Primary Business Partnership (PBP) is committed to protecting your privacy and security. This policy explains how and why we use your personal data, to ensure you remain informed and in control of your information.
From 1 May 2018, PBP will ask its customers to “opt-in” for marketing communications. This is due to a change to the rules which govern how we can communicate with you and a new regulation on personal data (the General Data Protection Regulation) coming into force in May 2018. Therefore we are introducing a new approach that relies on you giving us your consent about how we can contact you. This means you’ll have the choice as to whether you want to receive these messages.
You can decide not to receive communications or change how we contact you at any time. If you wish to do so please contact [email protected] or write to PBP c/o CfLP, Town Hall, Market Street, Cockermouth, Cumbria CA13 9NP or telephone 01900 824 822 (Lines open 9am – 5pm, Mon – Fri).
We will never sell your personal data, and will only ever share it with organisations we work with where necessary to fulfil a contract of work for you.
Any questions you have in relation to this policy or how we use your personal data should be sent to [email protected] or addressed to The Data Protection Officer, PBP c/o CfLP, Town Hall, Market Street, Cockermouth, Cumbria CA13 9NP
2. ABOUT US
Your personal data (i.e. any information which identifies you, or which can be identified as relating to you personally) will be collected and used by the Primary Business Partnership (c/o CfLP registration no. 7621600 with data controller number Z3481153).
Primary Business Partnership has been set up and funded by OneAIM. OneAIM is a joint venture between Wood (previously Amec Foster Wheeler) and Interserve. The joint venture is responsible for delivering the Operations Site Works (OSW) Framework for Sellafield Ltd.
Primary Business Partnership is managed by the Centre for Leadership Performance (CfLP) which is based at Town Hall, Market Street, Cockermouth, Cumbria CA13 9NP. For the purposes of data protection law, CfLP will be the controller on behalf of PBP. Data will be shared with OneAIM as and when required.
3. WHAT INFORMATION WE COLLECT
Personal data you provide
We collect data you provide to us. This includes information you give when registering for courses, workshops or programmes or communicating with us. For example:
Personal details (name, email, address, telephone, dietary requirements etc.) when you register for courses, workshops or programmes;
Information created by your involvement with PBP
Your activities and involvement with PBP may result in personal data being created. This could include details of how you are progressing with your learning aims whilst on one of our programmes or courses.
We conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by asking for feedback after our events and programmes.
Information from third parties
We sometimes receive personal data about individuals from third parties. For example, if we are delivering a piece of work for a company, they may provide us with details of the employees who are participating in the programme.
Also, as explained in Section 12 (Cookies and links to other sites), we may use third parties to help us conduct research and analysis on personal data (and this can result in new personal data being created).
We may collect information from social media where you have given us permission to do so, or if you post on one of our social media pages.
Occasionally, we may collect information about certain customers (e.g. particularly well known or influential people) from public sources. This could include public databases (such as Companies House), news or other media. We don’t do this to everyone, and it is the exception not the rule.
Sensitive personal data
We do not normally collect or store sensitive personal data (such as information relating to health, beliefs or political affiliation) about customers and members. However there are some situations where we do collect information regarding to health (e.g. as part of our safeguarding for under 16s when participating in the Elements or NHS Clinical Skills in the Classroom programmes where we ask parents to inform us of things such as allergies, mobility issues, conditions requiring extra support etc). In these circumstances, we take extra care to ensure your privacy rights are protected and that the information is only shared with individuals who need to know as part of the delivery of the programme.
Accidents or incidents
If an accident or incident occurs on our property, at one of our events or involving one of our staff then we’ll keep a record of this (which may include personal data and sensitive personal data).
4. HOW WE USE INFORMATION
We only ever use your personal data with your consent, or where it is necessary in order to:
- enter into, or perform, a contract with you;
- comply with a legal duty;
- protect your vital interests;
- for our own (or a third party’s) lawful interests, provided your rights don’t override these.
In any event, we’ll only use your information for the purpose or purposes it was collected for (or else for closely related purposes):
We use personal data to communicate with people and to promote PBP. This includes keeping you up to date with our news, updates, and information about our programmes and courses. For further information on this please see Section 5 (Marketing).
We use personal data for administrative purposes (i.e. to carry on our training and development work). This includes:
- receiving payments;
- maintaining databases of our customers and suppliers;
- fulfilling orders for goods or services (whether placed online, over the phone or in person);
- helping us respect your choices and preferences (e.g. if you ask not to receive marketing material, we’ll keep a record of this to ensure you are not re-added at a later date).
Internal research and analysis
We carry out research and analysis on our customers to monitor the quality of our work and to assess its success. This helps us improve our work and to make PBP a stronger and more effective programme. By understanding our customers and what helps them to learn and develop, we can provide a better and more effective experience for our customers and suppliers.
Supporter research and profiling
We evaluate, categorise and profile personal data in order to tailor materials, services and communications and prevent unwanted material from filling up your inbox. This also helps us understand our customers, improve our organisation and carry out research. Further information on profiling can be found in Section 6 (Research and profiling).
5. DISCLOSING AND SHARING DATA
We will never sell your personal data. We may contact you with information about our partners, or third party products and services, but only if we think the information may be of genuine interest to you (i.e. we will not just try to sell someone else’s products to you). These communications will always come from PBP and not the third party. For example, we may send our school contacts information about free events or services that might be of interest to them.
We may share personal data with subcontractors or suppliers who provide us with services. For example, if you book one of our aspiration sessions which is being delivered by a subcontractor, then we will share the details that we have for you (relevant to the session) with the sub-contractor.
Occasionally, where we partner with other organisations, we may also share information with them (for example, if you register to attend an event being jointly organised by us and another party). We’ll only share information when necessary.
From 1 May 2018, PBP will ask its customers to “opt-in” for most communications. This includes all our marketing communications.
This means you’ll have the choice as to whether you want to receive these messages or not.
You can decide not to receive communications at any time by any of the following methods:
- click the ‘unsubscribe’ option at the bottom of any of our emails;
- email [email protected];
- write to PBP c/o CfLP, Town Hall, Market Street, Cockermouth, CA13 9NP;
- telephone 01900 824 822.
What does ‘marketing’ mean?
Marketing does not just mean offering things for sale, but also includes news and information about:
- our work;
- PBP benefits and offers;
- our events, activities and local groups;
- products, services and offers (our own, and those of third parties which may interest you);
- taking part in projects;
- ideas and features.
When you receive a communication, we may collect information about how you respond to or interact with that communication, and this may affect how we communicate with you in future.
If you are a member of PBP local group, you can unsubscribe from general marketing but continue to receive your local group’s newsletter if you wish.
7. RESEARCH AND PROFILING
This section explains how and why we may use personal data to build profiles which enable us to understand our customers, improve our relationship with them, and provide a better experience.
Analysis and grouping
We may analyse our customers to determine common characteristics and preferences. We do this by assessing various types of information including behaviour (e.g. previous responses) or demographic information (e.g. location).
By grouping people together on the basis of common characteristics, we can ensure that group is provided with communications, products, and information which are most important to them. This helps prevent your inbox from filling up, and also means we aren’t wasting resources on contacting people with information which isn’t relevant to them.
Profiling to help us understand our customers
We may profile customers in terms of the activities they engage with us in. For example, we keep track of the events, courses or programmes each customer is involved in. This information helps us to ensure communications are relevant and timely.
If, based on information that has been provided to us (such as geographical location, course topics, age), it appears an individual might be interested in a particular product or service we may contact them to see if they are.
On occasion, we may also combine information about particular customers with external information (such as directorships listed on Companies House, or news about an individual which has featured in the media) in order to create a more detailed profile about a particular individual.
We collect information on preferences and interests (e.g. which courses or events you have attended) so that we know what material you are mostly likely to be interested in.
We may aggregate and anonymise personal data so that it can no longer be linked to any particular person. This information can be used for a variety of purposes, such as recruiting new customers, or to identify trends or patterns within our existing customers. This information helps inform our actions and improve our campaigns, products/services and materials.
8. YOUNG PEOPLE
Photographs, pictures, stories and competitions in our newsletters and website
The PBP programme is specifically designed for young people.
If your child has been involved with one of our events or programmes we may use their image (via photo or video) and/or quotes on our website and/or newsletters.
Parental permission: If your child is under 18 then we, or your child’s school, will have asked permission from you before doing the above.
Information for parents
We take great care to protect and respect the rights of individuals in relation to their personal data, especially in the case of children. If your child is under 18, we’ll only use his or her personal data with your consent.
We won’t knowingly send marketing emails, letters, calls or messages to under 16 year-olds.
Over 16s are treated the same as adults and can choose to opt-in to our marketing communications.
9. HOW WE PROTECT DATA
We employ a variety of physical and technical measures to keep your data safe and to prevent unauthorised access to, or use or disclosure of your personal information.
Electronic data and databases are stored on secure computer systems and we control who has access to information (using both physical and electronic means). We have a data protection policy which personnel are required to follow when handling personal data.
All on-line payments are made through PayPal and use their Secure Sockets Layer (SSL) protocol to encrypt the data between your browser and their servers.
PBP complies with the payment card industry data security standard (PCI-DSS) published by the PCI Security Standards Council, and will never store card details.
Of course, we cannot guarantee the security of your home computer or the internet, and any online communications (e.g. information provided by email or our website) are at the user’s own risk.
Some of the venues that we use for our events have CCTV and you may be recorded when you visit them. CCTV is there to help provide security and to protect both you and PBP.
Where we store information
PBP’s operations are based in the UK and we store our data within the European Union. Some organisations which provide services to us (for example Google Drive and Mail Chimp) may transfer personal data outside of the EEA, but we’ll only allow them to do if your data is adequately protected.
For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we’ll allow this as we are certain personal data will still be adequately protected (as Microsoft is certified under the USA’s Privacy Shield scheme).
How long we store information
We will only use and store information for so long as it is required for the purposes it was collected for. How long information will be stored for depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing emails, we will stop storing your emails for marketing purposes (though we’ll keep a record of your preference not to be emailed). On the other hand, sensitive personal information gathered as part of safeguarding under 16s on our work awareness programmes (as described in Section 3) is destroyed immediately after the programme finishes.
We continually review what information we hold and delete what is no longer required. We never store payment card information.
11. KEEPING YOU IN CONTROL
We want to ensure you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
- the right to confirmation as to whether or not we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as subject access request);
- the right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason);
- the right to have inaccurate data rectified;
- the right to object to your data being used for marketing or profiling; and
- where technically feasible, you have the right to personal data you have provided to us which we process automatically on the basis of your consent or the performance of a contract. This information will be provided in a common electronic format.
Please keep in mind that there are exceptions to the rights above and, though we will always try to respond to your satisfaction, there may be situations where we are unable to do so.
If you would like further information on your rights or wish to exercise them, please write to our Data Protection Officer at PBP, Town Hall, Market Street, Cockermouth, CA13 9NP or email [email protected].
You can complain to PBP directly by contacting our data protection officer using the details set out above.
If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to the UK Information Commissioner’s Office which regulates and enforces data protection law in the UK. Details of how to do this can be found at www.ico.org.uk.
12. COOKIES AND LINKS TO OTHER SITES
Links to other sites
Our website contains hyperlinks to many other websites. We are not responsible for the content or functionality of any of those external websites (but please let us know if a link is not working by using the ‘Contact us’ link at the bottom of the page).
When purchasing goods or services from any of the businesses that our site links to, you will be entering into a contract with them (agreeing to their terms and conditions) and not with PBP.