MPBA Privacy Policy

MPBA Privacy Policy

v1.0 May 2018

This Privacy Notice (together with any other documents linked to from it) sets out information on how and why we process your personal information, how we keep it secure and how we may disclose it to others.

It is important that you read this Notice together with any other notice we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data.

We may change this Notice from time to time, so check the latest iteration (accessible on our website from the link on the footer of every page) to ensure that you are aware of any changes and can make an appropriate decision at that time.

The MBPA and Learning Hub websites are not intended for children and we do not knowingly collect data relating to children.

Please note that by using our website or other services, you agree to the information set out in this Privacy Notice.

Any questions about this Privacy Notice and other Policy, Terms and Conditions that we employ, including any requests to exercise your legal rights should be sent via the contact details below:

In writing:

Jackie Maginnis, MPBA
PO BOX 99 Caersws
SY17 5WR

Or by email:

jackie@mpba.biz

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

The rules on processing of personal data are set out in the General Data Protection Regulation (the “GDPR”). The GDPR regulations view MPBA as a data controller. That means we decide how any personal data we receive is processed and for what purposes. MPBA is a Company Limited by Guarantee. Registered in England No. 00364145. Registered office: Cartef, Trefeglwys, Caersws, Powys, SY17 5PU

Who are we?

Founded in 1938, MPBA play a key role in connecting all sectors of the modular and portable building industry together. Regardless of size and the type of business in the industry, by becoming an MPBA member you will join an Association with many other professionals that will open the door to various opportunities and add significant value to your company.

MPBA is the single recognised voice for promoting and marketing all members and associate members high-quality products and services. Through the Associations excellent reputation we have acquired members who specialise in all types of modular building applications. The MPBSATC Learning Hub is a key part of the MPBA delivering qualifications, training and aspiring to deliver sector apprenticeships.

The information we collect about you?

Personal information (or data), means any information about an individual from which that person can be identified. It does not include anonymous data where the identity has been removed.

We obtain information about you when you use our website, for example, when you register for an event, sign up to our Mailing List or contact us about member products and services.

We also receive and process personal information regarding membership applications, membership profiles, member additions to our internal mailing list, training courses and at stakeholder meetings.

What type of information is collected from you?

The personal information we collect might include your name, address, email address, contact number, and in using the website your IP address and information regarding what pages are accessed and when. If you sign up for a fee based training course and make an online payment your card and other payment information is not held or seen by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions.

We may collect, use, store and transfer differing kinds of personal data grouped as follows:

Identity Data
title, first name, maiden name, surname, username or similar identifier, education history, employment history.
Contact Data
telephone numbers, email addresses, billing address, delivery address.
Marcomms Data
preferences in receiving marketing messages from members, third parties and us.
Technical Data
IP address, login data, browser type and version, operating system, platform technologies and devices used to access our website.
Transaction Data
details about payments to and from you and other details of products and services purchased from us or from you.
Financial Data
bank account details.
Profile Data
username, password, preferences, feedback and survey responses. Usage/Engagement Data – how you use our website, products and services.

We do not collect details regarding race, ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health, genetic or biometric data, criminal offences of convictions.

How is your information used?

We will use your personal information where:

  • we need to comply with regulatory or legal obligations
  • we need to provide services based on a contract we are about to/have already entered into
  • it is necessary for our legitimate business interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • you have provided consent, such as when raising an enquiry or in relation to non-member marketing communications.

You have the right to withdraw consent to marketing at any time by contacting us or directly via any of the communications.

Purposes for which we will use your personal information

The following table provides an overview of the ways in which we plan to use aspects of your personal data as previously described and which of the legal bases we rely on to do so and the type of information used. We may process your data using more than one lawful ground depending on the purpose its being used for. If you require details of which lawful ground is being used to process your data where more than one is highlighted, please contact us using the details at the beginning of this notice.

Purpose Type of data Lawful basis for processing
To process a general enquiry
  • Identity
  • Contact
  • Technical
Consent
To process your membership:
  • Registration
  • Manage Payments, fees
  • Collect and recover money owed
  • Identity
  • Contact
  • Transaction
  • Financial
  • Performance of a contract with you
  • Necessary for our legitimate interests
To manage your membership services:
  • Providing information:
    • group
    • event
    • industry
    • lobbying
    • training
    • membership
  • Requesting input into activities:
    • email
    • survey
    • webex
  • Identity
  • Contact
  • Marcomms
  • Technical
  • Profile
  • Usage/Engagement
  • Performance of a contract with you
  • Necessary for our legitimate interests
To register you on our Stakeholder Mailing List
  • Identity
  • Contact
  • Marcomms
  • Technical
Consent to provide information
To manage non-membership services:
  • Providing information about:
    • Members
  • Identity
  • Contact
  • Marcomms
  • Technical
  • Profile
  • Usage/Engagement
Necessary for our legitimate interests
To administer and protect the association and its website (for internal operations, employees, contractors, business partnerships, suppliers, customers)
  • Identity
  • Contact
  • Marcomms
  • Technical
  • Transaction
  • Financial
  • Profile
  • Usage/Engagement
Necessary for our legitimate interests

How long will you use/keep my personal information for?

We will only retain your personal information for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. You can ask us to delete your data, see your legal rights below for more information.

Marketing and Third-party

We aim to provide you with relevant information based on your current profile choices (where available). This will include information relating to MPBA activities or that of its Member Companies. Where on occasion your data is to be shared/transferred to a third-party, e.g. when undertaking an MPBA training course that relies on third party contractors or partnerships with other organisations to complete your certification or where members sponsor an MPBA event or where we have event partners, this will only be done through your express opt-in consent.

MPBA work with JIB to undertake Health & Safety Assessments and provide ECS Cards - for more details see their privacy policy.

Opting-out

You can ask us or third parties we have shared any data with to stop sending you messages at any time by contacting us or using the unsubscribe link in every email. Where you opt-out of receiving messages this will not apply to data provided to us as a result of a Membership if you are the main contact or if registering for an event or training course where information needs to be provided to you for its completion.

Change of Purpose

We will only use your personal data for the purposes for which we collected it. If we need to use your personal data for an unrelated purpose we will notify you and we will explain the legal basis that allows us to do so. Please note that we may process your personal data without your knowledge or consent, in compliance with the above rules where this is required or permitted by law.

Cookies

Like many other websites, the MPBA website uses cookies. These are small pieces of information stored in your browser to allow that website to recognise you when you visit. They collect statistical data about your browsing actions and patterns. For example, it relays your IP address, Browser, OS and your country preferences. This is general data stored in web stats of all websites and helps us to improve our website and deliver a better more personalised service.

It is possible to switch off cookies by setting your browser preferences.

Disclosure of your personal data

We may have to share your personal data with internal or external third parties as set out below:

  • consultants undertaking specific tasks for the association.
  • professional advisers acting as lawyers, accountants, business consultants, insurers to MPBA.
  • HM Revenue & Customs, regulators and other authorities acting as processors who require the reporting of processing activities in such circumstances.
  • service providers acting as processors for IT and system administration services

We require all third parties to respect the security of your personal data and treat it in accordance with the law.

We do not allow these third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.

International Transfers

This involves the transferring of your data outside the European Economic Area (EEA).

We ensure that your personal data is protected by requiring all our 3rd parties to follow the same rules when processing your data.

Where this is to undertake Certification, specific consent will be obtained.

Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US.

Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.

Data Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties on a need to know basis.

They will only process your personal information on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Your legal rights

You have the right to:

  • Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it.
  • Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
  • Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Review of this Policy

Any changes we may make to our privacy policy in the future will be posted on this page and, where appropriate, notified to you by e-mail. Please check back frequently to see any updates or changes to our privacy policy.

The Designated Named Person for Privacy Policy in MPBA is Jackie Maginnis, Chief Executive. They should be contacted for support and advice on implementing this policy and procedures.

Jackie Maginnis
Chief Executive, MPBA 1st May 2018