Why are we providing this Privacy Notice?
Under both the UK and EU General Data Protection Regulation (GDPR), we are required to tell you about your personal data that is being collected and used, how it is being collected and from who, what allows us to do this (the legal bases), how long we are keeping it and tell you about your rights.
Who are we?
We are PBSA News, a trading arm of Shop for An Agent Ltd. We are a private company registered in England and Wales (Company Registration Number: 08818954). PBSA News is known as the ‘Controller’ of the personal data you provide to us.
As a team, we keep your data safe and secure, and we comply with the data protection legislation but if you have any queries, you can contact us at email@example.com
What data we need to collect
Currently, we collect personal data which will include the following:
Newsletter / email updates
- Your name.
- Email address.
This is provided by you when you sign up to receive our email news or newsletter.
Sponsorship, Marketing, or advertisers
- Company details.
- Details for invoicing.
This is provided by you when you agree to become a sponsor, or when you work with us to market or advertise your services.
We will not collect any special types of information and we will not collect any personal data from you that we do not need to provide these services to you, or to work with you.
Why we need your data
We need to know your personal data to provide you with our news services, and for any subsequent contracts we agree with those we work with, such as sponsors or advertisers.
As we provide a newsletter to you which may contain updates on content or our website, a digest of relevant news, and product information from sponsors and advertisers including their webinars or demos, this may be classified as marketing. We will only be sending our newsletter to you with your consent for this purpose.
Where you become a sponsor for PBSA News, or you advertise your services through us, we have a legitimate interest in collecting some personal data from you and, where applicable, we can collect data when a contract is in place.
These are known as the lawful bases under UK and EU GDPR.
The legal reasons (lawful bases)
We have obligations and specific requirements for processing of personal data to enable us to provide the services we have described. These obligations form what are known as the lawful bases for the processing.
The specific lawful bases that apply:
- You have provided information with consent (article 6(1)(a) of UKGDPR & EUGDPR).
- The processing is necessary for the performance of a contract (article 6(1)(b) of UKGDPR & EUGDPR).
- The information is for the purpose of our legitimate interests (article 6(1)(f) of UKGDPR & EUGDPR).
We are also obliged to comply with certain UK laws including financial regulations and HMRC. This means that we have a legal obligation to process certain financial information which may include your personal data, especially where you are a sponsor or advertiser (article 6(1)(c) of UKGDPR & EUGDPR).
How we store your data and security
As far as we can, all the personal data we process is being processed in the UK. Where this is not possible or the services are hosted in the EU/EEA, we will ensure that we have all relevant licences and contracts in place, and we undertake appropriate due diligence regarding security of these services. Our due diligence will also confirm that those hosting our data storage comply with GDPR and have security measure in place to protect any personal data that they may store on our behalf.
Any transfers of your data take place using all available technical and secure services.
How long we keep your data
For HMRC (Tax) purposes and financial records, we are required to keep relevant personal data for 6 years after which time it will be destroyed.
Contracts are kept for 6 years from the end date of the contract. At the end of this period, we will securely destroy or delete the contract data.
If you have consented to your information being used for marketing purposes and our newsletter, it will be kept until you inform us that you no longer wish to receive this marketing.
From time to time, we may contact you to confirm your wish to either continue to hold your data or to confirm deletion of your personal data. If we are unsuccessful in contacting you, we will automatically delete your personal data from our systems.
Sharing your data
We do not allow third parties to have access to your personal data unless we are required to share your data with them by law or we are ordered to do so by a Court.
If we have a technical problem, we may need to allow access to our systems by our technical support team who work within our confidentiality policies, and we restrict access to a ‘need to know’ basis to enable them to resolve the technical issues only.
We do not intend to transfer your personal data to third countries outside of the UK or EU/EEA and make an effort to use services that support this. We may use some suppliers or services where this is not possible and where this requires access to personal data, we will ensure that we have all appropriate security and safeguards in place as required by the data protection laws in the UK and EU, and in line with our obligations as a responsible Data Processor of your personal data. For the US, the application contracts for the suppliers have appropriate Standard Contract Clauses in place as these provide similar protections.
Automated decision making and Profiling
We do not make automated decisions on your data, nor do we use your data for profiling purposes.
What are your rights?
You have a number of rights relating to the processing of your personal data. You can ask to see the personal data that we hold about you (known as a Subject Access Request), or even ask us to correct it or have it deleted. You should contact us at firstname.lastname@example.org if you wish to exercise these rights.
Where you have provided personal data with consent, you can withdraw this consent at any time. Please send an email to email@example.com with the subject “withdraw consent” if you wish to do this.
More information on your rights can be found on the Information Commissioner’s website at www.ico.org.uk.
We are sure that you will not need to complain, but just in case, if you wish to raise a complaint on how we have handled your personal data, you can contact us, and we will investigate the matter as we would like to try to resolve this with you.
If you are not satisfied with our response or believe we are processing your personal data in a way that is not in accordance with the law you can complain to the Information Commissioner’s Office at Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, Telephone 0303 123 1113 (local rate) or by completing their online form at https://ico.org.uk/make-a-complaint/your-personal-information-concerns/.