This Policy sets out the following:
- About Purchase to Pay Network (and how to contact us)
- What information we collect
- Our website and cookies
- Keeping your information safe
- International transfers
- Your rights
- Updates to this policy
ABOUT THE PURCHASE TO PAY NETWORK (AND HOW TO CONTACT US)
We are The Purchase to Pay Network Limited, a company registered in England and Wales (registration no.06751637 ). Our registered address is 40 Caversham Road, Reading, RG1 7EB.
For the purposes of data protection law , we will be a controller of the personal information we hold about you. This means we make decisions about how and why your information is used, and have a legal duty to make sure that your rights are protected.
WHAT INFORMATION WE COLLECT
In order to operate our business and provide our services, we need to use personal information about actual and prospective PPN members, as well as their employees. The Network is based on the ability to connect members and PPN readers to one another so that they can share knowledge and gain insight. This would simply not be possible without using personal information.
The personal information we may collect include your name, position within your company, corporate e-mail address, direct dial and mobile phone number.
If you attend one of our events, we may take photographs or films of you for promotional purposes. These images may be shared with other PPN members and prospective members. They may also be published in PPN's social media accounts. If you do not wish to be filmed, please tell our cameraman on the day.
How we use your information
We will only use your information with your consent, or because we need to do so in order to:
- enter into, or perform, a contract with you;
- comply with a legal duty;
- for our own (or a third party’s) lawful interests, provided your rights don’t override these; or
- to protect your vital interests.
1 What information we collect
2 Our website & cookies
4 Keeping your information safe
6 International Transfers
7 Your rights
8 Updates to this policy
In any event, your information will only be used for the purpose(s) we collected it for (or else for a closely related purpose, such as record keeping).
We will never sell or trade your personal information. If your organisation becomes a member or reader of PPN, we may make your name and e-mail address visible to other members. However, your personal details will never be shared outside of PPN and our published partners.
We also will share the personal information of those individuals who attend our events, but only in order to confirm their attendance and cater for any dietary requirements they might have. All our suppliers/sponsors/partners will only be allowed to use the information for a specific purpose and it will be their duty to ensure that the information is protected.
We do not normally collect or process sensitive personal information about our members and readers or their employees, (such as information about someone’s health or beliefs). In the unlikely event that we do (for example, if an accident occurs at one of our events), we’ll ensure that this information is kept private and secure.
We don’t collect or process personal information about visitors to our website (www.p2pnetwork.org) unless they choose to provide information (such as when signing up to our newsletter).
We may collect non-personal information about visitors to our website as this helps us optimise and improve it. This information might include your internet protocol address, the browser being used to connect to our website, the device (e.g. its operating system) and the connection type (e.g. the Internet service provider used). However, none of this information will directly identify you.
We also use sharing buttons in order to make it easier for you to share our content to your social media pages. These buttons are third-party cookies which are placed onto your machine when you visit our website. The social networks which place such cookies are Facebook, Twitter, LinkedIn and Google Plus. Even without you clicking on the relevant sharing button, these sites are aware that you have visited our website, and may use this information when building their profile of you, and deciding what advertisements you might like to see. You should check the respective policies of each of these social networks to see how exactly they use your information.
This process does not involve us collecting or storing any of your personal information.
Hyperlinks to other sites
If your organisation becomes a member or regular reader of PPN, we may contact you by email, telephone or post with information about upcoming events, news about PPN's other activities, or to notify you of changes to our terms of membership or this Policy.
We will only contact an individual personally with email marketing communications if that individual (or the organisation they represent) is an existing PPN member or reader, or if they have asked to receive marketing or enquired about a particular service.
Changing your preferences or unsubscribing
You can change how you hear from us or unsubscribe from marketing at any time. If your organisation is a member of PPN, You can do this by clicking the “unsubscribe” link on any of our emails. If you are not an PPN member or reader, you can also unsubscribe by clicking the “unsubscribe” link on any of our emails, or by contacting us using the details given in section 1 above. You can also contact us using these details if you wish to complain about a marketing communication you have received in error.
We employ a variety of physical and technical measures to keep your personal information safe and to prevent unauthorised access to, or use or disclosure of it. Electronic data and databases are stored on secure computer systems and we control who has access to them (using both physical and electronic means). Our staff receive data protection training and we have a set of detailed data protection procedures which they are required to follow when handling personal information.
We cannot absolutely guarantee the security of the internet, external networks, or your own device, accordingly any online communications (e.g. information provided by email or through our website) are at your own risk.
We only store personal information as long as it is required for the purpose(s) we collected it for (or for a related compatible purpose, such as keeping a record of an organisation’s membership and past activity). We regularly review the data we have and delete that which is no longer necessary. In certain situations you have the right to request that data about you be deleted (the right to be forgotten), please see section 8 for further details.
If you believe that any information we are holding about you is incorrect or incomplete, please contact us using the details set out in section 1.
Except as set out below, we normally only store personal information within the European Economic Area (EEA). If one of our subcontractors (such as a payment processor) needs to transfer it outside of the EEA then we will take steps to make sure adequate levels of privacy protection, in line with UK data protection law, are in place. These safeguards will usually be contractual and/or the result of a European Union decision which allows the transfer (for example, a US organisation which is certified under the EU-US Privacy Shield framework).
We use ConstantContact, a customer relationship management system based in the USA, to manage and send email communications. This may mean your information has been transferred to the USA. However, ConstantContact is certified under the EU-US Privacy Shield Scheme, meaning it has taken steps to ensure your information is adequately protected.
We want you to remain in control of your personal information. Part of this is making sure you understand your legal rights, which are as follows:
- where your personal information is processed on the basis of consent, the right to withdraw that consent;
- the right to confirmation as to whether or not we are holding any of your personal information and, if we are, to obtain a copy of it;
- from 25 May 2018, the right to have certain information provided to you in a portable electronic format (where technically feasible);
- the right to have inaccurate information rectified;
- the right to object to your information being used for marketing or profiling, or on the basis of our or a third party’s legitimate interests;
- the right to restrict how your information is used; and
- the right to be forgotten, which allows you to have your information erased in certain circumstances (though this is not an absolute right and may not apply if we need to continue using it for a lawful reason).
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so (for example, because the information no longer exists or there is an exception which applies to your request).
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you should contact the UK Information Commissioner's Office, which oversees data protection compliance in the UK. Details of how to do this can be found at www.ico.org.uk.
Updates to this policy
We may update this Policy at any time. When we do, we will post a notification on the main page of our website and revise the updated date at the bottom of this page. We encourage users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we hold.
This policy was last updated in May 2018