This privacy notice explains how the PLSA collects and uses personal data in line with the General Data Protection Regulation (GDPR) and other UK data protection laws. This notice relates to individuals connected through an organisation’s membership of the PLSA, suppliers, individuals with an interest in pensions who attend or have attended events or training supplied by the PLSA, or individuals who have agreed to receive emails from us.
Personal data we process
The Pensions and Lifetime Savings Association is the data controller. For enquiries or requests regarding data please email: [email protected].
Personal data is information about an individual that allows someone to directly, or indirectly, identify a natural, living person. It does not include anonymised information. We may hold personal data because you, or an organisation you work for, or supply services to (such as a trusteeship), supplied it to us, or because it is publicly available.
The categories of personal data we collect include title, name, job title, work email address or in some cases personal email address, postal address and telephone number. We will also hold information about your attendance at events and training and related information such as food allergies and session preferences. Sometimes we will also collect additional personal data that you share with us in meetings or by email which we will record to inform services we offer to you and our work as a trade association.
We may also collect information from you as a result of our website cookies, which are text files placed on your computer to log information, track visitor behaviour and compile statistical reports and email tracking software, which means we can monitor our email marketing and member benefits. You can set your browser not to accept cookies but this might affect the performance of some website features. For more information you can read our cookies policies here.
You do not have an obligation to provide us with your personal data but we will not be able to supply you with information relating to our services if you do not do so and we will not be able to perform our contractual obligations to you as a paid-up member.
How we use your personal data
We process your personal data for the purposes of pursuing our business interests as a trade association.
- Operating our trade association day to day including responding to queries.
- Keeping you updated about the pensions and lifetime savings industries.
- Sending you information about the PLSA’s policy work, research, and business services relating to pensions and lifetime savings.
- Organising events and training on pensions and lifetime savings.
- Ensuring compliance with IT policies and information security.
- Collecting information on your preferences and your specific interests in policy and events subjects.
We process your personal data on the following legal basis:
Contract: If you are a member of the PLSA, you have a contractual relationship with us. In the pursuit of that contract, we process your personal data in order to send information relevant to the organisation’s membership with PLSA and to fulfil the arrangements relating to that membership relationship.
Legitimate interest: We may process your personal data or contact you when we have a legitimate business interest in doing so, as long as it does not infringe on your personal privacy rights. This can include communications about information on the PLSA’s policy work, and PLSA events and training.
Consent:We hold and process the personal data of individuals who have given their consent to us doing so for example those who have signed up to our services by contacting us directly.
We always seek consent when sharing data or using data in a way that does not fall under contractual obligations, legal obligations and/or our legitimate business interest. You can withdraw your consent at any time.
Who we share your information with
We share your information with third party service providers where they reasonably require it in order to perform their contractual obligation or other legitimate business interests. Our service providers include:
- A call agency which conducts some marketing and meeting set up for us, eg Perfect Pitch.
- Research agencies eg Opinium, ICM, Breaking Blue, ComRes, and Explori.
- Third parties included in our events organisation, such as our event app, badging, scanning and live web streaming suppliers eg Crowd Compass, Reftech, Zoom, Swapcard and Bridge Event Technologies
- Event exhibitors and sponsors will be provided with your professional details, including; name, company, job title, email address in order to contact you in connection with your attendance of the event for which you are registered. Please note that the act of registering for an event confirms that you consent to sharing these details. This opt in is on a per event basis. You can manage the mailing preferences with the sponsors directly and opt out of their mailings at any time. We put in place data processing or sharing agreements with all sponsors in order to ensure compliance with the GDPR.
- Publishers, including the supplier of our Yearbook and the publishers of the magazines which provide member benefits – LAPF magazine, Pensions Expert, Pensions Age and Pensions Insight magazine. You can opt out of receipt of these at any time.
- Mailing agencies to fulfil the design and postage of publications, such as our Made Simple guides eg Arc, Full Spectrum
- Mailing agencies to fulfil the legal obligations of the PLSA. eg Snapmail
- If you serve on a PLSA committee, we may also share your details with other attendees and committee members – eg committee agendas, minutes and delegate lists.
All our partners with whom we share data are GDPR compliant and have signed agreements with us.
How we use your data at digital conferences
If you register for an event organised by the PLSA your information will be used to administer your attendance. Please also see 'Who we share your information with' section above. Your name, organisation and job title may be included on a delegate list made available during the course of the event to other delegates, exhibitors and sponsors. We use your data for the following purposes:
- The data you supply during the registration process, and within the conference platform itself, facilitates the Swapcard platform’s AI - driving the content and attendee matchmaking facility
- Lead retrieval for exhibitors and sponsors – your data will be shared with exhibitors that you interact with during the event – e.g. download document, video or visit their interactive profile
- When you accept a connection request with another attendee your contact data will be shared with them, like swapping a business card
- To help us understand attendee behaviour, to assist with event planning and potentially tailor attendees’ experience
Photography and/or videography may take place at our events which we may use on our website, in publications and social media for educational and promotional purposes; by registering for and attending the event you give your express consent to this.
TRANSFERRING INFORMATION OUTSIDE THE EEA
Rarely, we may need to transfer your personal data to third parties outside the EEA in order to achieve our objectives around data processing. In this event we will only transfer personal data if the third party is in a country that has been confirmed by the EU to provide adequate protection or the third party has agreed by written contract to comply with the protections required by UK data protection law.
Keeping your personal data
We will retain your personal data for as long as is necessary for us to fulfil the purposes for which we collected it and for as long as we have business reasons for doing so. If we have a data breach we will inform the Information Commissioners Office (ICO) within 72 hours of the breach and we are reviewing our internal safeguarding policy.
How we use your data at conferences and events
If you register for an event organised by the PLSA your information will be used to administer your attendance. Please also see 'Who we share your information with' section above. Your name, organisation and job title may be included on a delegate list or name badge made available during the course of the event to other delegates, exhibitors and sponsors. A barcode may also be incorporated onto your name badge and may be scanned for the following purposes: Photography and/or videography may take place at our events which we may use on our website, in publications and social media for educational and promotional purposes. By registering for and attending the event you give your express consent to this.
Your rights and responsibilities
You have the right: To be informed: You have the right to know what personal data we hold on you and for what purpose. Of access: You have the right to access to your personal data (through a ‘subject access request’) To restrict processing: You can withdraw your consent to our processing your personal data. To rectification: You can have details corrected where we hold inaccurate personal data To erasure: You have the right to be forgotten and to have your personal data deleted if you no longer wish for us to hold it. To data portability: You can ask us to send you, or another organisation, your personal data in a format that can be read by computer. To object: You can complain to the ICO and other supervisory authority. Related to automated decision-making processes and particularly marketing. You will always be able to opt-out from our marketing communications and you can withdraw consent at any time.
We will not charge a fee for you to access your personal data. However, we may request an extension if the request is clearly deemed excessive.
Questions and complaints
Questions about this policy should be directed to Ceri Howells, Interim CFO, [email protected]. You also have the right to lodge a complaint with the ICO. www.ico.org.uk.