Information about us
Innopsis Limited is a limited company registered in England and Wales under company number 07525501, whose registered office is at 1 Little Reeds, Loddiswell, Kingsbridge, Devon, United Kingdom, TQ7 4QH.
Innopsis Limited is registered as a data controller for personal data under reference XXXXXXX as defined by the Data Protection Act 2018.
This notice states:
What information we capture
- Contact information (i.e. name and email address) through enquiries via the ‘contact us’ page element at https://www.innopsis.org/home/who-we-are/, our tools (governed by the terms and conditions of the operating system used) and any activities with members (i.e. title/forename/surname, email address, phone numbers) (processed within the Microsoft Office 365 Cloud system).
- Employer and job function in relationship to membership status.
- Registration details for attendance at events and meetings (processed within Eventbrite Event Management Cloud Service and operated by Innopsis’s Directors).
How we use the information
- Information from cookies to manage customer experience (i.e. Cookie popups and Captchas)
- Contact details entered into our website or Eventbrite to communicate with individuals/organisations who have made an enquiry or registered to attend events or requested updates on communication topics
- Contacts detailed within Microsoft Office 365 to undertake communication activities related to the Innopsis activity.
Our legal bases for processing information
Legal obligations – we will process contact details and financial information in accordance with our legal obligations under:
- Anti-Terrorism, Crime and Security Act 2001
- Borders, Citizenship and Immigration Act 2009
- Bribery Act 2010
- Business Names Act 1985
- Civil Evidence (Scotland) Act 1988
- Civil Evidence Act (Northern Ireland) 1971
- Civil Evidence Act 1995
- Communications Act 2003
- Companies Act 1985
- Companies Act 1989
- Companies Act 2006
- Computer Misuse Act 1990
- Copyright and Rights in Databases Regulations 1997
- Copyright, Designs and Patents Act 1988
- Copyright, etc. and Trade Marks (Offences and Enforcement) Act 2002
- Corporate Manslaughter and Corporate Homicide Act 2007
- Counter-Terrorism Act 2008
- Criminal Evidence (Northern Ireland) Order 1988
- Criminal Justice and Immigration Act 2008
- Criminal Justice and Public Order Act 1994
- Data Protection Act 2018
- Data Protection Act 1998
- Digital Economy Act 2017
- Disability Discrimination Act 2005
- Electronic Communications Act 2000
- Employment Act 2002
- Employment Rights Act 1996
- Enterprise Act 2002
- Equality Act 2006
- Evidence Act (Northern Ireland) 1939
- Fraud Act 2006
- General Data Protection Regulation
- Human Rights Act 1998
- Income and Corporation Taxes Act 1988
- Income Tax Act 2007
- Insolvency Act 1986
- Insolvency Act 2000
- Latent Damage Act 1986
- Limitation Act 1980
- Obscene Publications Act 1959
- Obscene Publications Act 1964
- Police and Criminal Evidence (Northern Ireland) Order 1989
- Police and Criminal Evidence Act 1984
- Privacy and Electronic Communications (EC Directive) Regulations 2003
- Protection from Harassment Act 1997
- Protection of Freedoms Act 2012
- Race Relations Act 1976
- Regulation of Investigatory Powers Act 2000
- Sex Discrimination Act 1975
- Sex Offenders Act 1997
- Taxes Management Act 1970
- Telecommunications (Lawful Business Practice) (Interception of Communications) Regulations 2000
- The Privacy and Electronic Communications (EC Directive) (Amendment) Regulations 2011
- Value Added Tax Act 1994
- Welfare Reform Act 2012
- Wireless Telegraphy Act 2006
- Work and Families Act 2006
We will process your contact details and financial information to maintain your membership where you have:
- Applied for membership
- Have an active membership
Where you have attended an Innopsis event, we will let you know about other Innopsis events that may interest you (but you will be given the opportunity to unsubscribe at any time).
We will only process personal information for contact purposes, as a result of consent, when they have been provided from the contact page (http://eepurl.com/duUMlv) or from meeting event partners where we obtain explicit consent for that specific purpose.
How we handle personal information
All personal information that is captured as part of the provision of our services, or membership, are logged within an asset register, subject to risk assessment, application of controls and only handled/retained for the requirements stipulated in legislation, regulation and/or contractual obligation.
For clarity, applicable legal obligations are considered first, then applicable regulations, contracts and finally consent; in all cases, the most stringent requirements shall apply to information handling and retrieval of assets and where they are captured, processed, communicated and/or stored.
All personal data is processed in alignment with:
- the GDPR 12 Steps guidance from the Information Commissioner’s Office
- the Cyber 10 steps guidance from the National Cyber Security Centre
- the OWASP top ten from the Open Web Application Security Project
How long we will retain personal information
We will retain all details of financial transactions for seven years, all personal contact information gathered from our events and other activities will be retained for a year after after the last contact.
Any other personal information shall be assessed to determine if there are any other retention requirements from law, regulation and/or contractual obligations relevant to it, and these will be complied with.
Where clients request it, we shall immediately securely erase any personal information in our care where the requestor is the data controller and the personal information has come from the requestor.
Your rights relating to personal information
You have a range of rights with regards to your personal information (detailed within https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/individuals-rights/), if you wish to exercise these rights, then please contact us. For details on how to contact us, please visit https://www.innopsis.org/company-information/
Who we share personal data with
We use Microsoft for Cloud hosting of email, Eventbrite for Event Management and Heart Internet for website hosting. We do not share any information with any of these organisations, but we do store and process personal data using these services. We do not engage either organisation as a data processor for your personal data.
We will share information as required by law with government agencies, in accordance with those statutes.
If personal data is shared with any other body (ie Crown Commercial Service and NHS-Digital), you will be advised beforehand and given the option to opt out.
Our policy towards transfer of personal information outside of the UK
Where possible, we do not use any service or system that processes personal information outside of the United Kingdom (UK). Where services are located outside the UK, the services have Data protected by a Data Processing Agreement and Privacy Shield. We take all reasonable steps to ensure that processing of personal information occurs within this policy.
Our policy towards processing of children's personal data
We do not provide information society services or services for children. We do not accept any data from any person under 18. If any data is found to be added in breach of this condition, we will erase the data as soon as possible. As such, we do not take specific measures for children, although this privacy notice is designed to be understood by a child over the age of 13 years of age.