Privacy

Privacy Notice - Updated 25 May 2018

1. Introduction

1.1 This privacy notice (Privacy Notice) sets out the ways in which we, the Association of Learned and Professional Society Publishers, or ALPSP (we, us, our), collect and use your personal data (your personal information) in connection with our business. It also explains what rights you have to access or change your personal data.

 1.2 Our website is not intended for children. We do not knowingly collect or maintain the personal information of children under the age of 18. If you are under the age of 13, please do not access our website at any time or in any manner. We will take appropriate steps to delete the personal information of persons under the age of 18.

 2. About us

2.1 We are a company registered in England under company number 4081634, with our registered address as set out below.

2.2 You can contact us as follows:

      FAO:                       Chief Executive
      Address:                Egale 1, 80 St Albans Road, Watford, WD17 1DN  UK
      Email:                     admin@alpsp.org 

3. Information we may collect about you

3.1 Information that you provide to us.

We will collect any information that you provide to us when you:

(a)  Make an application, on behalf of your employer, to become a member of ALPSP
(b)  make an enquiry, provide feedback or make a complaint over the phone, by email or on our website;
(c)  submit correspondence to us by post, email or via our website;
(d)  order products or services from our website;
(e)  create a profile to use the website;
(f)  update your profile and other details;
(g)  subscribe to our member newsletter, bulletins or mailing lists;
(h)  fill in a form, conduct a search, post content on the website, respond to surveys, participate in promotions or use any other features of the website;
(i)  submit comments on the website or on our blog;
(j)  register to and/or attend our events;
(k)  submit a request to post a job vacancy;
(l)  follow’, ‘like’, post to or interact with our social media accounts, including LinkedIn, Twitter, Blogger, YouTube, Flickr;
(m)  submit a CV; and
(n)   submit an application to a job vacancy;

3.1.2 The information you provide to us will include (depending on the circumstances):

(a)  Membership profile data; organization (employer) name(s), address(es), products, subject areas, business model, employee numbers and locations
(b)  Identity and contact data: title, names, job title/position, interest areas, addresses, email addresses and phone numbers of employees at membership organizations;
(c)  Images: photos to promote your involvement in specific events, and images taken at such events by our team or photographer;
(d)  Individual website access data: username, password;
(e)  Financial Data: If you are using the website to purchase products or services, you will also provide payment details, which may include billing addresses, credit/debit card details and bank account details. Credit/debit card details are not held by ALPSP, and are held instead by WorldPay, Paypal or Stripe;
(f)  Survey data: from time to time we might ask if you would be willing to participate in our surveys; if you agree, we will also collect any information that you provide as part of that survey;

3.2  Information we collect about you:

(a)  Information contained in correspondence: We will collect any information contained in any correspondence between us. For example, if you contact us using a query button on our website or by email or telephone, we may keep a record of that correspondence;
(b)  Information transmitted on the website: We will collect information that you upload or post to your website account;
(c)  Transactional data: We will collect information related to your transactions on the website, including the date and time, the amounts charged and other related transaction details;
(d)  Special or dietary requirements: We will collect any information you provide about special or dietary requirements in connection with attending a specific event;
(e)  Website and email correspondence usage data: We will collect information about your interactions with the website or reading and usage of email correspondence, including information such as login data, IP address, page views, searches, requests, orders, pre-approvals, confirmations, and link referrals;
(f)  Technical data: We will also collect certain information about how you use our website and the device that you use to access our website, even where you have not logged in. This might include your geographical location, device information (such as your hardware model, mobile network information, unique device identifiers), the data transmitted by your browser (such as your IP address, date and type of the request, content of the request regarding the specific site, time zone settings, access status/HTTP status code, volume of data transmitted, browser type and version, language settings, time zone settings referral source, length of visit to the website, date and time of the request, operating system and interface) number of page views, the search queries you make on the website and similar information. This information may be collected by a third-party website analytics service provider on our behalf and/or may be collected using cookies or similar technologies. For more information on cookies read our cookies section below;
(g)  Employment and background data: If you are submitting a job application, you may also provide additional information about your academic and work history, qualifications, skills, projects and research that you are involved in, references, proof of your entitlement to work in the UK, your national security number, your passport or other identity document details, your current level of remuneration (including benefits), and any other such similar information that you may provide to us;
(h)  Sensitive information: If you are submitting a job application, you may provide information about your race or ethnicity, religious beliefs, sexual orientation, health and whether or not you have any disability;

 3.3  “Special categories” of particularly sensitive personal information require higher levels of protection. We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We process special categories of personal information where it is needed for reasons of substantial public interest, such as diversity and inclusion monitoring.

3.4  We need to have further justification for collecting, storing and using this type of personal information. We have in place an appropriate policy document and safeguards which we are required by law to maintain when processing such data. We process special categories of personal information in the following circumstances:

3.4.1  in limited circumstances, with your explicit written consent;
3.4.2 where we need to carry out our legal obligations or exercise rights in connection with employment;
3.4.3  where it is needed for reasons of substantial public interest, such as for diversity and inclusion monitoring;
3.4.4  where you have already made the information public.

3.5  If you are an applicant or an employee, we will collect special categories of information about:

3.5.1  your race, ethnicity, religious or philosophical beliefs and sexual orientation for the purpose of our diversity and equal opportunities records (on the basis that it is needed for reasons of substantial public interest, for equal opportunities monitoring);
3.5.2  your health as necessary for the purpose of arranging your interview if you are an applicant or supporting your needs and access to our workplace if you are an employee (on the basis of your explicit consent if you are an applicant and for compliance with our legal obligations or exercise of employment rights if you are an employee); and
3.5.3  your criminal record for the purposes of completing background checks necessary for you to be able to work with us (on the basis such processing is necessary for reasons of substantial public interest under applicable laws).

3.6  Information we receive from third parties

3.6.1  In certain circumstances, we will receive information about you from third parties. For example:

(a)  Website providers: we may receive personal information from other website providers, who may be based inside or outside the EU, for example information relating to purchasing and attending events managed on our behalf;
(b)  Service providers: we may collect personal information from our website developer, and IT support provider (who may be based inside OR outside the EU);
(c) Payment services: we may collect personal information from WorldPay,  PayPal and Stripe to enable us to deliver products, services or events you have purchased (based in the USA);
(d)  Website security: we will collect information from our website security service partners who are based inside the EU, about any misuse to the website, for instance, the introduction of viruses, Trojans, worms, logic bombs, website attacks or any other material or action that is malicious or harmful;
(e)  Publicly available sources: we currently use publicly available sources such as Companies House, for instance to carry out identity and compliance checks;

3.6.2  We might also receive information about you from third parties if you have indicated to such third party that you would like to hear from us.

4. How do we use information about you and recipients of your information

4.1 We will use your information for the purposes listed below either on the basis of:

4.1.1  performance of your organization’s membership contract with us and the provision of our services to you;
4.1.2  your consent (where we request it);
4.1.3  where we need to comply with a legal or regulatory obligation; or
4.1.4  our legitimate interests or those of a third party (see paragraph 4.3 below).

4.2  We use your information for the following purposes:

4.2.1  To provide access to our website: to provide you with access to our website in a manner convenient and optimal and with personalised content relevant to you including sharing your information with our website hosts and developers (on the basis of our legitimate interest to ensure our website is presented in an effective and optimal manner);
4.2.2  To register your account: when you sign up to use our website, we will use the details provided on your account registration form (on the basis of performing our contract with your organization);
4.2.3  To process and facilitate transactions with us: we will use your information to process transactions and payments, and to collect and recover money owed to us (on the basis of performing our contract with your organization and on the basis of our legitimate interest to recover debts due);
4.2.4  Relationship management: to manage our relationship with you, which will include notifying you about changes to our terms of use or privacy notice, and asking you to provide feedback or review products, events and services (on the basis of performing our contract with your organization, to comply with our legal obligations and on the basis of our legitimate interests to keep our records updated and study how our website and services are used);
4.2.5  To conduct business with you or your organization (employer): we use your information to contact you and manage and facilitate our business relationship with you and your employer.
4.2.6  User and customer support: to provide customer service and support (on the basis of our contract with your organization or on the basis of our legitimate interests to provide you with customer service), deal with enquiries or complaints about the website  and share your information with our website developer, IT support provider, payment services providers [WorldPay, PayPal, Stripe] as necessary to provide customer support (on the basis of our legitimate interest in providing the correct products and services to our website users and to comply with our legal obligations);
4.2.7  Surveys:  to enable you to take part in surveys (on the basis of performing our contract with your employer and our legitimate interest in studying how our website and services are used, to develop them and grow our business);
4.2.8  Recruitment: to process any job applications you submit to us, whether directly or via an agent or recruiter including sharing this with our third party recruitment agency (on the basis of our legitimate interest to recruit new employees or contractors);
4.2.9  Marketing: to keep in contact with you about our news, events, new website features products or services that we believe may interest you, provided that we have the requisite permission to do so (either on the basis of your consent where we have requested it), or our legitimate interests to provide you with marketing communications where we may lawfully do so;
4.2.10  Advertising: to deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you (on the basis of our legitimate interests in studying how our website/services are used, to develop them, to grow our business and to inform our marketing strategy);
4.2.11  Social media interactions: to interact with users on social media platforms including LinkedIn, Twitter, Blogger, YouTube, and Flickr, for example, responding to comments and messages, posting, ‘retweeting’ and ‘liking’ posts (on the basis of our legitimate interest in promoting our brand and communicating with interested individuals);
4.2.12  Analytics: to use data analytics to improve our website, products/services, marketing, customer relationships and experiences (on the basis of our legitimate interests in defining types of customers for our website and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy);
4.2.13  Suggestions and recommendations: to share your information with selected third parties such as suppliers and partners, to enable them to contact you with information about things that may interest you (where we have your consent to do so);
4.2.14  Research: to carry out aggregated and anonymised research about general engagement with our website (on the basis of our legitimate interest in providing the right kinds of products and services to our website users);
4.2.15  Fraud and unlawful activity detection: to protect, investigate, and deter against fraudulent, unauthorised, or illegal activity, including identity fraud (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so);
4.2.16  Compliance with policies, procedures and laws: to enable us to comply with our policies and procedures and enforce our legal rights, or to protect the rights, property or safety of our employees and share your information with our technical and legal advisors (on the basis of our legitimate interests to operate a safe and lawful business or where we have a legal obligation to do so).

4.3  As outlined above, in certain circumstances we may use your personal information to pursue legitimate interests of our own or those of third parties. Where we refer to using your information on the basis of our “legitimate interests”, we mean our legitimate business interests in conducting and managing our business and our relationship with you and your organization (employer), including the legitimate interest we have in:

4.3.1  personalising, enhancing, modifying or otherwise improving the services and/or communications that we provide to you;
4.3.2  detecting and preventing fraud and operating a safe and lawful business;
4.3.3  improving security and optimisation of our network, sites and services;

4.4  Where we use your information for our legitimate interests, we make sure that we take into account any potential impact that such use may have on you. Our legitimate interests don’t automatically override yours and we won’t use your information if we believe your interests should override ours unless we have other grounds to do so (such as your consent or a legal obligation). If you have any concerns about our processing please refer to details of “Your Rights” in paragraph 9 below.

 5. Who might we share your information with

5.1  In connection with the purposes and on the lawful grounds described above and in addition to the recipients of your information as described above, we will share your personal information when relevant with third parties such as:

5.1.1  Volunteers: Directors, Council and Committee members, for the sole purpose of delivering specific events, benefits and services. The data will be restricted and will comply with UK Competition Law;
5.1.2  Partners and collaborators: Wiley (delivery of Learned Publishing membership subscription print copies) based in the United Kingdom;  Accucoms (delivery of ALPSP Collection), based in The Netherlands; Reed Exhibitions Ltd (London Book Fair), based in the UK; Copyright Clearance Center (delivery of specific events), based in the USA
5.1.3  Our service providers: service providers we work with to deliver our business, who are acting as processors and provide us with:

(a)  membership database: 3Si based in the United Kingdom;
(b)  website development and hosting services: Senior Internet based in the United Kingdom;
(c)  IT, system administration and security services: nTrust based in the United Kingdom;
(d)  marketing and advertising services (including MailChimp and the Google AdWords service), analytics providers (including Google Analytics) based in the USA;
(e)  event management software: Bizzabo, based in the USA;
(f)  payment services: WorldPay based in the USA; PayPal based in the USA; Stripe based in the USA
(g)  banking services: NatWest, based in the United Kingdom;
(h)  Legal (Harbottle & Lewis, United Kingdom) accountancy and auditing (Myers Clark, United Kingdom), insurance services (Royal Sun Alliance, United Kingdom, Auto Legal Protection Services Ltd, United Kingdom, Metlife, Uniteted Kingdom, Carroll Insurance Group, United Kingdom) and other professional advisers based in the United Kingdom;
(i)  recruitment service providers based in the United Kingdom;
(j)  email delivery software: MailChimp based in the USA, Simplelists based in the United Kingdom;
(k)  survey software: SurveyMonkey based in the USA;
(l)  webinar and online training delivery software: GoToWebinar based in the USA;
(m)  printers and fulfilment houses (for despatch of specific promotional materials) based inside OR outside the EU;
(n)  tutors for training courses, or speakers at a specific event you have booked (so they are awre of their audience and can tailor delivery (based inside or outside the EEA)

5.1.4  Regulators and governmental bodies: HM Revenue & Customs, regulators, governmental bodies and other authorities acting as processors or joint controllers based in the United Kingdom,  who require reporting of processing activities in certain circumstances;

5.1.5  Marketing parties: any selected third party that you consent to our sharing your information with for marketing purposes;

5.1.6  Prospective sellers and buyers of our business: any prospective seller or buyer of such business or assets, only in the event that we decide to sell or buy any business or assets; and

5.1.7  Other third parties (including professional advisers): any other third parties (including legal or other advisors, regulatory authorities, courts, law enforcement agencies and government agencies) based in the United Kingdom and where necessary to enable us to enforce our legal rights, or to protect the rights, property or safety of our employees or where such disclosure may be permitted or required by law.

5.2  We require third parties to maintain appropriate security to protect your information from unauthorised access or processing.

6.  Cookies

6.1  We may use cookies to ensure that you get the most out of our website. Cookies are small amounts of information in the form of text files which we store on the device you use to access our website. Cookies allow us to monitor your use of the software and simplify your use of the website. (For example, a temporary cookie is also used to keep track of your "session". Without that temporary cookie you would not be able to purchase goods and services via our website.)

6.2  If you do not wish for cookies to be installed on your device, you can change the settings on your browser or device to reject cookies. For more information about how to reject cookies using your internet browser settings please consult the “Help” section of your internet browser (or alternatively visit http://www.aboutcookies.org). Please note that, if you do set your Internet browser to reject cookies, you may not be able to access all of the functions of the website.

6.3  The names of the cookies used on our website and the purposes for which these cookies are used are set out in the table below:

Cookies Purpose Duration
ASP.NET_Sessionid This session cookie keeps track on the visitor so that if they have logged in, they don’t have to log into each page they visit. Session
 Senior CMS_Persistent  This cookie is for looking after any River CMS data associated with the session eg: form fields  2 years
 __utma  Used to distinguish users and sessions. The cookie is created when the javascript library executes and no existing __utma cookies exists. The cookie is updated every time data is sent to Google Analytics.  2 years from set/update
__utmt Used to throttle request rate. 10 minutes
__utmb Used to determine new sessions/visits. The cookie is created when the javascript library executes and no existing __utmb cookies exists. The cookie is updated every time data is sent to Google Analytics. 30 mins from set/update
__utmc Not used in ga.js. Set for interoperability with urchin.js. Historically, this cookie operated in conjunction with the __utmb cookie to determine whether the user was in a new session/visit. End of browser session
__utmz Stores the traffic source or campaign that explains how the user reached your site. The cookie is created when the javascript library executes and is updated every time data is sent to Google Analytics. 6 months from set/update

6.3  Our website may contain content and links to other sites that are operated by third parties that may also operate cookies. We don’t control these third party sites or cookies and this Privacy Notice does not apply to them. Please consult the terms and conditions and Privacy Notice of the relevant third party site to find out how that site collects and uses your information and to establish whether and for what purpose they use cookies.

7.  How we look after your information and how long we keep it for

7.1  We operate a policy of “privacy by design” by looking for opportunities to minimise the amount of personal information we hold about you. We use appropriate technological and operational security measures to protect your information against any unauthorised access or unlawful use, such as:

7.1.1  ensuring the physical security of our team’s workplaces, suppliers’ data warehouses or other sites;
7.1.2  ensuring the physical and digital security of our equipment and devices by using appropriate password protection and encryption where possible;
7.1.3  maintaining a data protection policy for, and delivering data protection training to, our employees; and
7.1.4  limiting access to your personal information to those in our company who need to use it in the course of their work.

7.2  We will retain your information for as long as is necessary to provide you with the services that you have requested from us or for as long as we reasonably require to retain the information for our lawful business purposes, such as for the purposes of exercising our legal rights or where we are permitted to do. We operate a data retention policy and look to find ways to reduce the amount of information we hold about you and the length of time that we need to keep it. For example,

7.2.1  we archive our email and paper correspondence regularly and destroy information where is it no longer relevant to the day to day provision of our services;
7.2.2  we retain information relating to orders, refunds and website user queries for approximately 7 years;
7.2.3  we retain information relating to event booking and attendance, and purchasing of other products and services, to inform our future provision of events and services or for approximately 5 years 
7.2.4  we maintain a suppression list of email addresses of individuals who no longer wish to be contacted by us. So that we can comply with their wishes we must store this information permanently; and

 8.  Help keep your information safe

8.1  You can also play a part in keeping your information safe by:

8.1.1  choosing a strong account password and changing it regularly;
8.1.2  using different passwords for different online accounts;
8.1.3  keeping your login and password confidential and avoiding sharing these details with others;
8.1.4  making sure you log out of the website each time you have finished using it. This is particularly important when using a shared computer;
8.1.5  letting us know if you know or suspect that your account has been compromised, or if someone has accessed your account without your permission;
8.1.6  keeping your devices protected by using the latest version of your operating system and maintaining any necessary anti-virus software;
8.1.7  being vigilant to any fraudulent emails that may appear to be from us. Any emails that we send will come from an email address ending in ‘@alpsp.org’.

9.  International transfers of your information

9.1  Our company is located in the UK.

9.2  Some of our external third parties are based outside the European Economic Area (EEA) so processing of your personal data will involve a transfer of data outside the EEA. When we send promotional or information emails, we use MailChimp.  Surveys are handled by SurveyMonkey, and our Conferences are managed by Bizzabo software. All servers for this software is based in the USA.

9.3  Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following transfer solutions are implemented:

(a)  We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries;
(b)  Where we use providers based in the USA, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.

(i)  MailChimp: https://kb.mailchimp.com/accounts/management/about-mailchimp-the-eu-swiss-privacy-shield-and-the-gdpr   
(ii)  SurveyMonkey: https://www.surveymonkey.com/mp/legal/privacy-policy/#pp-section-10
(iii)  Bizzabo: https://www.bizzabo.com/privacy/dpa
(iv)  GoToWebinar: https://www.logmeininc.com/gdpr/gdpr-compliance
(v)  WorldPay: https://www.worldpay.com/uk/privacy-policy
(vi)  PayPal: https://www.paypal.com/uk/webapps/mpp/ua/privacy-full#7
(vii)  Stripe: https://stripe.com/gb/privacy

9.4  Please contact us using the contact details at the top of this Privacy Notice if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

10.  Your rights to the information we hold about you

10.1  You have certain rights in respect of the information that we hold about you, including:

10.1.1  the right to be informed of the ways in which we use your information, as we seek to do in this Privacy Notice;
10.1.2  the right to ask us not to process your personal data for marketing purposes;
10.1.3  the right to request access to the information that we hold about you;
10.1.4  the right to request that we correct or rectify any information that we hold about you which is out of date or incorrect;
10.1.5  the right to withdraw your consent for our use of your information in reliance of your consent (refer to section 2 above to see when we are relying on your consent), which you can do by contacting us using any of the details at the top of this Privacy Notice;
10.1.6  the right to object to our using your information on the basis of our legitimate interests (refer to section 2 above to see when we are relying on our legitimate interests) (or those of a third party)) and there is something about your particular situation which makes you want to object to processing on this ground;
10.1.7  the right to receive a copy of any information we hold about you (or request that we transfer this to another service provider) in a structured, commonly-used, machine readable format, in certain circumstances;
10.1.8  in certain circumstances, the right to ask us to limit or cease processing or erase information we hold about you; and
10.1.9  the right to lodge a complaint about us to the UK Information Commissioner’s Office (https://ico.org.uk/) as well as a right to lodge a complaint with the relevant authority in your country of work or residence.

Please note that we may need to retain certain information for our own record-keeping and research purposes. We may also need to send you service-related communications relating to your organization’s membership subscription, even when you have requested not to receive marketing communications.

10.2  How to exercise your rights

10.2.1  You may exercise your rights above by contacting us using the details in paragraph 2 of this Privacy Notice, or in the case of preventing processing for marketing activities also by checking certain boxes on forms that we use to collect your data to tell us that you don’t want to be involved in marketing, by updating your marketing preferences by clicking any link in any email we send you.
10.2.2  You may contact us viathe details at the top of this Privacy Notice if you wish to action any of these additional rights and we will comply with your requests unless we have a lawful reason not to do so.

10.3  What we need from you to process your requests

10.3.1  We may need to request specific information from you to help us confirm your identity and to enable you to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
10.3.2  You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. We will try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.

11.  Sharing data directly with third parties

11.1  You might end up providing personal information directly to third parties as a consequence of your interactions with our website and other services offered by us. For example, you may attend an event hosted by us where you communicate personal information directly with other attendees. We are not responsible for how such third parties use personal data provided by you. 

11.2  Please be responsible with personal information of others when using our website and the services available on it. We are not responsible for your misuse of personal information, or for the direct relationship between you and others when takes place outside of the website or our services.

12.  Third-party links

The website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy notice of every website you visit.

13.  Changes to this privacy notice and your duty to inform us of changes

13.1  We may make changes to this Privacy Notice from time to time. We will post any changes to our site, or notify you of any material changes by e-mail.

13.2  It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us by updating your profile account information or contacting us via the contact details at the top of this Privacy Notice.

This Privacy Notice was updated on 25 May 2018.