The Company of Public Relations Practitioners (“the Company”) is a membership organisation based in the City of London which supports fellowship, charitable giving and educational activities. The Court of the Company is the data controller, which means that the Court decides how your personal data is processed and for what purposes. The Company has taken the appropriate and necessary steps in order to protect the privacy of your data as members of the Company. We will only use the information that we collect about you lawfully and in accordance with the Data Protection Act 1998 and (from 25th May 2018) the General Data Protection Regulation. Members’ and employees’ data will only be held and processed for the purposes of managing and documenting their relationship with the Company. We will not share your information for marketing purposes with any other organisation, except where you have given express consent to the contrary.
We collect personal information when you apply to become a Freeman of the Company and when you apply to take part in events organised by the Company or make donations into the Company’s Charitable Trust. This information includes your name, address (personal or business or both), email, telephone number(s), employer and professional status. Applicants for Membership as a Freeman may be required to disclose sensitive personal data relating to any criminal convictions or disciplinary proceedings which have been made or are pending.
How will we use the information about you?
The Company will keep your personal data up to date (subject to you notifying the Company of any changes to the data we hold about you); will store and destroy your personal data securely; will not collect or retain excessive amounts of data; has appropriate and necessary measures to protect your personal data from loss, misuse, unauthorised access and unauthorised disclosure.
We use your personal data for the following purposes:
- To administer membership records
- To fundraise for the Charitable Trust
- To manage our employees
- To maintain our accounts
- To inform members of news, events and activities taking place which may be of interest to our members
- To process gift aid applications
- To ensure that you receive a service (e.g. an appropriate meal at Company events) which meets your particular requirements.
If you apply for roles or appointments within the Company, other than as a Freeman, we may request further information and retain additional records, such as interview notes. In addition, minutes of meetings and records of decisions may include your name and other information about you.
How long will we keep the information we hold on you?
We will not keep data for longer than absolutely necessary. We have a statutory duty to retain financial information and accounting documentation for seven years. If you consent to us holding personal information we will hold this while you are a member or employee of the Company and your name and details about appointments within the Company may be retained indefinitely to support our historical records.
Communications from the Company and marketing of Company events
You may choose how you wish to receive communications from us (by email, post or telephone). However, there are some communications that we are required to send to you. These include membership-related mailings such as quarterage reminders, and any formal notices. In addition, we would like to send you information about events and activities we are running and events and activities being run by the City of London Corporation, which may be of interest to you. You may also opt to receive information from us about events and activities being run by other organisations in the City of London (e.g. other Livery Companies). If you have consented to such marketing, you may change your mind at any point. If you no longer wish to be contacted for marketing purposes please contact us by email: firstname.lastname@example.org
General information about website use
When you visit our website at http://www.prcompany.org/ we collect certain information about your use of the site. Like many organisations, we use a third-party service, Google Analytics, to collect standard internet log information and details of visitor behaviour patterns. This informs us about matters such as the numbers of visitors to the various parts of the site but does not provide details by which any person can be identified. It is possible to opt out of being tracked by Google Analytics across all websites. For further information, see http://tools.google.com/dlpage/gaoptout. We also use a third-party service, WordPress.com, to publish our blog, available at http://www.prcompany.org/blog/ . We use a standard WordPress service to collect anonymous information about users’ activity on the site, including, for example the number of users viewing pages on the site. WordPress is provided by Automattic Inc. For more information about how WordPress processes data, please see Automattic’s privacy notice at https://automattic.com/privacy/. If we do wish to collect personal information through our website, we will make this clear when we collect it and will explain what we intend to do with it. We do not buy or rent information about you from third parties. All the information we have about you has been provided by you (or is publicly available, for example your postal address if you have not provided that to us directly and we need to check it in order to get in touch with you by post). We only use your personal data for the reasons described above. We do not carry out any profiling of your personal information, nor is your data used in relation to any automated decision-making.
Who your information might be shared with
We will not share your personal information with third party organisations for marketing purposes, but may outsource particular functions (for example, payment processing, administration for events, subscriptions and renewals). In such cases we will only use reputable organisations and have contracts, processes and arrangements in place to ensure the safe and confidential processing of personal information at all times. We use a third-party payment provider (PayPal) to process payments and therefore do not collect or process any payment information. We also use a communications company, Mail Chimp, to process email communications to you. Mail Chimp commits to employ reasonable technical, administrative and physical safeguards to protect the confidentiality and security of your personal information, using industry recognized technical safeguards, such as firewalls, and adopting and implementing security procedures to protect your information from loss, misuse or unauthorized alteration. We may also disclose personal information where required or otherwise permitted by law.
Recruitment and employment
In order to comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, including ‘sensitive’ personal data, from job applicants, consultants and employees. Such data can include, but isn’t limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it’s processed is given below.
Contractual responsibilities: Our contractual responsibilities include those arising from the contract of consultancy or employment (“the contract”). The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.
Statutory responsibilities: Our statutory responsibilities are those imposed on the organisation by law. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring.
Management responsibilities: Our management responsibilities are those necessary for the organisational functioning of the organisation. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number.
Disclosure of personal data to other bodies: In order to carry out our contractual and management responsibilities, we may, from time to time, need to share your personal data with one or more third party supplies. While your name and personal details will primarily be used internally within the Company, participation in some events organised by the Company may require us to provide your name and other details (e.g. dietary requirements) to venues and caterers. To meet the requirements of the contract, we are required to transfer personal data to third parties, for example, to pension providers and HM Revenue & Customs. In order to fulfil our statutory responsibilities, we may be required to provide personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.
Access to your information
You have the right to request a copy of the information that we hold about you. If you would like a copy of some or all of your personal information please contact us by email: email@example.com. We want to make sure that your personal information is accurate and up to date. You may ask us to correct or remove information you think is inaccurate.
How to contact us
By email: firstname.lastname@example.org
By post: 4 College Hill, London, EC4R 2RB
*Sensitive personal data: The Act defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions. In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee. (a) We may process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to occupational health services, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent. (b) We may process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for the purpose of monitoring and upholding equal opportunities policies and related provisions. (c) Data about an employee’s criminal convictions will be held as necessary.