Slider 18

Privacy

Privacy Information

Introduction

This statement sets out how the NAACE ("we" or "us") uses and protects personal information that you provide when you use this Site, in compliance with European Union ("EU") and UK data protection requirements.

We are established and based in the UK. As such, we comply with EU and UK data protection law. If you are resident outside the EU then we cannot confirm that our collection and treatment of personal data is compliant with your local data protection/privacy laws. If you do not agree to your data being dealt with in the manner described in this statement then please do not submit your personal details. However, please note that where you do not submit personal details that we request your access to the services/materials offered by this Site will be restricted.

We may change this statement from time to time by updating this page. You should review this statement regularly and your continued use of this Site after changes have been made will be taken to indicate your acceptance of the updated statement. For your protection we are registered under the Data Protection Act 1998 (the "Act") and have provided appropriate notifications to the Information Commissioner and we are GDPR compliant.

Important information and who we are

This privacy notice aims to give you information on how NAACE collects and processes your personal data through your use of the NAACE and associated websites, including any data you may provide when you use our website and apps, purchase products or services from us, contact us over the phone, by email or via live chat, sign up to any of our mailing lists or take part in a competition.

For all of our services, the data controller – the company that is responsible for personal data – is NAACE. We have appointed a data protection officer (DPO) who is responsible for overseeing questions in relation to this privacy notice. You can contact our DPO by emailing DPO@naace.co.uk.

It is important that you read this privacy notice together with any other privacy notice or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy notice supplements the other notices and is not intended to override them.

Controller

For all of our services, the data controller – "the company that is responsible for personal data"– is NAACE.

Links to third parties.

As outlined in the terms and conditions of use, we may link to other websites which are not within our control. Once you have left the Site we cannot be responsible for the protection and privacy of any information which you provide. You should exercise caution and look at the privacy statement applicable to the website in question.

The personal data we collect about you

When you register to become a NAACE member we will grant access to this Site. As part of the registration process you will be required to provide us with personal information:

  • your name and contact information, including e-mail address.
  • information regarding your personal or professional interests, demographics, experiences with our products and services and contact preferences.

How we collect your personal data

We collect personal data about you in a number of ways:

  • when you sign up as a member of NAACE
  • when you attend a NAACE course
  • when you contribute to a forum

How we use your personal data

We will use the personal information you provide for the following reasons:

  • membership record keeping,
  • to improve our products and services to users,
  • to contact you for research purposes including market research,
  • to analyse patterns and trends of use and the uptake of educational courses and facilities.

We will not sell your data to third parties.

We do, however share your personal data with certain companies who play an essential part in enabling us to provide our products and services to you, such as payment providers, IT and system administration providers and others who help us run our charity. You can be rest assured however that we require all third parties to respect the security of your personal data and to treat it in accordance with the law and we do not allow our third-party service providers to use your personal data for their own purposes.

We will not transfer, disclose, sell, distribute or lease your personal information to third parties unless we have your permission or are required to do so by law.

Keeping your personal data secure

We’re committed to keeping your personal data secure and have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

How Long will we keep your personal data for?

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances, you can ask us to delete your data: see the section detailing your legal rights below for further information.

In some circumstances, we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further notice to you.

Your legal rights

You have lots of legal rights relating to your personal data. You can get more information on each of the rights we’ve summarised below by taking a look at the glossary in the bottom section of this privacy notice:

  • The right to request access to your personal data.
  • The right to request correction of your personal data.
  • The right to request erasure of your personal data.
  • The right to object to processing of your personal data or to withdraw consent. Remember, you can always stop direct marketing messages via the preference centre in your account, by clicking on an unsubscribe link in any of our emails or getting in touch via email.
  • The right to request restriction of processing your personal data.
  • The right to request a transfer of your personal data to another service provider. If you wish to exercise any of the rights set out above or if you have any questions or a complaint, please contact us.

How to get copies of the information we have collected?

You may request details of personal information which we hold about you under the Act. A small fee will be payable. If you would like a copy of the information held on you please write to our Data Protection Officer at NAACE, PO Box 1833, Southampton SO15 9HP or email dpo@naace.co.uk.

If you think that any information we have about you is incorrect or incomplete please write or e-mail us as soon as possible at membership@naace.co.uk. We will correct or update any information as soon as possible.

No fee usually required

You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.