Privacy policy
This privacy policy is published by Plinth House Ltd. and relates to information provided to Plinth House via the organisation’s website (www.plinthhouse.com).
What personal data do we collect and why do we collect it?
Contact forms, surveys and event/training/community of practice registrations
When visitors to our website send us comments or questions using the contact forms on the site, we collect the data provided by the visitor in the comments form. Any contact made to us will be treated sensitively, and, where appropriate, in confidence. Data submitted by visitors such contact forms or surveys may be checked through an automated spam detection service.
Some longer form submissions (e.g. survey responses) may be processed and managed via a company called POWr. When submitting a form, you will be asked to acknowledge that the information you provide will be processed in accordance with POWr’s own Privacy Policy.
When we publicise events on our website, the registration links for these will take you to external event registration platforms. Those platforms will provider further information on how your information will be stored and handled, and, if further consent from you is required in relation to our use of your data, it will be requested at the time at which you register for one of our events.
Our contact forms and online event registrations (e.g. for our webinars, training events, etc.) and similar forms will ask you to acknowledge that, by completing the registration form, your details can be used to provide you with access to the relevant event and contact you about the event and our other events or services, both in one-off communications and by including you in our email mailing list. We do not seek your consent for this use of your data in these registration forms since 'legitimate interest' provides a lawful basis for processing data without consent in these circumstances - providing certain criteria set out in data protection legislation (and, in particular, the General Data Protection Regulation or GDPR) are met. We have assessed that our use of the collection of limited personal data in online registration forms passes the following three-part legitimate interest assessment:
-
Purpose: We have assessed that limited data (such as name, email address, job-title and organisation) are required to be able to manage attendance at our events, understand the audience of our events, understand the impact of our marketing strategies, aid fraud prevention for our paid events, and further the interests of our company by enabling us to promote our other events or services.
-
Necessity: We have assessed that the legitimate interest of the company in seeking these data could not be met in other ways.
-
Balance: We have assessed that the data subject’s interests do not override our company's business interests (i.e. the latter do not adversely affect the former), given the limited and proportionate nature of the data requested and the secure and sensitive way in which the data are stored and managed.
You will be informed, via this policy and, where appropriate, in acknowledgment statements within our event/training/community of practice registration forms, that you will be able to unsubscribe from any future mailings at any time. Where appropriate, you will also be given a link to this policy, which informs you of your other rights (e.g. your right to be forgotten, the process for making a complaint about a potential breach of this policy, etc.).
In addition, when we are commissioned by a client organisation to provide a training event for them (including face-to-face and online training events), we will also need to share information provided by those registering for, attending, and failing to attend the event with the client organisation. This may include information about who has registered for the event, people's engagement with the event, attendees' feedback about the event, and other information which is relevant to the client organisation.
Where there are information requirements specific to a particular service or offering, we will include details in the terms and conditions for any further personal data collection.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website.
Site analytics and other data provided via the website
We use analytics to gather data in order to gain insights into how to improve the functionality and user experience of the website. Such data might include your Internet protocol (IP) address used to connect your computer to the Internet, the type of device you are viewing our site on (e.g. desktop computer, mobile device, etc.). We may use software tools to measure and collect session information, including page response times, length of visits to certain pages, page interaction information, and methods used to browse away from the page.
Our website is hosted on the Wix.com platform. Your data may be stored through Wix.com’s data storage, databases and the general Wix.com applications. They store your data on secure servers behind a firewall.
Some of the analytics data described above is collected via cookies used by the website. You can find out more about cookies, including how to disable/enable and delete them, at the following website www.aboutcookies.org.
You can block most cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you block all cookies (including essential cookies) you may not be able to access all or parts of our website/services, or you may experience reduced functionality when accessing certain services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies as soon you visit our website.
You can opt-out of receiving cookies from a range of ad servers (including, among others, Doubleclick, Videology, AudienceScience and Microsoft) by visiting www.youronlinechoices.com and following the instructions provided.
Bespoke events we organise for a client organisation, and public/ticketed events and communities of practice we run for the public/multiple organisations
For most of our online training sessions, we use a platform called GoToWebinar/GoToMeeting. As with any video call/webinar software platform, this platform does require some very limited personal data (names, email addresses) to be stored in order to give the right people access to the online events and send them the link they need to access the event.
GoToWebinar/GoToMeeting is part of a software company based in the US, called LogMeIn – a company with a strong presence in the EU and a great deal of experience of hosting online training for EU-based companies governed by GPPR. LogMeIn has a wide range of safeguards in place in relation to the secure storage and use of any personal data, such as email addresses, that any training session attendees provide.
These safeguards are explained here: https://www.logmeininc.com/gdpr/gdpr-compliance and include:
-
the facility to – indeed, a requirement to – seek individual consent from each individual training session attendee to sign up to LogMeIn’s terms of service which includes information on data handling and storage (the terms of service are here, for information: https://www.logmeininc.com/legal/terms-and-conditions)
-
trusted third-party security certifications for the software platform itself – detailed here: https://www.logmeininc.com/trust/security-measures
-
a comprehensive global Data Processing Addendum (DPA), available here, designed to meet the requirements of applicable data privacy laws and regulations, including the GDPR and CCPA
We sometimes also use a platform called Slido for interactive elements of a digital event, such as Q&A, polls, etc. Slido has in place a wide range of privacy and data security measures in place, which are described here: https://www.sli.do/security
We sometimes use Microsoft Teams for online training sessions, communities of practice and related events. Microsoft has a wide range of privacy and data security measures in place, which are described here: https://learn.microsoft.com/en-gb/microsoftteams/teams-privacy
We sometimes use Zoom for online training sessions, communities of practice and related events. Zoom Video Communications Inc has a wide range of privacy and data security measures in place, which are described here: https://explore.zoom.us/en/privacy/
We sometimes use LinkedIn Live Events for online training sessions and related events. LinkedIn has a wide range of privacy and data security measures in place, which are described here: https://www.linkedin.com/legal/privacy-policy
We sometimes use Wix Groups, Wix Online Programs and other Wix modules for online training sessions, communities of practice and related events. Wix.com has a wide range of privacy and data security measures in place, which are described here: https://www.wix.com/about/privacy
If we use a different platform for a particular event, other than those specified above, more information about how information is stored will be made available at the time, or available on request.
When you join an online training session, community of practice or related event, information you provide when connecting to the session or information associated with your account on the above systems - such as your name, profile, profile picture and organisation - may be seen by Plinth House and by other participants. Information you share via chat functionality, using your microphone, your camera and/or screen sharing during a session will also be visible to other participants, as well as Plinth House.
If a client organisation requests that we use their own platform for a particular training event, then the client organisation itself will be responsible for all data protection and privacy-related issues - including the way in which data is stored, the need for appropriate levels of consent to be requested/gained, and the need for the retention schedule for the data to be proportionate and compliant with data protection legislation.
Data stored for marketing purposes
We use a system called ConvertKit to store some basic personal data about individuals (such as their name, email address, organisation, etc.) to enable us to send them an occasional email newsletter or other information about our events and services. Individuals' data are only stored in this way after:
-
they have provided information in a setting for which we have assessed there is a legitimate interest in our using the data provided in this way (e.g. see the section above entitled "Contact forms, surveys and event registrations"), or
-
they have provided consent for this.
Individuals always have the ability to unsubscribe from these communications at any point. ConvertKit has in place a range of privacy and data protection measures, which are outlined at the following location: https://help.convertkit.com/en/articles/2502527-compliance-with-gdpr
We use a system called Mailchimp to store some basic personal data about individuals (such as their name, email address, organisation, etc.) to enable us to send them an occasional email newsletter or other information about our events and services. Individuals' data are only stored in this way after:
-
they have provided information in a setting for which we have assessed there is a legitimate interest in our using the data provided in this way (e.g. see the section above entitled "Contact forms, surveys and event registrations"), or
-
they have provided consent for this.
Individuals always have the ability to unsubscribe from these communications at any point. Mailchimp has in place a range of privacy and data protection measures, which are outlined at the following location: https://mailchimp.com/legal/
Why do we collect the above data?
We collect the above non-personal and personal information in order to:
-
provide and operate the services that we provide;
-
be able to contact our visitors with general or personalised service-related notices and promotional messages (always ensuring that visitors can opt out of receiving such communications at any time);
-
create aggregated statistical data and other aggregated and/or inferred non-personal information, which we may use to enhance our website or the services we provide; and
-
aid fraud prevention (e.g. in the context of our running paid events) and enable us to maintain appropriate financial records and complete statutory financial returns; and
-
comply with any applicable laws and regulations.
We seek to minimise the amount of personal data we store in less secure formats, such as print-outs from the systems mentioned above. Instead most of our data is kept in secure online storage, which is password protected and encrypted where necessary.
Who do we share your data with?
Except as specified elsewhere under this policy, we would not share your information with a third party – for example, for marketing purposes. An exception is in the very rare situation in which we need to share information in order to comply with legal requirements or in an emergency situation in which the sharing of such information is necessary to protect a person’s vital interests, as defined in data protection legislation.
What rights do you have over your data?
If you have sent us comments or any other information via this site, you can request to receive an exported file of the data we hold about you, including any data you have provided to us.
You can also request that we rectify, erase, port, or restrict the processing of any personal data we hold about you. This would not affect any data we are obliged to keep for administrative, legal, or security purposes.
Further information
We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy and we already hold personal data from or about you, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.
In the unlikely event that there is any kind of potential or actual data breach arising from our activities as an organisation we ask that this matter is drawn immediately to the attention of our Director (contact details below). From there, we will decide on an appropriate process for investigating the complaint.
If the potential or actual breach involves institutional personal data from a client organisation, we will work with that organisation to agree an appropriate investigation procedure which supports the implementation of the client organisation's own policies/protocols as well as our own. Such a process may involve the client organisation investigating the matter, with us providing our full support to assist that investigation. Alternatively, should the client organisation prefer, we may conduct our own investigation, with or without the support of an external investigator, in order to be able to provide a full report to the client organisation.
If you have a query about this policy or wish to send us a comment or complaint under this policy, you can email us at info@plinthhouse.com.