This policy describes how we collect, use and handle your information when you use our website and services. It has been written to reflect changes in the UK law after the General Data Protection Regulation (GDPR) which come into force on 25th May 2018.

National Association of Disability Practitioners Privacy Policy

This policy describes how we collect, use and handle your information when you use our website and services. It has been written to reflect changes in the UK law after the General Data Protection Regulation (GDPR) which come into force on 25th May 2018.

What & Why

We collect and use the following information to provide, improve and protect our services.

Your Membership

We collect, and associate with your membership, information like your name, email address phone number, physical address and account activity. We also request information to assist us monitor for equal opportunities (EO) and this is stored on our Maximizer database.

The EO information contains disability-related questions and qualifies as ‘special categories of personal data’ under GDPR Article 9.2.

We always request your explicit consent to collect and store this data and it is only used for processing for specific purposes (ie so we can anonymously report on our membership demographics).

Your Attendance at NADP Events

We collect and record information like your name, email address phone number, physical address and account activity so that we can administer your application to attend an event. We also request disability-related information from all delegates to ensure we can do our best to meet your needs. This data qualifies as ‘special categories of personal data’ under GDPR Article 9.2.

We always request your explicit consent to collect and store this data and it is only used for processing for specific purposes (ie so we can do our best to meet your needs).

Information is collected via our website. This uses Hyper Text Transfer Protocol Secure (HTTPS) which means all communications between your browser and the website are encrypted. We receive notification that your information has been submitted to the website and we access it directly from there. No special category information is emailed to us. All information is stored on our Maximizer database and, with your explicit consent, it may be shared with the conference or event venue should they need to be aware of your particular requirements in order to provide reasonable adjustments.

Sharing Information

We may share information as discussed below, but we won’t sell it to advertisers or other third parties.

NADP uses certain trusted third parties (for example, providers of conference venues and IT services) to help us provide, improve and protect our Services. These third parties will access your information only to perform tasks on our behalf in compliance with this Privacy Policy. We do not transfer information outside the EU.

The third parties we use are…

  • Website hosts, GURU Cloud hosting https://www.guru.co.uk/
    NADP files/data are hosted in a secure physical environment in the UK, in a locked rack behind locked doors with heavily controlled access. Backups of these servers are in a similar setup but in another location inside the UK. Staff have access to these servers via SSH and physically, however this would only happen when requested by an authorised contact or by a court order. All staff have had DPA training and will be having the necessary refresher course in time for GDPR compliance.
  • Maximizer CRM Database (through ADVOCO Solutions http://www.advoco-solutions.co.uk/ )
    All Maximizer CRM sites use GeoTrust high grade encryption certificates. NADP files/data are hosted in a purpose-built environment using Maximizer-owned hardware within dedicated secured racks. The environment consists of secondary firewall (hardware) and failover firewall with dedicated switch and failover switch. The firewall is tightly configured to only allow traffic through to designated endpoint from designated sources. Backups of these servers are in a similar setup but in another location inside the UK. Both locations are ISO 27001 certified.
  • Dropbox
    Certain pieces of NADP information may be stored in a Dropbox account and the Dropbox system can be used to securely transfer limited information from files when necessary (for example, sensitive information to venues or financial information to the treasurer/accountant). Dropbox is committed to the security and the protection of users’ data in line with legal requirements and best practices at all times. As detailed in their Trust Guideand demonstrated by their existing practices, which are ISO/IEC 27018:2014 certified, they already conform with many of the provisions of the GDPR. They are continuing to build and execute on their detailed GDPR compliance plans and are on the way to full compliance in advance of 25 May 2018.
  • JISCMail
    We share your email address with JISCMail in order to allow your access to the JISCMail networks of NADP disability and inclusivity practitioners. These lists are closed lists ie members are by invitation only and the archives of the list are private which means that they can only be accessed by subscribers to the list. If you decide to subscribe to the list, JISCMail will send you an automatic email with full details of their privacy policy.
  • Conference Venues
    Each conference venue will always be asked to share their privacy policy and details of their GDPR compliance which you will be able to view using a link from our booking pages. Any special category information you have given us permission to share will be shared by a secure file transmission, not email.
  • Conference/Event Presenters
    People presenting at our conferences and events will be informed anonymously of whether any participants in their session require additional arrangements to access the session. They will receive a list of names of attendees in their session but no contact details. You may choose to share these on the day if you wish to do so.

Your Rights

You have the right to withdraw your consent to your information being used at any time.

If you request that your information is no longer shared with other organisations, such as a conference venue, we will ask them to delete any records that they hold. However, this may affect the reasonable adjustments that they are able to offer.

You have the right to raise any concerns you have directly with NADP: https://ico.org.uk/for-the-public/raising-concerns/

You have the right to report a concern to the Information Commissioners Office (ICO): https://ico.org.uk/concerns/

Retention

We’ll retain members’ and non-members information for as long as we need it to provide you with services. If you resign your membership, we will also delete this information. But please note: (1) there might be some latency in deleting this information from our servers and back-up storage; and (2) we may retain this information if necessary to comply with our legal obligations or resolve disputes.

Law & Order

We may disclose limited information to third parties if we determine that such disclosure is reasonably necessary to (a) comply with the law; (b) protect any person from death or serious bodily injury; (c) prevent fraud or abuse of NADP or our users; or (d) protect NADP’s property rights.

Changes

If we are involved in a reorganisation, merger, acquisition or sale of our assets, your information may be transferred as part of that deal. We will notify you (for example, via a message to the email address associated with your membership) of any such deal and outline your choices in that event.

We may revise this Privacy Policy from time to time, and will post the most current version on our website. If a revision meaningfully reduces your rights, we will notify you using the email address associated with your membership.

Contact

Have questions or concerns about NADP, our services and privacy? Contact us at admin@nadp-uk.org or at 212A Lansdowne Building, 2 Lansdowne Road, East Croydon, Surrey. CR9 2ER.

NADP Privacy Policy v2.0