features which may offer on our site from time to time, when you choose to do so.
To notify you about changes to our service.
We do not disclose information about identifiable individuals to advertisers, but we may provide them with aggregate information about our users (for example, we may inform them that 500 men aged under 30 have clicked on their advertisement on any given day). We may also use such aggregate information to help advertisers reach the kind of audience they want to target (for example, women in L1). We may make use of the personal data we have collected from you to enable us to comply with our advertisers‘ wishes by displaying their advertisement to that target audience.
If we advertise details of job opportunities with our members on our website and you apply for one of the positions, we may ask you to provide further information about yourself so that we, and/or the relevant member, can contact you. These details together with any details you provide in a CV or application form will be treated as confidential and we will not allow employers to see any of your details without your prior consent.
DISCLOSURE OF YOUR INFORMATION
We may disclose your personal information to third parties:
If you have given your consent for us to do so for marketing or other specified purposes.
MARKETING AND YOUR RIGHTS
You have the right to ask us not to process your personal data for marketing purposes. We will inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third party for such purposes. You can exercise your right to prevent such processing by refusing your consent at the time of collection or at any other time by contacting us at firstname.lastname@example.org.
Our site may, from time to time, contain links to and from the websites of our members, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
ACCESS TO, RETENTION AND DELETION OF INFORMATION
The Act gives you the right to access information held about you. Your right of access can be exercised in accordance with the Act and we have 30 days to respond. You also have the right to ask us to erase, amend or limit the use of the data we hold about you. If there is a legitimate and permissible reason why we cannot do this we will explain why.
We have a retention policy which means we do not keep information we hold about you for longer than necessary unless we there is a legal obligation to do so.
More information about your rights can be found here.
MAKING A COMPLAINT
If for any reason you are not satisfied with our response, you can complain to the supervisory authority for data protection. In the UK this is:
Information Commissioner’s Office
0303 123 1113