This POLICY and the GDPR
GDPR stands for the General Data Protection Regulation, a European privacy law approved by the European Commission in 2016, but became officially enforceable on 25th May 2018.
The objective of the GDPR is to strengthen, harmonise, and modernise EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right. The GDPR regulates, among other things, how individuals and organisations may obtain, use, store, and eliminate personal data. It applies to any organisation processing personal data of EU citizens.
Personal data now includes not only data that is commonly considered to be personal in nature (e.g. names, physical addresses, email addresses), but also data such as IP addresses, behavioral data, location data, financial information, and more.
For Newsletter & Update Information – Personal information (name, email, company and job title) so that we can keep you informed of insights, new reports and future events
- All Leads: Name, email, contact details, company, role
- SRI: Name, email, contact details, company, role
- SE: Name, email, contact details, company and role
- OSPAs: Name, email, contact details, company and role
- TECAs: Name, email, contact details, company and role
We use individual information data to:
- Enable the development of a comprehensive picture of those interested in security to assist with greater knowledge and awareness of the industry
- Processing of events, forms and payments
- Sharing data with the employee team to provide information about events, activities, membership renewals or invitation to events
- Keep individuals informed of business newsletter & updates promoting business activity
- Publishing of events, certification, reports, insights and event winners
- General communications to main database on industry issues
We process this information, respectively, under:
- The consent implied through provision of name and email to be kept informed of updates, news and events; individuals have been given the option to ‘opt-out’
- The Secured Environments contract, individuals and their respective business/organisation have entered into with PRCI or in relation to the steps taken to enter into that contract.
- The SRI contract that individuals and their respective business joined as a member in respect to the benefits of membership agreed.
- The research contract that individuals and their respective business accepted as part of their role in either commissioning or participating in research to be published with anonymised data.
Where information of a non-sensitive nature is processed and is therefore in PRCI’s legitimate interests i.e. membership of SRI, registered entrants (awards, events), registered for SE certification, commissioning and/ or purchasing of research. Where sensitive data is processed by means of consent, with appropriate safeguards and is in the legitimate interests of the business or is in your vital interests.
Whilst the majority of information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with data protection legislation, We will inform you whether you are required to provide certain business information or ‘award’ ie criteria information to us or if you have a choice in this.
If we rely on your consent for collecting your data, you have the right to withdraw your consent at any time. To do so please contact the Business Administrator via email at firstname.lastname@example.org
PRCI database/ Secured Environments/ SRI – we hold this information for as long as you are interested in being served updates, insights, and or news about the security industry and PRCI activities
We do not share any information with any third parties. But we do store the data on a GDPR compliant platform – Dropbox.
General mailing database – we do not share any information with any other party.
SRI – we share membership status on publicity material if agreed by the member
Secured Environments – businesses and organisations have the option to agree to publication and promotion of their certification award as part of the contract that they enter into when they seek certification.
Research reports – we do not share any personal data collected as part of the process of gathering information for publication of the reports
We do not share contact details or emergency contact details nor do we sell them to any third party.
We do not share information about members with anyone without consent unless the law and our policies allow us to do so.
We share SRI membership information and SE certification as part of business promotion only if the member has agreed or paid for us ( as part of sponsorship) to do so. We do not share contact details or emergency contact details.
You have rights as an individual that you can exercise in relation to the information we hold about you. These include the right to:
- Object to processing of personal data that is likely to cause, or is causing, damage or distress
- Prevent processing for the purpose of direct marketing
- Object to decisions being taken by automated means
- In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- Claim compensation for damages caused by a breach of the Data Protection regulations
You can read more about these rights at https://ico.org.uk/for-the-public/is-my-information-being-handled-correctly/.
Under data protection legislation, you have the right to request access to information about you that we hold. To make a request for your personal information, contact the Business Administrator at email@example.com
If you have a concern about the way we are collecting or using your personal data, we ask that you raise your concern with us in the first instance. Alternatively, you can lodge a complaint with the Information Commissioner’s Office at https://ico.org.uk/concerns/