This policy describes how we collect, use and handle your information when you use our website and services. It has been written to reflect changes in the UK law after the General Data Protection Regulation (GDPR) which come into force on 25th May 2018.
What & Why
We collect and use the following information to provide, improve and protect our services.
We collect, and associate with your membership, information like your name, email address phone number, physical address and account activity. We also request information to assist us monitor for equal opportunities (EO) and this is stored on our Maximizer database.
The EO information contains disability-related questions and qualifies as ‘special categories of personal data’ under GDPR Article 9.2.
We always request your explicit consent to collect and store this data and it is only used for processing for specific purposes (ie so we can anonymously report on our membership demographics).
Your Attendance at NADP Events
We collect and record information like your name, email address phone number, physical address and account activity so that we can administer your application to attend an event. We also request disability-related information from all delegates to ensure we can do our best to meet your needs. This data qualifies as ‘special categories of personal data’ under GDPR Article 9.2.
We always request your explicit consent to collect and store this data and it is only used for processing for specific purposes (ie so we can do our best to meet your needs).
Information is collected via our website. This uses Hyper Text Transfer Protocol Secure (HTTPS) which means all communications between your browser and the website are encrypted. We receive notification that your information has been submitted to the website and we access it directly from there. No special category information is emailed to us. All information is stored on our Maximizer database and, with your explicit consent, it may be shared with the conference or event venue should they need to be aware of your particular requirements in order to provide reasonable adjustments.
We may share information as discussed below, but we won’t sell it to advertisers or other third parties.
The third parties we use are…
- Website hosts, GURU Cloud hosting https://www.guru.co.uk/
NADP files/data are hosted in a secure physical environment in the UK, in a locked rack behind locked doors with heavily controlled access. Backups of these servers are in a similar setup but in another location inside the UK. Staff have access to these servers via SSH and physically, however this would only happen when requested by an authorised contact or by a court order. All staff have had DPA training and will be having the necessary refresher course in time for GDPR compliance.
- Maximizer CRM Database (through ADVOCO Solutions http://www.advoco-solutions.co.uk/ )
All Maximizer CRM sites use GeoTrust high grade encryption certificates. NADP files/data are hosted in a purpose-built environment using Maximizer-owned hardware within dedicated secured racks. The environment consists of secondary firewall (hardware) and failover firewall with dedicated switch and failover switch. The firewall is tightly configured to only allow traffic through to designated endpoint from designated sources. Backups of these servers are in a similar setup but in another location inside the UK. Both locations are ISO 27001 certified.
Certain pieces of NADP information may be stored in a Dropbox account and the Dropbox system can be used to securely transfer limited information from files when necessary (for example, sensitive information to venues or financial information to the treasurer/accountant). Dropbox is committed to the security and the protection of users’ data in line with legal requirements and best practices at all times. As detailed in their Trust Guideand demonstrated by their existing practices, which are ISO/IEC 27018:2014 certified, they already conform with many of the provisions of the GDPR. They are continuing to build and execute on their detailed GDPR compliance plans and are on the way to full compliance in advance of 25 May 2018.
- Conference Venues
- Conference/Event Presenters
People presenting at our conferences and events will be informed anonymously of whether any participants in their session require additional arrangements to access the session. They will receive a list of names of attendees in their session but no contact details. You may choose to share these on the day if you wish to do so.
You have the right to withdraw your consent to your information being used at any time.
If you request that your information is no longer shared with other organisations, such as a conference venue, we will ask them to delete any records that they hold. However, this may affect the reasonable adjustments that they are able to offer.
You have the right to raise any concerns you have directly with NADP: https://ico.org.uk/for-the-public/raising-concerns/
You have the right to report a concern to the Information Commissioners Office (ICO): https://ico.org.uk/concerns/
We’ll retain members’ and non-members information for as long as we need it to provide you with services. If you resign your membership, we will also delete this information. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations or resolve disputes.
Law & Order
We may disclose limited information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of NADP or our users; or (d) protect NADP’s property rights.
If we are involved in a reorganisation, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your membership) of any such deal and outline your choices in that event.
Have questions or concerns about NADP, our services and privacy? Contact us at firstname.lastname@example.org or at 212A Lansdowne Building, 2 Lansdowne Road, East Croydon, Surrey. CR9 2ER.