The FPA

Privacy Policy

The Fire Protection Association & RISCAuthority

Introduction

This Privacy Policy explains in detail the types of personal data we may collect about you when you interact with us. It also explains how we will store and handle that data and keep it safe.

We hope the following sections will answer any questions you may have but if not, please do get in touch with us on 01608 812500 or email us at cwright@thefpa.co.uk.

It is likely that we will need to update this Privacy Policy from time to time. We will notify you of any significant changes, but you are welcome to come back and check it whenever you wish.

By agreeing to this Privacy Policy, you are giving us permission to process your personal data specifically for the purposes identified. Where that purpose is based on consent, you may withdraw your consent at any time via the contact details provided.

1. What personal data do we collect?

Personal data refers to any information which identifies you, or which can be identified as relating to you personally, such as your name, address, phone number and email address.

We collect personal data provided by you. This includes information you give us when you join us as a member, buy products or services or attend FPA training courses or events.

We collect personal data when you engage with us digitally. This includes downloading information from our websites and when you interact with us on social media.

We may collect personal data that is provided by a third party. This includes personal information provided by an employer to enable us to process your membership.

We may also use publicly available personal data. This includes information from company websites, news sources and from Companies House.

We only collect data we need to and we will always make it clear why we are collecting it.

We collect personal details, such as your name, address, email address(es), telephone number(s), where this is necessary for managing membership, shop purchases or training and event bookings, fire and risk services and laboratory clients. For some training qualifications, we are also required to collect date of birth and gender.

We collect financial information, such as personal bank details, payment information, billing and delivery addresses and contact number, where this is necessary for processing sales transactions (including membership, training and event bookings and shop purchases).

We collect information about your job role, areas of interest, visits to our websites and how you would like us to contact you so that we can send you relevant communications which we think will be of interest.

We collect images, such as photographs for some of our training courses and videos, at some of our events. We will always let people know when we are capturing images at events, either in person at the event or in communications beforehand.

2. How we use your personal data

We will only use your personal data on relevant lawful grounds as permitted by the General Data Protection Regulation (GDPR) as it applies in the UK, according to the Data Protection Act 2018 and the Privacy of Electronic Communication Regulation (PECR). We only collect personal data we need, and we will always make it clear why we are collecting it. We will only use your personal data for the purpose(s) outlined at the time we collected it.

You can change how we use your personal data at any time – please see Section 8 ‘What are your rights over your personal data’ below.

3. Providing our services to you

We use personal data to enable us to fulfil legal and contractual obligations. This includes complying with our legal obligations to share data for law enforcement purposes when required.

Membership

We will use the personal data you provide to us as an FPA or RISCAuthority member to fulfil our contractual agreement with you. This includes:

Posting Fire & Risk Management journal if you are in a relevant membership category.

Sending and processing membership renewal information.

Sending emails relating to the services which form part of your membership package.

Personal data is also used to confirm your identity when you contact our Membership team or register on our website.

You cannot remove consent for service or administrative emails while retaining your membership as we need to be able to contact you for contractual reasons. If you no longer wish to receive these communications, you will need to cancel your membership.

Products and services

We will use the personal data you provide as a customer to fulfil any orders or training or event bookings you make with us. This includes:

Processing any orders, bookings or applications that you make through our websites or at an event. This may include passing your details to third party suppliers to supply or deliver the product or service that you ordered. Your details will be held for a reasonable period of time afterwards in order to fulfil any statutory obligations, such as for refunds.

To respond to your queries, refund requests and complaints. We may keep a record of these for a reasonable time to inform any future communication with us and to demonstrate how we communicated with you throughout.

To process payments and to prevent fraudulent transactions. We do this on the basis of our legitimate business interests. This also helps to protect our customers from fraud.

To send you communications required by law or which are necessary to inform you about our changes to the services we provide you. For example, updates to this Privacy Policy, product issues, and legally required information relating to your orders, bookings or membership. These service messages will not include any promotional content and do not require prior consent when sent by email.

To administer any of our prize draws or competitions that you enter based on your consent given at the time of entering.

Marketing

If you consent to receive marketing information from us we will use the personal data that you provide, as well as details of your past transactions, to keep you informed about products and services which you may be interested in. We may also send you survey and feedback requests to help improve and develop our services and products to meet the needs of our members.

We will contact you according to the preferences you have given us. You are free to opt out of marketing communications any time by updating your communication preferences online or by contacting us directly.

Social Media and Web Advertising

If you use social media, dependent on your settings, you may receive targeted content on your social media feeds from us, or we may use your profile to help us identify similar people and audiences for marketing purposes.

We will also use your social media username if you choose to interact with us through those channels, to help us respond to your comments, questions or feedback.

You may also receive targeted adverts on webpages you visit, dependent on your interactions with us, for example if you have visited our membership pages.

Profiling and targeting

We want to make sure you have the best possible experience of the FPA and RISCAuthority and prevent unwanted communications from us.

We use automated profiling and targeting to help us better understand our members and customers, so that we can:

Make sure our communications and services are relevant, personalised and interesting to you.

Bring you offers and promotions that are most relevant to your interests.

Ensure our services meet the needs of our members and customers.

We will carry out internal research and analyse how you interact with us (for example, on our website) to help us understand the success of our activities, better understand behaviour and responses and identify patterns and trends.

We will often compile this data and look at it as a whole, rather than on an individual basis. This helps us to understand trends in our audiences and to assess how our different communications and products are performing, and where we can make improvements.

We may use personal data to help us create audience profiles which enable us to better target our communications to you and other people. For example, we may use your personal data to help find other people with similar profiles online who may be interested in FPA products and services.

We may from time to time work with third parties to help capture or analyse data. We will always ensure that these organisations meet our strict data policies and standards.

We may also use publicly available information, such as demographic information, to further help us refine and target our messaging and products appropriately.

Card payment information

If you purchase products or services from us and provide your payment details this information will be processed only for the purposes of taking payment for the service or product you wish to purchase.

We do not store any credit card information electronically. All payment processing is performed directly online via our payment service providers Sage Pay and Nat West bank.

Cookies and third-party websites

Cookies

Our websites use cookies to distinguish you from other users to help us provide you with a personalised experience and to improve our websites and services.

A cookie is a small text file that is placed on your computer's hard drive by your web browser when you first visit our website. The cookie allows us to identify your computer and find out details about your last visit to the website.

The information we collect by using cookies is not personally identifiable: it does not include information about your computer settings, your connection to the internet, IP address or geographical location.

Third-party websites

The FPA provides links to other websites for your convenience. These external websites will have their own privacy policies, and if you click on a link our Privacy Policy will no longer apply. We do not accept any responsibility or liability.

Social media buttons

Website visitors may use these to bookmark or share our web pages. These work using scripts from other domains and it is likely those sites will collect their own information about what you are doing. You should review the policies of each of these sites to see how they use your information.

Protecting you and our business from crime

We use your personal data to help protect our business and your account from fraud and other illegal activities, including using your personal data to maintain, update and safeguard your account.

We will also monitor your browsing activity with us to quickly identify and resolve any problems and protect the integrity of our websites. For example, using automated monitoring of unsuccessful login attempts to identify possible fraudulent attempts to gain access to your account.

4. How we protect your Personal Data

We know how much data security matters to all our members and customers and we want to keep your personal data and our information systems safe and secure. We treat your personal data with the utmost care and are committed to taking all appropriate steps to protect it.

Sensitive data (such as payment card information) is secured by SSL encryption.

All new staff complete mandatory data protection training when they start working for the FPA and this is repeated by all staff annually.

Although we take all reasonable steps to keep your personal information safe and secure, external threats are constantly evolving and we cannot guarantee the security of your personal information.

5. How long will we keep your Personal Data?

We will keep any information provided by you only for as long as it is needed for the purposes for which it was collected. The length it will be stored for will depend on the exact nature of the information, what it is being used for and, on occasion, statutory legal requirements.

To determine the appropriate retention period for personal data we consider:

The amount, nature, and sensitivity of the personal data.

The potential risk of harm from unauthorised use or disclosure of your personal data.

The purposes for which your personal data was processed and whether we can achieve those purposes through other means.

The applicable legal requirements.

When that retention period has expired, we will securely delete your personal data.

6. Disclosing and sharing your personal data

We never sell personal data to other organisations.

We may share personal data with organisations we work with. When this happens, we will first ensure these companies meet our high privacy standards, and we will always maintain strict control of what they see, how long they see it and what they use it for.

The type of third parties we routinely work with are:

  • IT companies who support our website(s) and other business systems.
  • Mailing houses who help us deliver membership welcome and renewal packs
  • Printing companies and couriers who dispatch our journal or printed publications.
  • Direct marketing companies helping us manage our printed and electronic communications.
  • DRM (digital rights management) publishing companies that we use to distribute certain electronic publications.
  • Assessors for examinations
  • Exhibition and event logistics companies
  • Consultants who are contracted to undertake services on our behalf

We may be required to disclose personal information to third parties in order to comply with a legal obligation, or upon a valid request to do so. This may include sharing personal data about individuals with law enforcement bodies, or to help assess fraudulent or potentially fraudulent activity on our systems. These requests are assessed on a case-by-case basis and take the privacy of users into consideration.

7. Where your personal data may be processed

The majority of FPA’s suppliers are based within the UK or EU. Sometimes we will need to share your personal data with third parties and suppliers outside the EU in order to fulfil our contractual obligations to you.

Protecting your data outside the UK or EU

We may share personal data that you provide to third-party data processors in countries that are outside the EU, such as the USA. Any transfer of your personal data will follow applicable laws and we will treat the information under the guiding principles of this privacy policy. We will ensure any third-party data processors adhere to our contractually agreed standards.

8. What are your rights over your personal data?

Individuals have rights over their personal data and at any point whilst we are in possession of, or processing your personal data, you can contact us to enact your rights.

Withdrawal of consent

If you have given your consent for the FPA or RISCAUthority to contact you for marketing purposes or otherwise, you may withdraw that consent at any time. You can also make changes to how you would like to hear from us.

You can unsubscribe from FPA or RISCAuthority communications by clicking the ‘unsubscribe’ link at the bottom of any email.

Alternatively you can contact the Membership Team on 01608 812500 or email membership@thefpa.co.uk

You may continue to receive communications for a short period after changing your preferences while our systems are fully updated, for example, if a subscription mailing has already been sent out by the mailing house.

Alternatively, you can make a subject access request to restrict the processing of your data, as outlined below.

Access to personal data

You have a right of access to personal data that is held by us as a data controller.

To ask for your information please email cwright@thefpa.co.uk or write to:

Claire Wright

Fire Protection Association/RISCAuthority

London Road

Moreton-in-Marsh

Gloucestershire

GL56 0RH

Updating your personal data

You have the right to correct data that we hold about you that is inaccurate or incomplete.

Simply contact the Membership Team on 01608 812500 or email membership@thefpa.co.uk

Other data subject requests

You have further rights over your data, which include your right to:

  • Ask for the data we hold about you to be erased from our records (your right to be forgotten).
  • Ask us to restrict the processing of your data, which includes objecting to certain automated processing, including profiling (your right to restriction of processing).
  • Ask to have the data we hold about you transferred to another organisation (your right of portability).

There may be legal reasons why we need to process your data. If we believe we cannot action your request, we will explain to you the reasons for our refusal. If you don’t think we should be using your personal information, or if you wish to exercise any of your rights, please email us at cwright@thefpa.co.uk or write to:

Claire Wright

Fire Protection Association/RISCAuthority

London Road

Moreton-in-Marsh

Gloucestershire

GL56 0RH

Checking your identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy.

If you have authorised a third party to submit a request on your behalf, we will ask them to prove they have your permission to act on your behalf.

9. Where we rely on Legitimate Interest

We sometimes use Legitimate Interest as our legal basis for processing personal data. This will usually relate to the promotion of services and products, or the sharing of information which we believe is relevant and important to our members.

In cases where we are processing your personal data on the basis of our legitimate interest, you can ask us to stop for reasons connected to your individual situation.

10. What to do if you’ve got concerns

If you feel that your data has not been handled correctly, or you are unhappy with any aspect of this policy, please contact cwright@thefpa.co.uk or call 01608 812500. Alternatively you can write to:

Claire Wright

Fire Protection Association

London Road

Moreton-in-Marsh

Gloucestershire

GL56 0RH

If you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO). For further information about your rights and how to complain, please visit the ICO website.

If you live outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your own country of residence.

11. International members and customers

By using our services or providing your personal data to us, you expressly consent to the processing of your personal data by the FPA and RISCAuthority on our behalf. You retain the right to ask us not to process your data in certain ways, and we will respect your wishes.

Sometimes we will need to transfer your personal data between countries to enable us to supply the goods or services you have requested.

By dealing with us, you are giving your consent to this overseas use, transfer and disclosure of your personal data outside your country of residence for our ordinary business purposes.

We will ensure that reasonable steps are taken to prevent third parties outside your country of residence using your personal data in any way that is not set out in this privacy policy. We also make sure that we adequately protect the confidentiality and privacy of your personal data.

We will ensure that any third parties process your personal data only in accordance with their legitimate interests. These third parties may be subject to different laws from those which apply in your country of residence.  Please note that we do not take active steps to ensure that any overseas recipient of your personal data complies with the laws which apply in your country.

We take cyber security very seriously to protect our networks, devices, and data from attack, damage, or unauthorised access. We hold both the Cyber Essentials and Cyber Essentials Plus Badges which provide assurance of our cyber security defences from the most prevalent forms of internet threat.

Cyber Essentials Certified  

This Policy was last updated on 06/07/2020