PRIVACY POLICY
Effective Date: 07/20201        

1. Introduction
The DP Index (referred to as “We, “Our” or “Us”), is committed to protecting the privacy and security of your personal information. We take care to protect the privacy of participants that communicate (online or offline) with us, at events, over the phone, via our website, helpdesk and social media platforms.

We have therefore developed this privacy policy to inform you of the data we collect, what we do with your information, what we do to keep it secure as well as the rights and choices you have over your personal information.

Throughout this document we refer to Data Protection Legislation which means the Data Protection Act 2018 which incorporates the General Data Protection Regulation (GDPR), the Privacy and Electronic Communications (EC Directive) Regulations 2003 and any legislation implemented in connection with the General Data Protection Regulation which is the governing legislation that regulates data protection across the European Economic Area (EEA). This includes any replacement legislation coming into effect from time to time.

This policy should be read together with our Cookie Policy.

The DP Index processes personal information as joint controllers with  GRC World Forums Ltd trading as Data Protection World Forum (DPWF) and The DPO Centre Ltd.

DPWF has operational responsibility for The DP index, and both parties are responsible for marketing activities related to the DP index. Both organisations are registered with the Information Commissioner’s Office (the ICO) and further details can be found in their relevant privacy policies.

DPWF

The DPO Centre

You can contact The DP Index either by phone, email or post.
- By phone 0345 319 4377
- By email: dataprotection@thedpindex.com
- By post: Data Protection World Forum, 9-11 Castle Street, Cardiff, CF10 1BS


2. The information we collect and when
We only collect personal information that we know we will genuinely use and in accordance with Data Protection Legislation. The type of personal information that we will collect about you or that you voluntarily provide to us on this website or from enquiry/contact forms, event/exhibition or other contact methods includes (but is not limited to):

- Your name;
- Telephone number(s);
- Email address;
- Your company;
- Job title;
- Survey responses;
- Cookies; and/orIP address

Any contact with you will be in your capacity as a privacy professional, even if you choose to provide personal contact details.

We may, in further dealings with you, extend this personal information to include your address, subscriptions and records of conversations (such as email chains or chats).

You are under no statutory or contractual requirement or obligation to provide us with your personal information; however, we require at least the information above in order for us to deal with your application and ongoing contribution as part of your DP Index membership in an efficient and effective manner.

The legal basis for processing your data is based on your specific consent or our legitimate interest that we will have requested/stated at the point the information was initially provided, therefore we will not store, process or transfer your data unless we have an appropriate lawful reason to do so.

3. How we use your information

Processing Activity

To contact you, following your enquiry/application or to reply to any questions.

Customer Service enquiries; reply to suggestions, issues or complaints you have contacted us about.

For statistical analysis and to get feedback from you about your membership.

To power our security measures and services so you can safely access our website.

Contacting you (B2B) about services from us (joint controllers)

Contacting you about relevant industry specific news stories, articles or blogs.

Marketing/analytics from our website using cookies.
Lawful Basis

Legitimate Interest

Legitimate Interest


Legitimate interest

Legitimate interest

Legitimate interest

Legitimate interest

Consent
Please note that the legitimate interest pursued by us is contained in the description of the processing activity provided in the above table.
4. Who we might share your information with
We may share your personal data with other organisations in the following circumstances:

- If the law or a public authority says we must share the personal data;
- If we need to share personal data in order to establish, exercise or defend our legal rights (this includes providing personal data to others for the purposes of preventing fraud and reducing credit risk);
- From time to time, we will employ the services of other parties for dealing with certain processes necessary for the operation of the Website. However, all the information we share will be collected and anonymised, so neither you nor any of your devices can be identified from it; or
- For the purpose of their promotional activities we will not share your information with any third parties for the purposes of direct marketing.

We use data processors who are third parties who provide elements of services for us. We have Data Processor Agreements in place with our data processors. This means that they cannot do anything with your personal information unless we have instructed them to do it. They will not share your personal information with any organisation apart from us or further sub-processors who must comply with our Data Processor Agreement. They will hold your personal data securely and retain it for the period we instruct.

We do not ourselves transfer your personal data outside of the EU/EEA.  However, certain of our data processors may do so and where this occurs, such transfer will only be to the USA when a lawful transfer mechanism is in place.

If you require further information on the identity of such data processors, please get in touch with your request using the contact details provided in Section 12.
Type

Email/Cloud Storage:
- Microsoft
- Google

Client Management System:
- Fusion-Insight (Surveygizmo)

Customer feedback

Email Marketing Tool:
- Pardot

Website Hosting
- Webflow
Industry

IT



Operations


Operations

Marketing


Marketing
Location

International



International


International

International


International


5. How we keep you updated on our products and services
We will send you relevant news about The DP Index membership in a number of ways including by email, but only if we have a legitimate interest to do so and we have completed a legitimate interest assessment for the processing activity.

Newsletters and marketing communications might be sent from the www.thedpindex.com domain or from either controller’s domain e.g. www.dataprotectionworldforum.com or www.dpocentre.com that provides an informative newsletter to business contacts.

Each email communication will have an option to object to the processing, if you wish to amend your marketing preferences, you can do so by following the link in the email and updating your preferences.

6. Your rights over your information
Your rights include the following:
- The right at any time to withdraw your consent to the processing of your personal data for marketing purposes.
- The right to be informed of what personal data we hold, how we obtained it, who we may have shared it with and why and how long we intend to keep it.
- The right to have your personal data rectified in the event that it is inaccurate or incomplete.
- The right to request the erasure of your personal data (also called the right to be forgotten), subject to our retention policy.
- The right to restrict the processing of your personal data.
- The right to object to the processing of your personal data, in particular when that processing is based on our legitimate interests*.
- The right to data portability (i.e. transfer of your personal data at your request to another organisation).
- The right to be informed of any automated profiling (We currently do not process your personal data in this manner).

Your rights above can be exercised free of charge by contacting us by our details below in section 12.

In all cases, we will need to satisfy ourselves of your identity before we can action a data subject rights request.*

Please note that we are only obligated to cease processing if we cannot demonstrate compelling legitimate grounds for the processing.

For more information about your privacy rights
If you feel that any of your rights have been infringed, you have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk).

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you would consider raising any issue or complaint you have with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

7. How long we keep your information for
We retain a record of your personal information in order to provide you with a high quality and consistent service. We will always retain your personal information in accordance with Data Protection Legislation and never retain your information for longer than is necessary.

Unless otherwise required by law, your data will be stored for a period of 2 years after our last contact with you or some other identifiable action, at which point it will be deleted or anonymised for statistical purposes, for example we may retain salary information such as “7% of DPOs in London earn above £30,000”.

8. Giving your reviews and sharing your thoughts
When using our website, you may be able to share information through social networks like Facebook and Twitter. For example, when you ‘like’, ‘share’ or review our services. When doing this, your personal information may be visible to the providers of those social networks and/or their other users. Please remember it is your responsibility to set appropriate privacy settings on your social network accounts, so you are comfortable with how your information is used and shared on them.

9. Security
Data security is of great importance to us and to protect your data we have put in place suitable physical, electronic and managerial procedures to safeguard and secure your collected data.

We take security measures to protect your information including:
1. Implementing access controls to our information technology; and
2. We use appropriate procedures and technical security measures (including strict encryption, anonymisation and archiving techniques) to safeguard your information across all our computer systems, website and offices.

10. What happens if our business changes hands?
We may, from time to time, expand or reduce the scope of The DP Index and this may involve the sale and/or the transfer of control of all or part of our business or incorporating additional parties to the provision of the DP Index. Any personal data that you have provided will, where it is relevant to any part of our business that is being transferred, be transferred along with that part and the new owner, newly controlling or additional party will, under the terms of this Privacy Policy, be permitted to use that data only for the purposes for which it was originally collected by us.

11. Changes to Our Privacy Policy
We may change this Privacy Policy from time to time (for example, if the law changes). We recommend that you check this policy regularly to keep up-to-date.

12. How to contact us
If you would like to exercise one of your rights as set out above, or you have a question or a complaint about this policy, or the way your personal information is processed, please contact us by one of the following means:·      
- By phone: 0345 319 4377
- By email: dataprotection@thedpindex.com
- By post: Data Protection World Forum, 9-11 Castle Street, Cardiff, CF10 1BS

Thank you for taking the time to read our Privacy Policy.

The DP Index Team

This Policy was last updated on 17/07/2020