- We consider user privacy and data protection to be vitally important.
- We adhere to the principles of “privacy-by-design”.
- We will only collect and process data when necessary
- We will never sell, rent or otherwise distribute or make public your personal information
- Our website is not intended for use by children and we do not knowingly collect any data relating to children.
Who We are
The Pentland Manager Association (PLMA) is responsible for the data outlined in the privacy notice. As such, we are considered the “controller” of this data.
Our contact details are: [email protected]
Along with PLMA’s business and member's internal computer systems, this website is designed to comply with the following national and international legislation with regards to data protection and user privacy:
- UK Data Protection Act 1988 (DPA)
- EU Data Protection Directive 1995 (DPD)
- EU General Data Protection Regulation 2018 (GDPR)
This site’s compliance with the above legislation, all of which are stringent in nature, means that this site is likely compliant with the data protection and user privacy legislation set out by many other countries and territories as well. If you are visiting this website from outside of the EU, please check your own country of residence's specific data protection and user privacy legislation before proceeding to view our website.
Personal Data That We May Collect
Personal data is any data about an individual by which that person can be identified. If conducting business with you, it may be necessary for us to collect the following data:
- Identity Data - including your first and last name.
- Contact Data - including your address, email address and telephone numbers.
- Financial Data - if you opt to donate towards our cause it may be necessary for us to collect payment details from you. This data will not be retained in any form.
- Transaction Data - including details about financial transactions between you and us.
Other Data That We May Collect
Our site uses Plausible Analytics to collect data about user interaction. We have chosen them as our provider of analytics hosted within the EU due to their privacy-focussed business model. None of the information gathered by Plausible personally identifies you to us.
"By using Plausible Analytics, all the site measurement is carried out absolutely anonymously. Cookies are not set and no personal data is collected. All data is in aggregate only." - Plausible Analytics - read more...
We use Cloudflare within our website for security and performance purposes. Cloudflare and other firewall software used in the service of the website may log your IP address for security purposes. This information is not used to personally identify you.
We consider Plausible, and Cloudflare to be third party data processors (see section 8 below).
How We Collect Data
Email / Telephone / Verbal
You may contact us via email, telephone, or in person - within which communications you may choose to divulge identity, contact and other personal data. We endeavour to take all reasonable measures to ensure any such data is held securely.
We use only use technologies such as necessary or essential cookies where required to ensure the correct functioning of the website. We do not use tracking cookies or other such technology for the purposes of re-marketing or advertising.
To find out more about cookies in general, and how to manage and delete them, visit www.allaboutcookies.org.
If you do not wish to accept cookies from our website, please leave this site immediately and delete and block all cookies from this site. Your continued usage of this website will be taken as consent that you accept our usage of cookies.
Other Data / Website Analytics
We use the information we gather with Plausible and Cloudflare to further the aims of PLMA, improve our website and security, and to gain insight into the viability or success of marketing campaigns. For these purposes, we may examine trends, track users’ movements around the website and gather information about the use of our website for the purpose of analytics.
Who we share data with
We may have to share your personal data with Professional advisers including lawyers, bankers, auditors and insurers who provide banking, legal, insurance and accounting services
HM Revenue & Customs, regulators and other based in the United Kingdom who require reporting of processing activities in certain circumstances.
We require all 3rd parties to respect the security of personal data and treat it in accordance with the law.
3rd Party Processors
We share data with several 3rd parties for the purposes of processing data (in some instances personal data) on our behalf. These 3rd parties have been carefully chosen and comply with the legislation set out in section 3. Among these 3rd party providers are analytics and security service providers. If you do not consent to your data being shared with these data processors, please do not use our website.
Website & Email
No personal data is stored or displayed by this website.
Data provided to us for the purposes making an enquiry via email are stored as emails within a secure IMAP email account provided by a GDPR compliant third party. Emails are then securely synced to assigned members' computer systems. This data is password protected and TLS encryption is used in its transfer.
Physical Data Storage
If paper copies of personal data or communications containing personal data are made, they will be kept in secure filing systems.
3rd Party Processor Data Storage
Where data is stored by 3rd party data processors, it is done so on our understanding that storage is secure and compliant with all relevant legislation. This is an important consideration for us when selecting 3rd Party data processor partners.
We use appropriate security measures to prevent personal data from being lost, used or accessed in an unauthorised way.
We limit access to personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We only retain personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
To determine the appropriate retention period for personal data, we consider the nature, and sensitivity of the data, the potential risk of harm from its unauthorised use or disclosure, the purposes for which we gathered the personal data and any applicable legal requirements.
Your legal rights
Unless subject to an exemption under the data protection laws, you have rights with respect to your personal data. You may find out more about these rights and how to exercise them here: https://ico.org.uk/your-data-matters/
If you do wish to exercise any of your legal rights, please contact us.
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable admin fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.