Privacy Notice
Our contact details
Address: C/o 203 - 205 Charminster Road, Bournemouth, Dorset, England, CLB VO29
Introduction
This Privacy Notice provides information about how the UK Black Privacy Professionals Network (BPPN) as a Data Controller will process personal data where the data subjects include current, past, and prospective individual members, partnership organisations, sponsors, suppliers, customers, professionals, or corporate business clients.
Anyone who works for or alongside us, or acts on behalf of, the BPPN – including members, partnership organisations, staff, suppliers, contractors, third-party service providers, and data processors - should also be aware of and comply with our commitment to data protection.
The type of Personal Data we collect
The BPPN may process a range of personal data about Individuals by providing membership services, partnership arrangements, consultancy, training, data protection, PrivSec professional support services and delivery of public speaking
engagements. We will process personal data when we procure services and when we employ staff.
We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:
-
Identity Data which includes your first name and last name.
-
Contact Data means the data we use to contact you including your billing address, email address, mobile number, other contact details, and unique identifiers.
-
Payment Data means bank details and other financial information.
-
Your communication preferences.
-
Images of members, representatives from partnership organisations (and possibly other individuals) engaging in BPPN activities and events.
-
Technical Data means details about the device(s) you use to access our website including your internet protocol (IP) / MAC address, browser type, and version, location, browser plug-in types, and versions, operating system and platform, and other technology on the devices you use to access this website.
-
Usage Data includes information about how you use our website, products, and services.
-
Profile Data includes your username (email address), the services you have requested or purchased, your interests, preferences, feedback, and survey responses.
The BPPN does receive personal data from the individual directly. However, in some cases, personal data may be supplied by third parties - for example, another organisation may collect personal data from individuals and send this information to the BPPN for business or employment reasons or for membership or service provision.
The BPPN may need to process “special categories of data” (GDPR) regarding individuals - e.g. in relation to our members, employees, volunteers, trustees or partners. Special categories of data are entitled to special protection so will only be processed with the explicit consent of the individual or as otherwise permitted by the Act, GDPR, or applicable legislation.
We also collect, use and share aggregated and/or anonymised data (“Aggregated Data”) such as statistical or demographic data for analytical purposes. Aggregated Data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity.
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you for one of the following reasons:
-
Direct interactions: by using our website, filling in forms, or by corresponding with us through social media, by post, phone, email, in person, or otherwise.
-
Automated technologies or interactions: as you interact with us, we may automatically collect usage data and technical data about your equipment, browsing actions, and patterns. Please see our Cookies Policy for further details.
We use the information that you have given us to:
-
Provide you with services and access to our events
-
To support our partnership arrangements with your organisation
-
To provide you with information, advice, and downloads
-
To provide you with employment or volunteering opportunities - including trusteeships, directorships or other executive/non-executive positions
-
To procure services from you
Under the UK Data Protection Act 2018, the General Data Protection Regulation (GDPR) and applicable legislation, the lawful bases we rely on for processing this information are:
-
(a) We have a contractual obligation - processing is necessary to meet contractual obligations entered by the individual or the corporate business client
-
(b) We have a legal obligation - processing is necessary to comply with the BPPN's legal obligations
-
(c) We have a legitimate interest - purposes of the legitimate business interests pursued by the BPPN - in line with its stated core purpose and function
-
(d) We need your consent – for example, in relation to the use of non-essential cookies
Use of Personal Data
The BPPN will use - and where appropriate share with third parties - personal data about individuals for several purposes as part of its normal operation and business activities, including as follows:
-
To provide membership, training, consultancy, and professional Data Protection Officer (DPO) support services
-
To respond to your requests for information, advice, or downloads
-
To manage our working relationship with our partnership organisations
-
To manage our working relationship with our volunteers, trustees, directors and executives
-
To give and receive information and references about past and current employees, volunteers, trustees, directors and executives
-
To enable the BPPN to fully comply with legislation and key requirements regarding recruitment, selection and employment, and other operational activities
-
Where otherwise required by national policy requirements and statutory legislation
-
To safeguard the welfare of members, employees and other individuals
-
To monitor - as appropriate - use of the BPPN's Data Protection and Acceptable Use policies
-
To make use of photographic images and recordings of members, representatives from partner organisations, staff and possibly other individuals in publications on the BPPN website and – where appropriate - on the BPPN's social media channels
-
For security purposes, to prevent or detect crime and for regulatory and legal purposes - for example, anti-money laundering, fraud, or gross misconduct
-
Where otherwise reasonably necessary for the BPPN's purpose, including obtaining appropriate professional advice and insurance for the BPPN
Recipients of the Personal Data
The nature of the way the BPPN provides membership services, training, consultancy, public speaking engagements and support services means that we may share limited personal data with the following:
-
Training venues, training organisations, and conference providers
-
External partnership organisations
-
Accreditors and regulators
-
Accountants and payroll providers
-
HR or employment-related service providers
Limited personal data is shared in accordance with our legal basis for processing as mentioned above.
International Transfers
Some data processors and third parties that we use are based outside the United Kingdom, so their processing of your personal data will involve a transfer of data outside the United Kingdom.
The Transfer of Data Within the UK, the European Union (EU), and the European Economic Area (EEA)
The BPPN may transfer data to recipients within the EU and the EEA. These data transfers are subject to the GDPR, the DPA, and other applicable data protection regulations.
All EU Member States and the Member States of the EEA apply the provisions of the GDPR. These countries thereby respect the principles of protection of personal data and privacy as laid out in the DPA and GDPR.
The Transfer of Data Outside the UK, the EU, and the EEA
The BPPN will only transfer data outside the UK, EU, and the EEA if an adequate level of protection is ensured in the country of the recipient.
Whenever we transfer your personal data out of the United Kingdom, we ensure a similar degree of protection is afforded to it.
How we store your personal information
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered, or disclosed. The BPPN will endeavour to ensure that all personal data held is as up-to-date and accurate as possible.
The BPPN will take appropriate and organisational steps to ensure the security of personal data. Where appropriate, data security measures will include:
-
The pseudonymisation and encryption of personal data
-
The ability to ensure the ongoing confidentiality, integrity, availability, and resilience of processing systems and services
-
The ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for.
Your Data Protection Rights
Under certain circumstances, you have rights under data protection laws in relation to your personal data:
Your right of access - You have the right to ask us for copies of your personal information. Individuals have the right to obtain:
-
Confirmation that their data is being processed
-
Access to their personal data
We will respond to such requests within one month. This may be extended where the request for rectification is complex.
Your right to rectification - You have the right to ask us to rectify personal information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete.
Individuals are entitled to have personal data rectified if it is inaccurate or incomplete. The BPPN will respond to such requests within one month. This may be extended where the request for rectification is complex.
Your right to erasure (Right To Be Forgotten) - You have the right to ask us to erase your personal information in certain circumstances. An individual can request the deletion or removal of personal data where there is no compelling reason for its continued processing. There are some specific circumstances where the right to erasure does not apply, so the BPPN may not be able to deal with all such requests.
Your right to restriction of processing - You have the right to ask us to restrict the processing of your personal information in certain circumstances.
Individuals have the right to block, suppress or restrict the processing of personal data in the following circumstances:
-
Where an individual contests the accuracy of the personal data
-
Where an individual has objected to the processing but the BPPN may consider whether its legitimate grounds override those of the individual
-
When processing is unlawful and the individual opposes erasure and requests restriction instead
-
If the BPPN no longer needs the personal data but the individual requires the data to establish, exercise, or defend a legal claim
Your right to object to processing - You have the right to object to the processing of your personal information in certain circumstances.
Individuals have the right to object to profiling, direct marketing, and processing for the purposes of scientific/historical research and statistics.
Your right to data portability - You have the right to ask that we transfer the personal information you gave us to another organisation, or to you, in certain circumstances.
Under GDPR, exercising this right allows individuals to obtain and reuse their personal data for their own purposes across different services. The BPPN individuals’ right to move, copy or transfer personal data easily from one provider to another in a safe and secure way, without hindrance to usability.
The right to withdraw consent – The BPPN will support individuals’ rights to withdraw consent at any time, where relevant. We will ensure that withdrawing consent is as easy as possible.
The right to lodge a complaint – Individuals have the right to lodge a complaint with a Supervisory Authority.
The BPPN does not use Artificial Intelligence (AI) to carry out automated decision-making, including customer profiling. If this position changes in the future, we will update our Privacy Notice and we will inform individuals.
You are not required to pay any charge for exercising your rights. If you make a request, we typically have one month to respond to you.
Please contact us at hello@blackprivacyprofessionals.com if you wish to exercise your rights.
Children
The Site is intended for adults and is not intended for use by children under 13 years of age. We do not knowingly collect information from or about children or sell products to children under the age of 13.
Queries and Complaints
Any comments or queries on this Privacy Notice should be directed to the Data Protection Officer by emailing hello@blackprivacyprofessionals.com.
If an individual believes that the BPPN has not complied with this Privacy Notice or acted otherwise than in accordance with the Act, GDPR or applicable legislation, they should notify the Data Protection Officer.
You can also complain to the Information Commissioner’s Office (the ICO) if you are unhappy with how we have used your data. The contact details are as follows:
Address:-
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Helpline number:
0303 123 1113
Website: https://www.ico.org.uk
Cookies
Cookies collect information about how visitors use our site, which is then used to help improve the site. The information collected includes the number of site visitors, where visitors come to the site from and the pages they visited.
You can choose to refuse cookies or tell your browser to let you know each time that a website tries to set a cookie. However, refusing cookies may mean some sections of the site will not work properly.
For more information about cookies (including how to turn them off), please visit www.allaboutcookies.org.
Periodic Updates to this Privacy Notice
We keep our privacy notice under regular review to make sure it is up to date and accurate.
Policy Produced: August 2024
Policy Review: February 2026