We may update this policy from time to time - you should check this page periodically to ensure that you are happy with any changes. This policy is effective from 1st August 2020.
- WHEN DO WE COLLECT YOUR PERSONAL DATA?
We collect your personal data in several ways, including when you:
- sign up for a newsletter or other similar communications
- join CMPP as a member
- attend any of our networking, volunteering, or fundraising events
- visit or interact with our website.
- contact us with enquiries
- WHAT PERSONAL DATA DO WE COLLECT?
The categories of personal information that we may collect from you includes:
- organisational address
- job title
- email address
- telephone number
- payment information (members only)
- areas of operation (members only)
- submitted member profile (members only)
- IP address
- Photos (e.g. from events, unless you have specifically told us not to photograph you)
CMPP will only collect your personal information that you have voluntarily chosen to provide to us, and we will only collect personal information that we need.
- HOW DO WE USE THE PERSONAL INFORMATION WE COLLECT?
CMPP uses the following legal basis for the processing of your personal information:
- To ensure that we communicate, develop, and support the development of meaningful business relationships with our members.
Consent of the Data Subject
- To communicate details of our events and activities with non-members, including by email or newsletter, or by inviting your participation in surveys.
- To provide management and administration of our IT services and network, which include the accuracy of the CMPP website.
- To develop and enhance the services provided by CMPP, ensuring that they are relevant and supporting the objectives of CMPP as a charity.
- To respond to inbound communications received via the CMPP website, by email, or by social media interactions.
- To undertake marketing communications about CMPP activities (you have the right to opt out of marketing communications at any time).
- To send you any communications that we may be required to issue to comply with legal requirements – e.g. messages relating to pandemic/health management.
- HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?
Your data is retained by CMPP for as long as is necessary for the purpose that it was collected for, as recorded within our data retention schedule. If you are a member, you will continue to receive information from us for the duration of your membership. If you are a non-member but have signed up to receive communications from us, then you will continue to receive them until you tell us to stop by unsubscribing. If you unsubscribe from marketing communications, we will retain your details on a specific list to ensure that you are not contacted by us again unless you request us to do so.
We are obliged to keep certain data to fulfil certain legal obligations and matters of record keeping e.g. financial records which we are required to keep for 6 years. Any data that is retained is minimised to ensure that we are only keeping only that which is required. We will securely delete all personal data when it is no longer required to be retained.
- SHARING YOUR PERSONAL DATA
We may share your personal data with carefully monitored third-party organisations where we have your permission to do so, and we will tell you who these third parties are if we are sharing your personal data with them. These may include, for example, event partners or accountancy firms who are working with CMPP to deliver our services. We will only ever provide the minimum personal data they need to complete the task, and issue specific instructions about how it is to be received, processed, stored, and returned to CMPP once the activity is over.
As a responsible Data Controller, CMPP undertake due diligence on any third-party organisation who is engaged to act as a Data Processor for any reason. We obtain and review relevant company documents, certifications, references and operating processes to ensure that the data processor is adequate, appropriate and effective for the tasks we are seeking to employ them for, and that they can demonstrate how they will maintain the security of all personal data which they process on our behalf.
- YOUR RIGHTS
The UK Data Protection Act 2018 provides Data Subjects with a set of rights in respect of their personal data. You have the right to:
- Request access to your personal data we hold about you, without charge. If you want to access your personal data, please send us details of the personal data you want to see to our Data Protection Manager (as per Section 13 below). Please note that we will require proof of your identity before we can progress any request.
- Correction of your personal data if it is found to be out of date, incorrect or incomplete.
- Erasure of your personal data from CMPP records in certain circumstances. We will let you know the reasons why personal data cannot be deleted, if applicable.
- Restrict or object to the processing of your personal data in certain circumstances – for example for the purposes of direct marketing.
- Request portability of your data if you would like to take it elsewhere.
- Withdraw your consent, where consent is the legal basis for processing it.
If you feel that your personal data is not being managed or processed in an appropriate, or that CMPP is not addressing your data subject rights, you can raise a concern with the Information Commissioner’s Office by telephone (0303 123 1113) or by sending a message via their website (www.ico.org.uk).
A cookie is a small file that is downloaded to your computer when you visit a website. Cookies are used by many websites and can do a number of things, e.g. remembering your preferences, recording what you have put in your shopping basket, analysing traffic to our website, helping ensure the security of our website, to allow you to log in to the site and to gain consent where appropriate.
Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences. Overall cookies help us provide you with a better website service, by enabling us to monitor which pages you find useful and which you do not. A cookie does not give us access to your computer or any information about you, other than the data which you have chosen to share with us.
You can choose to accept or decline cookies within your own web browser. Most browsers can automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the website.
We are committed to ensuring that your personal information is always maintained safely and securely. We have implemented appropriate physical, electronic, and managerial procedures to safeguard personal data.
- LINKS TO OTHER WEBSITES
The CMPP website may contain links to external websites which may be of interest to you. However, once you have used these links to leave our site, you should note that we do not have any control over that other website, not do we accept any liability for issues which may arise once you have left the CMPP website.
Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this Privacy Notice. You should exercise caution and look at the Privacy Notice and any displayed security warnings applicable to the website in question.
- SOCIAL MEDIA SITES
When your child takes part in one of our events, we will ask you to provide their name and the email address of a parent or the responsible person. We do not store the data belonging to children for longer than is necessary to administer the event. We delete the data of the child as soon as possible after the event, once any requirements for us to retain it have expired.
- HOW TO CONTACT US
If you have any questions about how CMPP collects, processes, or stores your personal data, please contact our Data Protection Manager by email (firstname.lastname@example.org) or by post to:
The Data Protection Manager