NADPO is the Data Controller (ICO registration number ZA277974) for personal data about members, event attendees, volunteers and newsletter subscribers.
We do not trade personal data for commercial purposes and will only disclose it if required by law, necessary to arrange your event attendance, or with your consent.
NADPO uses only EEA-based providers to process member data. The executive committee uses Slack for internal communications, which is hosted in the US; and are self-certified as being compliant with Privacy Shield. We do not discuss members' data using Slack but we may occasionally mention current and prospective event speaker information.
To contact NADPO with a data protection query regarding the processing of your personal data, please use the Contact Us form.
Details of our processing
We reckon that all of these purposes are justified on the basis of our legitimate interests in running and promoting the organisation; except for sending email marketing to non-members which we carry out on the basis of consent. If you want to read our reasoning on this, you're welcome to read more here.
We process members' personal data for the following purposes:
- Administration of membership (annual fees, committee elections, online account management).
- Your name, contact details, professional information (optional) and payment information.
- Sending our email newsletter (offers and opportunities from NADPO and on behalf of associated organisations)
- When you join NADPO, you will be automatically subscribed to the email newsletter, as this will contain marketing material related to your paid membership - we think this fits into the criteria for applying the soft-opt-in under PECR)
When your NADPO membership ends, we will keep your membership data (including your online account data) for 1 year afterwards, in case you have any follow-up enquiries or want to re-activate your membership during that time.
We need to keep the details of financial transactions for 6 years after that financial year, in the event of a tax or banking enquiry.
When you attend a NADPO event, we will need your name, contact details and if you are not already a member; your payment information.
We will use this information solely for the purpose of administering the event, including issuing your attendance certificate; if you have requested one.
If you register for a NADPO event as a member of an affiliated organisation such as IRMS or DP Forum, we will share your registration information with them to verify your membership.
We delete event attendance data at the end of every year.
If you are a speaker at a NADPO event, we will publically promote your involvement via Twitter, LinkedIn and emails to our members. This data may continue to be processed by those platform providers after the event has ended.
We don't conduct any tracking, profiling or analytics on our website. Your IP address will be logged by our web server but unless you use the Contact Us form or log in to the Members' Area; this is unlikely to be "personal data".
We delete the Contact Us form data at the end of every year.
As an individual whose personal data is processed by NADPO, you have:
- the right to be informed - which is what this privacy notice is for
- the right to access the data we hold about you.
- the right to object to direct marketing - either use the 'unsubscribe' button on our emails or contact us directly
- the right to object to processing carried out on the basis of legitimate interests.
- the right to erasure (in some circumstances)
- the right of data portability
- the right to have your data rectified if its inaccurate
- the right to have your data restricted or blocked from processing
To exercise any of these rights, please use the Contact Us form to get in touch.