The Perimeter Security Suppliers Association (PSSA) is a company limited by guarantee registered in England and Wales (Company Number 06978203) further information about the company can be found at Companies House https://www.gov.uk/government/organisations/companies-house)
PSSA acts as Data Controller in respect of the information it collects from you and is registered with the ICO as Data Controller for the purposes of the Data Protection Act 1998.
PSSA outsources the day to day administration of the association to Administration Services Limited (a private limited company registered in England and Wales, no 02230784) (“ASL”) which may process your personal data as Data Processor. The relationship between the PSSA and ASL is regulated by a contract that contains safeguards for your rights.
The Personal Data about you that we collect and use is principally:
In some cases, it may include other Personal Data that you may provide to us from time to time.
We collect Personal Data about you from:
Only in extraordinary circumstances would we hold Personal Data relating to you which had been supplied by anyone other than you. An example might be where contact details were provided by your employer as part of an event booking. If you decide to supply Personal Data to us about another person, please ensure that you do so only with that person’s approval.
We may use your Personal Data for one or more of the following purposes:
You can tell us that you no longer wish to receive communications from us either of a particular kind or at all by sending an e-mail to that effect to: firstname.lastname@example.org
We collect and process your Personal Data in accordance with applicable laws that regulate data protection and privacy. This includes, without limitation, the EU General Data Protection Regulation (2016/679) (‘GDPR’) and the UK Data Protection Act 2018 (‘DPA’) together with other applicable UK and EU laws that regulate the collection, processing and privacy of your Personal Data (together, ‘Data Protection Law‘).
Subject to the exceptions listed below, PSSA does not sell, share or transfer any information gathered during the registration processes to any third parties.
The exceptions are:
It is unlikely, but conceivable, that we might disclose your Personal Data to third parties who make their own determination as to how they process your Personal Data and for what purpose(s) (called ‘data controllers’). In those circumstances, we would expect to notify you so that you could check the relevant privacy policies of those organisations to understand how they may use your Personal Data. Since they would be acting outside our control, we would have no responsibility for the data processing practices of such data controllers.
Other than in the rare and unlikely circumstances described above, we will treat your Personal Data as private and will not disclose your Personal Data to third parties without you knowing about it.
We shall only retain your Personal Data for as long as you remain a member of the PSSA, once you leave membership 8 years or to comply with our legal duties in respect of HMRC and other bodies.
In accordance with our legal duties, we have a Personal Data retention policy (which is available on request) that sets out the different retention periods for Personal Data. The criteria we use for determining these retention periods is based on various legislative requirements; the purpose for which we hold Personal Data; and guidance issued by relevant regulatory authorities including but not limited to the UK Information Commissioner’s Office (ICO).
We shall take all reasonable steps to ensure that we dispose of Personal Data that we decide no longer to retain securely.
We employ appropriate technical and organisational security measures to protect your Personal Data from being accessed by unauthorised persons and against unlawful processing, accidental loss, destruction and damage.
We also endeavour to take all reasonable steps to protect Personal Data from external threats such as malicious software or hacking. However, please be aware that there are always inherent risks in sending information by public networks or using public computers and so we cannot guarantee the security of all data sent to us (including Personal Data).
You have a statutory right (‘Subject Access Request’) to request information, including information about:
Usually we will have a month to respond to such as Subject Access Request. We reserve the right to verify your identity if you make such a Subject Access Request and we may, in case of complex requests, require a further two months to respond. We may also rely upon certain legal exemptions when responding to your request.
You also have the following statutory rights, which are exercisable by making a request to us in writing:
All of these requests may be forwarded on to a third party provider who is involved in the processing of your Personal Data on our behalf.
If you would like to exercise any of the rights set out above, please contact us at the address below
If you make a request and are not satisfied with our response, or believe that we are illegally processing your Personal Data, you have the right to complain to the Information Commissioner’s Office (ICO) – see https://ico.org.uk.
17 May 2018
The latest advice and guidance.Request CPD.