Privacynotice - Association of Consultation & Engagement Professionals

Data privacy notice

ACEP is committed to ensuring data security and the fair and transparent processing of your data. This privacy notice sets out how we will treat the personal data which you provide to us in compliance with the UKs data protection legislation.

This privacy notice contains important information on how and why we collect, store, use and share personal data, your rights in relation to your personal data and how to contact us if you have any concerns about how we process your data.

What personal data do we collect?

Personal data, or personal information, means any information about you which could be used to identify you.

We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:

Identity Data includes first name, maiden name, last name, username or similar identifier, marital status, title, date of birth and gender;
Contact Data includes billing address, delivery address, email address and telephone numbers;
Financial Dataincludes bank account and payment card details;
Transaction Data includes details about payments to and from you and other details of products and services you have purchased from us;
Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access this website;
Profile Data includes your username and password, your interests, preferences, feedback and survey responses;
Usage Data includes information about how you use our website, products and services;
Marketing and Communications Data includes your preferences in receiving information and marketing from us and our third parties and your communication preferences;
Behavioural / Conduct Data when dealing with Disciplinary matters;
Educational, School, Organisational and Career Data when processing scholarship applications, or joining our Computing at School community.

Automated technologies or interactions. We may collect technical data about your equipment, browsing actions and patterns including the IP address used; login information; browser type and version, operating systems and platforms when you interact with our website. We may also collect information about your visit including the pages you visited; what you searched for; length of visits and methods used to browse away from the page. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive technical data about you if you visit other websites employing our cookies.

Please see our “Use of Cookies” statement on the ACEP website.

Third parties or publicly available sources. We may receive personal data about you from various third parties and public sources as set out below:

Contact, financial and transaction data from providers of technical, payment and delivery services based inside or outside the EU;
Identity and contact data from publicly available sources such as Companies House and the Electoral Register based inside the EU.
Identity and/or contact data from third parties to which you have given consent to share your data to hear about the products and services of ACEP.

How we collect your personal data

We use different methods to collect data from and about you through:

Direct interactions. You may give us your identity, contact and financial data by filling in forms or by corresponding with us by post, phone, email or in person. This includes personal data you provide when you:

apply for our products or services;
correspond with ACEP;
create an account on our website;
apply for membership or professional registrations;
call our customer services department;
register for the learning platform Learning Hub / Springboard provided to ACEP members for free;
subscribe to our service or publications;
register for an examination or certificate;
register for an event;
request marketing to be sent to you;
process your application for scholarships;
access resources, including videos and podcast recordings;
participate in surveys; or
give us some feedback.

How we use your personal data

When we ask you to supply us with personal data, we will make it clear whether the personal data we are asking for must be supplied so that we can provide the products and services to you, or whether the supply of any personal data we ask for is optional.

We will publish your name and organisation name in a public member directory.

We may use your personal data to fulfil a contract or take steps linked to a contract:

to provide the products and/or services to you;
to communicate with you in relation to the provision of the contracted products and services;
to provide you with administrative support such as account creation, security and responding to issues;
to provide an improved customer experience by recording calls and using them for training purposes and’;
to provide you with surveys, information about our awards and events, offers and promotions, related to the products and/or services.

Legitimate Interest

Where the collection of data is necessary for purposes which are in our, or third party’s legitimate interests. These interests are:

communicating with you in relation to any queries, issues, complaints, examinations, professional membership, financial transactions;
improving the quality of experience when you interact with our products or services including testing the performance and customer experience of our website;
improving the quality of experience when you interact with us directly through our customer services department;
performing analytics on sales or marketing data, determining the effectiveness of promotional campaigns;
dealing with disciplinary cases of ACEP members.

Contract

Where there is a contract between ACEP and your centre, training provider, school, hub or employer we will be processing your data to fulfil our obligations under such contract.

Consent

Where you have given your express permission to receive marketing communications, we may use your data to send you newsletters, surveys, information about our awards and events, exam, offers and promotions, related to products and services which may be of interest to you.

Where required by law

We may also process your personal data if required by law, including responding to requests by government or law enforcement agencies or for the prevention or crime or fraud.

Purposes for which we will use your personal data

Below is a description of the ways we may use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.

Purpose / Activity	Type of data	Lawful basis for processing including basis of legitimate interest
To register you as a new member	(a) Identity (b) Contact	Performance of a contract with you
To make an assessment for award of professional registrations	(a) Profile	Performance of a contract with you
To process and deliver services to you including: (a) Manage payments, fees and charges (b) Collect and recover money owed to us (c) Mailing campaigns	(a) Identity (b) Contact (c) Financial (d) Transaction (e) Marketing & Communications	(a) Performance of a contract with you (b) Necessary for our legitimate interests (to recover debts due to us) (c) consent
To manage our relationship including: (a) Notification about changes to our terms or privacy policy (b) Asking you to leave a review or take a survey. We may cross-reference your survey responses with information that we already hold about you. This would be for research purposes only, unless you expressly request otherwise.	(a) Identity (b) Contact (c) Profile (d) Marketing & Communications	(a) Performance of a contract with you (b) Necessary to comply with a legal obligation (c) Necessary for our legitimate interests (to keep our records updated and to study how members use our products / services)
Recording of calls made to our customer services department	(a) Identity (b) Contact	Legitimate interest for training purposes and to improve future customer experience
To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)	(a) Identity (b) Contact (c) Technical	(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise) (b) Necessary to comply with a legal obligation
To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you	(a) Identity (b) Contact (c) Profile (d) Usage (e) Marketing & Communications (f) Technical	Necessary for our legitimate interests (to study how customers use our products / services, to develop them, to grow our business and to inform our marketing strategy)
Register visitors to the ACEP offices	(a) Identity	Necessary to ensure the correct person is allowed access to ACEP and for Health and Safety and Fire evacuation reasons
To conduct the disciplinary procedure for ACEP members	(a) Identity (b) Contact (c) Membership (d) Behaviour	Necessary for our legitimate interests to investigate an alleged infringement of the ACEP Member Code of Conduct
To register you for an event (members and non-members) or if you wish to have access to resources such as videos or podcasts	(a) Identity (b) Contact (c) Marketing & Communications	Necessary to know who has registered for an event and to provide follow up information
To take payment	(a) Identity (b) Contact (c) Payment Information	We need this information to complete your purchase
To process scholarship applications	(a) Identity (b) Contact (c) Education / Career	Consent
Interviewing for Apprenticeships / Examinations	(a) Identity	Consent

Special Category Data

Where necessary, ACEP may collect certain special category from you. Special category data is classified as information about your racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexual life or details or criminal offences, or genetic or biometric data). This will only be done with your explicit consent and we will only use the information for the purpose we have collected it.

If you have provided us with special category data for us to make reasonable adjustments for you when you take your ACEP exam, we will provide the invigilator with only the minimum amount of information needed for them to conduct the exam according to the adjustment made. Neither the special category data nor the adjustment will not be shown on your certificate.

Marketing

We may use personal information to send direct marketing communications about our products and services that we feel you will be interested in. This may be in the form of email, post, telephone or by SMS. You can always choose to opt out of receiving direct marketing as all our marketing communications include unsubscribe links, alternatively, you can contact us to stop further communications. We also carry out customer insight analysis from our interactions with you to help improve our products and services.

Event Booking

ACEP uses Calendly.com for the majority of its events bookings and participants will register directly with them. If you require details, amendments or deletion you should contact Calendly directly as they are the data controller.

Organisational Membership and Academic Membership

We may collect information about you from the company you work for or the place where you study in order to include you in our Organisational Membership or Academic Membership scheme. If these schemes apply to you, your employer or education provider will let you know that this is the case.

Individual Membership

ACEP uses a third party fulfilment partner to process and send out your membership packs and digital assets.

Social Media

It is expected that you will delete any data from social media accounts that you have set up yourself (or have access to). ACEP may be able to remove you from the Group in question but not the data itself because this data belongs to you. You may be able to make a request directly to the platform provider (such as Facebook) to delete your data.

Cookies

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, some parts of the ACEP website may become inaccessible or not function properly. You can also turn off advertising by visiting http://www.youronlinechoices.com/uk/ and adjusting your privacy settings in your browser.

Change of Purpose

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If you wish to get an explanation as to how the processing for the new purpose is compatible with the original purpose, please contact us.

If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules, where this is required or permitted by law.

Who we share your personal data with

We may share your personal data with other members of staff within ACEP when you provide ACEP with your information.

We take all reasonable steps to ensure that our staff protect your personal data and are aware of their information security obligations. We limit access to your personal data to those who have a business need to know it.

Third Parties

We may also share your personal data with trusted third parties including:

Service providers contracted to us in connection with the provision of the products and services such as Associates;
Disciplinary Investigation Panels and Appeals Panels; *
Complainants;
ACEP Directors;
Our insurers;
External and internal lawyers and/or specialist advisors
ACEP may also be bound to share data with the police or other law enforcement agencies in the event of a crime.

How long will we keep your personal data?

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Financial Data

ACEP will not delete any data which relates to financial transactions that is less than seven years old as we are legally required to hold this information for seven years.

Where we store your personal data and how it's protected

We take reasonable steps to protect your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know.

They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. We also have procedures in place to deal with any suspected data security breach. We will notify you and the relevant Regulator(s) such as the ICO of a suspected data security breach where we are legally required to do so.

Where you have a username and password (or other identification information) which enables you to access certain services or ACEP portals, it is your responsibility to keep this information secure. Please do not share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure and although we do our best to protect your personal data, we cannot guarantee the security of your personal data transmitted to the ACEP website; any transmission is at your own risk. Once we have received your personal data, we will use strict protocols and security features to try to prevent unauthorised access.

Backup Data

Data held in our backup systems is beyond use and cannot be accessed by any staff member apart from certain members of the IT Department. We will not use the data in the back-up systems for any purpose and will only hold the data until it is replaced in line with the established schedule. Personal data will remain on the back up servers until they are deleted after 90 days.

Your rights

You have legal rights under the data protection laws in relation to your personal data. Read below to learn more about each right you have.

We may ask you for proof of identity when making a request to exercise any of these rights. We do this to ensure we only disclose information when we know we are dealing with the right person.

We will not charge you for any of these requests unless we think your request is unfounded, repetitive or excessive. Where a fee is necessary, we will inform you before we proceed with your request.

We will respond to all valid requests within 30 days. It may however take us longer if the request is particularly complicated or you have made several requests. We will always let you know if we think a response will take longer than one month. To speed up our response, we may ask you provide more detail about what you want to receive or are concerned about.

We may not always be able to do what you have asked, for example, if it would impact the duty of confidentiality we owe to others, or if we are otherwise legally entitled to deal with the request in a different way.

The right to be informed

You can ask us what data we hold on you and what we do with it.

The Right of Access / Data Subject Access Request (DSAR)

You can ask us to provide you with a copy of your personal data that we hold about you by contacting our legal department at contact@acep.org.uk. Please note that ACEP will not provide copies of any emails sent to or received from yourself as you already have received this information. We also will not provide any internal emails or documents that may contain your name unless the information contained in the email is:

significantly biographical with regards to you as the data subject and/or
you as the data subject were the focus of attention in the document.

We may be unable to make all information available to you if, for example, making the information available to you would reveal personal data about another person or if your request is manifestly unfounded or excessive.

Examination Paper Exemption

Individuals cannot use a Subject Access Request to obtain examination papers or scripts as this is exempt under the Data Protection Act Schedule 2 Part 4 Clause 25. This is because it could compromise the examination papers which may be re-used. In addition, answers to examination questions are also exempt as this is not considered personal data. Examiner reports / comments are disclosable if they have been completed.

Correcting Personal Information / Right of Rectification

You can ask us to correct any information about you which is incorrect. We will be happy to correct such information but may need to verify the accuracy of it first.

ACEP members can change their own personal information at any time by logging in to the website and updating personal details on the “My profile” page.

Right to Erasure / Right to Be Forgotten

You can ask us to:

erase your personal information if you think we no longer need to use of for the purpose we collected it from you;
erase your personal information if you have either withheld your consent to use using your information (if we originally asked for your consent to use your information), or exercised your right to object to further legitimate use of your information, where we have used it unlawfully or where we are subject to a legal obligation to erase your personal information

We may not always be able to comply with your request, for example, if we need to keep using your personal information in order to comply with our legal obligations or where we need to use it to establish, exercise or defend legal claims.

Right to Restrict Processing / Withdrawing Consent

Where we have asked for your consent to use your personal information, you will always have the right to withdraw your consent. We will still hold your details on our databases but will not contact you.

The Right to Object

You can object to the use of your personal information for direct marketing purposes. We explain in the marketing section of this privacy notice more about our approach to direct marketing.

Requesting a transfer of personal information / Data Portability

You can ask us to

provide your personal information to you in a structured, commonly used, and machine-readable format,
or you can ask to have it transferred directly to another data controller (i.e. another organisation).

You can only do this where we use your personal information in order to perform a contract with you, or where we asked for your consent to use your personal information. This right does not apply to any personal information which we hold, or process based on our legitimate interest or which is not held in digital form.

Third party requests

We accept third party requests from individuals such as friends, relatives, solicitors or from persons who have power of attorney where:

we have a letter from the data subject stating that they want a named person to make these changes on their behalf;
we are given evidence of power of attorney
the data subject and third-party call together (either by being in the same room at the same time) or by a three-way call with ACEP;

If you fail to provide personal data

Where we need to collect personal data by law, or under the terms of a contract we have with you and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with goods or services). In this case, we may have to cancel a product or service you have with us, but we will notify you if this is the case at the time.

Contact and complaints

If you would like to contact us about the use of your personal data, or exercising your personal rights then please contact us at:

Email: contact@acep.org.uk for any requests to stop processing your data
Email: contact@acep.org.uk for any Data Subject Access Requests

Your right to complain

If you believe that your data protection rights have been breached and we have been unable to resolve your concern, you have the right to report your concern to your local data protection supervisory authority. In the UK this is the Information Commissioner’s Office (ICO) and you can raise your concerns by going to https://ico.org.uk/concerns.

We do ask that you please attempt to resolve any issue with us before contacting the ICO.