Que le gustaría saber?
Nota de Privacidad
Version 7 - October 2018
Positive Purchasing Limited are committed to safeguarding the privacy of our website visitors, customers, delegates and service users. This Notice describes Positive Purchasing Limited’s practices with respect to the personal data we collect, how we use and how we protect it. Any references to “we”, “us” or “our” hereafter are references to Positive Purchasing Limited. Please take a moment to familiarise yourself with our privacy practices and let us know if you have any questions.
- Who This Notice Applies To
- Who We Are
- Information Collected From You
- Automatically-Collected Information
- Sensitive Information
- How your data will be used and our legal basis for processing
- If you are a customer
- If you are a user of one of our online subscription platforms
- If you participate in our competency assessment programs
- If you are a trainer or attending a training session
- If you are a delivery partner or reseller of our Services
- Public website and store users
- Generally
- How we would like to use your data (Marketing)
- Consequences of failing to supply your personal data
- Disclosure
- Third Party Transfers
- International Transfers
- Retention period
- Your rights as a data subject
- Complaints
- Changes to this privacy notice
This Notice applies to all data subjects (“you”) whose personal data (“your data”) is collected by us, our nominated partners and associates or the resellers of our Services.
2 - Who we are
We are a company that specialises in providing procurement and negotiation training, tools and consulting services to organisations around the world. We offer a variety of services including diagnostic assessments, support services, procurement and negotiation training programs, process and toolkits, online platforms as well as bespoke packages (our “Services”).
Our contact details are:
Company: Positive Purchasing Limited (company number 04756992)
Website: https://positivepurchasing.com/
Email: team@positivepurchasing.com
Tel: +44 33 00 94 0000
Address: Units 1 and 2, Mills Bakery, Royal William Yard, Plymouth, Devon, PL1 3GE, UK
3 - Information collected from you
The personal data we will collect from you is as follows:
Data that could include your name, job title, telephone numbers, fax numbers, location, postal addresses, email addresses, Service preferences, employer, manager or supervisor’s name and job title.
Data about your name, email address, job title along with details of your line manager or supervisor.
Data about your IP address, geographical location, browser type and version, length of visit, page views, website navigation paths, as well as information about the timing, frequency and pattern of your use and, where the data is available, information about the identity of the owner of fixed IP addresses
Data could include assessments of your competency and capability
Contact Information together with data about financial qualification, billing information, payment and/or card details including credit or debit card number, date of expiration and security number
4 - Automatically-collected information
We may automatically collect certain information about your computer or devices that are used to access the Services, including mobile devices, through commonly-used information-gathering tools, such as cookies and web beacons («Website Navigational Information»). Website Navigational Information includes standard information from your browser or device (such as browser/device type and language), your Internet Protocol («IP») address, and the actions you take on our Academy websites, such as the pages viewed and the links clicked.
We may also collect and analyse information such as: (i) location information, unique device identifiers and other information about your mobile phone or other mobile device(s), browser types, browser language, operating system, the state or country from which you accessed the Services; and (ii) information related to the ways in which you interact with the Services, such as referring and exit pages and URLs, platform type, the number of clicks, domain names, landing pages, pages viewed and the order of those pages, the amount of time spent on particular pages, the date and time you used the Services, error logs, and other similar information. We use Google as an analytics provider and technologies, including cookies and similar tools, to assist in collecting this information.
Any information collected by automated means will only be used by us for analytical purposes. For more detailed information on our use of cookies, please see our Cookie Notice. If you are concerned about security, you can modify your browser to prevent cookies being stored on your machine.
5 - Sensitive information
We will not intentionally collect or maintain, and do not want you to provide, any information regarding your medical or health condition, race or ethnic origin, political opinions, religious or philosophical beliefs or other sensitive information.
6 - How your data will be used and our legal basis for processing
The personal data we collect as per the definitions in section 3 above where referenced below will be used for the following purposes and will be processed on the following legal basis:
If you are a customer
The processing of the data you provide is necessary in order to process enquiries, orders, shipments and to provide efficient Services to you and for the performance of the contract for Services to which you are a party to or in order to take steps at your request prior to entering into a contract.
We also use the information we collect about you in order to provide you with information, on-going support, updates and advice, to coordinate your participation in a training program, a competency assessment, or in line with your overall contract with us. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely in order to provide and oversee our Services to you.
If you are a user of our online subscription platforms
We hold data to allow us to connect you into our systems and to generate usage reports. In order to do this and if you are using our user authentication method we securely store your email address (to act as a username) and your forename and surname to generate reports and certificates. If and only as part of a specific contractual arrangement we may hold your job title and departmental line manager name. This legal basis for the processing is that it is in our legitimate interests to do so, namely our interest in the proper administration of our website and Services.
Data that you provide will be accessible and shared within our online platforms and our Learning Management System (that include our Procleus, 5i Online, Red Sheet Online, Buyer’s Toolkit Online, Competency Assessment or our other online platforms) to the extent necessary to provide our Services to you. Information you provide may be accessible by your line managers and supervisors in order to monitor progress and use of our systems. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our online platforms and business.
Your email address and full name are electronically shared with Litmos (a trusted third party as identified below) to personalise your welcome message and enable your line managers to identify members of their team. Your email address is also used to email course completion information. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our online platforms and business.
We may process your Online Account Data for the purposes of operating our online platform, providing our services, ensuring the security of our online platform and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is our legitimate interests, namely the proper administration of our online platform.
We may process information relating to transactions, including purchases of our Services, that you enter into with us and/or through our website. This may include your Contact Information and Billing Information and this data may be processed for the purpose of supplying the purchased goods and services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our online platforms and business.
We may process your personal data that are provided in the course of the use of our Services. The data may include your Contact Information and/or Online Account Information and may be processed for the purposes of operating our website or online platforms, delivering training events, providing our Services, ensuring the security of our website and services, maintaining back-ups of our databases and communicating with you. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
If you are approached by one of our partners or resellers of our Services and provide them with your contact details, your Contact Information may be provided to us by the reseller. The legal basis for this processing is our legitimate interests, namely to avoid us and our resellers approaching the same customers.
If you participate in any of our online learning courses or programs we will collect, process and hold Capability Information about you for the purposes of administering and providing learning and development services. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our online platforms and business.
If you participate in our competency assessment programs
If you participate in one of our competency assessment programs we may collect, process and hold your Contact Information together with Capability Information as provided by you or by our representative for the purpose of administering the competency assessment with you. The legal basis for this is our legitimate interests, namely our interest in the proper administration of our training programs and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
If you are a trainer or attending a training session
If you are participating in one of our training courses we may collect, process and hold details your Contact Information for the purpose of staging the training event, communicating with you regarding the training and administering you and other individuals through the course program. If the training program includes access to our online platforms to participate in online learning activities we may also collect, process and hold your Online Account Information and Capability Information for the purpose of providing online learning and development and providing summary information to your line manager or employer. The legal basis for this is our legitimate interests, namely our interest in the proper administration of our training programs and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
If you are a delivery partner or reseller of our Services
If you are a delivery partner or reseller we will collect, process and hold your Contact Information and Online Account Information for the purpose of engaging, working and communicating with you regarding the provision of our Services. The legal basis for this is our legitimate interests, namely our interest in the proper administration of our training programs, competency assessment programs and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
Public website and store users
If you visit our public website or use our store we may collect, process and hold your Website Data for the purposes of analysing the use of the website, store and services, and improving the data contained on our website so that it remains relevant and of interest to website visitors. The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services.
If you decide to sign up to our newsletter we will process and hold your Contact Information and Website Data for the purpose of subscribing to our email notifications and/or newsletters. This data may be processed for the purposes of sending you the relevant notifications and/or newsletters. The legal basis for this processing is consent.
If you make an enquiry via our website we will process and hold your Contact Information and Website Data and other contact information contained in any enquiry you submit to us regarding products and/or services for the purposes of dealing with your query and offering, marketing and selling relevant products and/or services to you. The legal basis for this processing is consent and the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract.
If you visit our online store we will process and hold your Website Data together with information relating to transactions or attempted transactions initiated by you for the purchases of our Services and, where provided, your Billing Information for the purpose of supplying the Services and keeping proper records of those transactions. The legal basis for this processing is the performance of a contract between you and us and/or taking steps, at your request, to enter into such a contract and our legitimate interests, namely our interest in the proper administration of our website and business.
Generally
We may process any of your personal data where necessary for the establishment, exercise or defence of legal claims, whether in court proceedings or in an administrative or out-of-court procedure. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others.
In addition to the specific purposes for which we may process your personal data set out above, we may also process any of your personal data where such processing is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
If you consent to the transfer and to our holding and processing non-sensitive data relating to your employees we will process such data as is necessary for legal, personnel, administrative and management purposes in connection with the provision of the Services and our administration of our business. We may reasonably contact your employees and other users who have provided data in connection with our Services for the purpose of verifying or checking the accuracy of that data.
7 - How we would like to use your data (Marketing)
We would also like to use your Contact Information to share information related to our Services and the industry we operate within that might be of interest to you or to invite you to participate in research within our industry. In order to do so you will be asked to specifically opt in to our marketing. If you choose to opt in to our marketing your information will not be shared with any third parties and you can unsubscribe at any time via phone, email or our website. You will be given the option to opt in to our marketing via a statement such as the following:
“To subscribe to our newsletter, thought leadership insights and product updates, please complete the details below: [you are prompted to enter your personal information and once you have done this the next sentence reads] I would like to receive updates on the following: [which is followed by a list of our products or areas of interest, each with its own checkbox to advise your preferences]” Once the opt in form has been adequately completed you will be prompted to complete the opt in process and submit the information.
If you are an existing customer who has bought (or negotiated to buy) a similar product or service from us in the past, or you have attended one of our training courses and indicated on our attendance sheets that you would like us to keep in contact with you, or you have provided your contact information to us and requested or agreed that we will contact you, (for example at a trade show or in person) you may be offered similar products or services, unless you specifically opted out when we originally obtained your personal data. However, you can opt out from any future marketing should you wish to do so by contacting us via phone, email or our website. You will also be given an option to unsubscribe in all marketing correspondence you receive from us.
8 - Consequences of failing to supply your personal data
If the provision of personal data is part of the contractual requirement between you and us there may be consequences of failing to provide the data that we request. For example, we will be unable to perform the contract if we do not have the personal data from you that we request and as a result we will be unable to provide you with the Services that you have purchased.
9 - Disclosure
In many circumstances we will not disclose personal data without consent. However, in the cases below, we may share your information with another party:
Third Party Transfers
We may disclose your personal data to any member of our group of companies (this means our subsidiaries, our ultimate holding company and all its subsidiaries), insofar as reasonably necessary for the purposes set out in this Privacy Notice.
We may disclose your personal data to our suppliers, subcontractors, resellers and delivery partners insofar as reasonably necessary for the purposes set out in this Privacy Notice.
We may disclose your personal data to our insurers and/or professional advisers insofar as reasonably necessary for the purposes of obtaining and maintaining insurance coverage, managing risks, obtaining professional advice and managing legal disputes.
We may disclose your personal data and data relating to financial transactions relating to your purchase of our Services via our store or by other means to our payment services provider (“PSP”). We will share transaction data with our PSPs only to the extent necessary for the purposes of processing your payments, refunding such payments and dealing with complaints and queries relating to such payments and refunds. You can find information about our PSPs and their privacy notices in the table below.
Where you have provided your consent for us to use your personal data for marketing as outlined above we may disclose your personal data to our marketing service providers (“MSP”). We will share contact data with our MSPs only to the extent necessary for the purposes of keeping you informed about our Services and future offers, or to share information related to our Services and the industry we operate within that we deem might be of interest to you or to invite you to participate within research within the industry. You can find information about our MSPs and their privacy notices in the table below.
We may disclose your personal data to our IT, data, analytics, network, data storage, hosting and email service providers (“ITSPs”). We will share data with our ITSPs only to the extent necessary for the purposes of managing and maintaining our IT and data operations and environment. You can find information about our ITSPs and their privacy notices in the table below.
In addition to the specific disclosures of personal data set out in this Notice, we may also disclose your personal data where such disclosure is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
Sprout Social
MailChimp
Insightly CRM
Lead Liaison
SurveyMonkey
WPEngine hosting
WordPress website
Gravity Forms plugin
https://sproutsocial.com/privacy-policy https://www.linkedin.com/legal/privacy-policy https://mailchimp.com/legal/privacy/ https://www.insightly.com/privacy-policy/ https://www.leadliaison.com/about/legal-notices/ https://www.surveymonkey.com/mp/gdpr/ https://www.surveymonkey.com/mp/policy/privacy-policy/ https://wpengine.com/legal/privacy/ https://automattic.com/privacy/ https://docs.gravityforms.com/wordpress-gravity-forms-and-gdpr-compliance/
Rackspace
Callidus Software
International Transfers
For the purposes of IT hosting and maintenance personal data is located on servers within the US. The following third parties will receive your personal data as part of the processing activities, specifically for providing administrative and management services to us:
10 - Retention Period
This section sets out our data retention policies and procedure, which are designed to help ensure that we comply with our legal obligations in relation to the retention and deletion of personal data. We shall not keep any personal for longer than is necessary for its purpose or purposes.
We will retain and delete your personal data as follows:
- Contact Information will be retained for 5 years following the provision by you of that data or the last update of any part of that data by you, at the end of which period it will be deleted from our systems.
- Online Account Data will be retained for 37 months following the end of a subscription or your contract with us for use of our online services, at the end of which period it will be deleted from our systems.
- Website Data will be retained for 37 months following the collection of that data by us, at the end of which period it will be deleted from our systems or retained only in an anonymised form.
- Capability Information will be retained for 37 months following the end of a subscription or your contract with us for use of our online services, at the end of which period it will be deleted from our systems.
- Billing Information will be retained only so long as is necessary to conclude the transaction and/or initiate or provide the Services after which it will be deleted from our systems.
In some cases it is not possible for us to specify in advance the periods for which your personal data will be retained. In such cases, we will determine the period of retention based on the need for the data to support the provision of our Services and any legal obligations.
Notwithstanding the other provisions of this clause 10, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
11 - Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
- Right of access – You have the right to confirmation as to whether or not we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. You have the right to request a copy of the information that we hold about you and providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data within one month of your request.
- Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete. The information we hold will be accurate and up to date. You can check the information that we hold about you by e-mailing us. If you find any inaccuracies we will delete or correct it promptly.
- Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records. Those circumstances include: the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; you withdraw consent to consent-based processing; the processing is for direct marketing purposes; and the personal data have been unlawfully processed. However, there are certain general exclusions of the right to erasure. Those general exclusions include where processing is necessary: for exercising the right of freedom of expression and information; for compliance with a legal obligation; or for the establishment, exercise or defence of legal claims.
- Right to restriction of processing – where certain conditions apply to have a right to restrict the processing. Those conditions are: you contest the accuracy of the personal data; processing is unlawful but you oppose erasure; we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise or defence of legal claims; and you have objected to processing, pending the verification of that objection. Where processing has been restricted on this basis, we may continue to store your personal data. However, we will only otherwise process it: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
- Right of portability – you have the right to have the data we hold about you transferred to another organisation. This right only applies to personal that you have provided to us, where the processing is based on your consent or for the performance of the contract and when processing is carried out by automated means.
- Right to object – you have the right to object to certain types of processing only to the extent that the legal basis for the processing is that the processing is necessary for: the performance of a task carried out in the public interest or in the exercise of any official authority vested in us; or the purposes of the legitimate interests pursued by us or by a third party. If you make such an objection, we will cease to process the personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims. If you object to direct marketing we will cease to process your personal data for this purpose.
If you wish to enforce any of your rights listed above please email us or write to us using the contact details under clause 2.
All of the above requests will also be forwarded on should there be a third party involved (as identified in clause 9 above) in the processing of your personal data.
12 - Complaints
In the event that you wish to make a complaint about how your personal data is being processed by us (or third parties as described in clause 9 above), or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority using the contact details below. We request that you contact us in the first instance using the contact details identified in clause 2.
UK’s Supervisory Authority:
Address:
Customer Contact
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
SK9 5AF
Email: casework@ico.org.uk
13 - Changes to this privacy notice
We reserve the right to update this Privacy Notice at any time. You should check this page occasionally to ensure you are happy with any changes to this Notice.
We may notify you of changes to this Notice by providing you with a new Privacy Notice when we make any substantial updates.
We may also notify you in other ways from time to time about the processing of your personal information.