The DPP (Digital Production Partnership Ltd) is a membership organisation that brings customers and suppliers together to solve problems and create opportunities. To do this, we collect, store, and process a certain amount of personal information. We treat that information with the utmost respect, and so we have prepared this privacy notice to explain clearly how we manage and use your information, and the rights you have relating to it.
This privacy notice explains:
- What information we will collect from you
- How we will use the information we collect about you
- When we will disclose your details to anyone else
- Your rights regarding the information you provide to us
- The legal basis for holding and processing your personal information
- How you can contact us if you have questions about this privacy notice
Unless otherwise specified, the DPP is the data controller for any personal data collected on or submitted to our website https://www.thedpp.com (our site). The DPP means Digital Production Partnership Ltd, a company registered in England with registration number 09478697. Our registered office is 2 Waterhouse Square, 140 Holborn, London, EC1N 2AE. You can also contact us by email at email@example.com
How we collect and use your information
We and our authorised third parties will only process your personal information where we have a lawful basis to do so. The lawful basis for processing may differ depending on which of our services you use. Generally, we’ll only process your data on the following grounds:
- you have given consent for the processing. When we rely on consent to process your personal information, you always have the right to withdraw this consent.
- the processing is necessary for the performance of a contract to which you are a party, such as your DPP membership.
- the processing is necessary in order to take steps at your request prior to entering into a contract.
- the processing is necessary for compliance with a legal obligation placed on us.
- the processing is necessary for the purposes of the legitimate interests pursued by the DPP or by a third party. For example, we have a legitimate interest in understanding how people are using the resources we provide, including our website and publications, both to improve them and to promote our services. Therefore, we use your personal information to understand and analyse our products and services.
There are a number of situations in which the DPP will collect personal information from you in order to provide services to you, and these are outlined below. More generally, we will keep records of your marketing consents, and may record how you interact with marketing materials we have sent you. We may also retain copies of communications with you for a reasonable period of time in line with our retention policies, and these records will contain any information you have disclosed to us in those communications.
Company membership registration
When you choose to enroll your company as a DPP member, we will require information about the company, and also about the primary contact person(s), including name, job title, and email address. These will be collected via our online enquiry form, or via direct contact, such as by email. The basis for this processing is to allow us to fulfil our contract with you to provide membership services.
Individual website registration
Any member of staff from a DPP member company may register for an account on our site, allowing you to log in to access additional resources such as downloads and event registration. In order to register you, we will collect information including your name, job title, and email address. The basis for this processing is fulfilment of our contract to provide you services under your membership. You will also be able to opt in to receiving email communications to update you on the DPP’s events, publications, and other work. You will be able to opt-out of these at any time.
When you are logged into our website, we record which of our documents you download. For users who are not logged in, some content on our website is available for download by non-members, upon submission of your name, company name, and email address. The basis for this processing is our legitimate interest to understand who is using our materials and how. Users who are not logged in will additionally be asked to opt-in to further email communications from the DPP, which will be delivered based upon your consent to do so. You may withdraw this consent at any time.
When you contact us via our website for any other reason, such as by using our contact form, we will collect information including your name, job title, and email address. The basis for this processing is to allow us to respond to your enquiry, fulfilling your legitimate interest to receive a response from us. You will additionally be able to opt-in to further email communications, which will be delivered based upon your consent to do so. You may withdraw this consent at any time.
Form Submissions using reCAPTCHA
When you register to attend a DPP event we will collect personal information including email address, name, job title, company and other information required to provide the event. The basis for this processing is to allow us to provide the event service to you, and our legitimate interest in understanding who attends our events. The information you provide will assist with managing attendees, access requirements and dietary needs. It will also be used for evaluation of events.
We will share some limited information about event attendees with third parties, as follows:
- Sometimes, we will also share pseudonymised aggregated information (such as companies attending/invited and job titles of attendees/invitees) with sponsors or potential sponsors due to their legitimate interest to understand the demographic of event attendees. This will not include individually identifiable information such as names, email addresses, or the specific combinations of job titles and companies.
- At some small events, typically under 30 attendees, we may share lists of attendee names, job titles, and companies, with attendees. This is due to their legitimate interest to understand the contacts they meet, and to understand the impact of their decisions to share business information with other attendees under the Chatham House Rule.
Subject to your direct marketing preferences and consents, we will send you marketing communications that we think will be the most relevant to you.
All of our automated email communications include an unsubscribe link, which allows you to opt out of future communications. If you are a DPP member, when you unsubscribe we may still send you specific personal communications related to your membership (in order to fulfil our membership contract with you), but we will remove you from bulk communications. If you are not a DPP member, we will retain information about you sufficient to respect your wishes not to be contacted, but we will not send you any further marketing communications unless you reinstate your consent to do so.
How long we keep your information
We keep your personal information for only as long as necessary, which is longer in some cases than in others. To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, necessary for the purposes for which we process your personal data, and the applicable legal requirements.
- we will keep information about member companies and our contact individuals at those member companies throughout the duration of your membership. If you end your membership, we will retain this information for six years after the date of your membership expiry or the last contact you have with the DPP, so that if we re-engage with your company subsequently, we have contextual information about the previous relationship between us.
- if you ask us to stop processing your personal information for direct marketing, we need to retain enough information about you to enable us to ensure we stop including you in those direct marketing activities.
- by law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for at least six years after they cease being customers for tax purposes.
When we share your information
Generally, we will only use your information within the DPP. However, sometimes we will use third parties to process your information, for the purposes of delivering our services, as outlined in this privacy notice. Those third parties include:
- Service providers who provide IT, system administration and other services, and may act as data processors.
- Professional advisers who may act as processors including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services.
- HM Revenue & Customs, regulators and other authorities who may act as processors who require reporting of processing activities in certain circumstances.
- The police, regulatory bodies or legal advisers in connection with any alleged criminal offence or unlawful activity, or otherwise where required by law or where we suspect harm or potential harm to others. We will cooperate with any law enforcement authorities or court order requesting or directing us to disclose information.
We have contractual provisions in place, which require that these third parties comply strictly with our instructions and that they do not use your information for their own business purposes. The third parties may be based inside or outside the EU, but where they are based outside, the data processing will be subject to the conditions laid out under ‘International Transfers’ below.
The DPP will not sell your data. We will also not pass your data to third party data controllers for marketing, except where you have provided explicit consent (such as sharing data with event sponsors).
In some cases our external third parties may be based outside the European Economic Area (EEA) so the processing of your personal data may involve a transfer of data outside the EEA.
If we transfer your personal data out of the EEA, we will ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield programme, which requires them to provide similar protection to personal data shared between Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
Please contact us via firstname.lastname@example.org if you would like further information on the specific mechanism used by us when transferring your personal data out of the EEA.
Changes to our business
If we become involved in a merger, acquisition, restructuring, reorganisation or other transaction involving the sale of some or all of our companies’ assets, then your information may be included in the assets that are transferred to the new owner and may be provided to the entities and advisors involved.
If there are changes to our business, your personal information will remain subject to this privacy notice (as amended from time to time). However, where your personal information is transferred to a new owner following a merger or acquisition it may be subject to a different privacy notice. We, or the new owner, will provide notice to you before any of your personal information becomes subject to a different privacy notice.
Any personal information you supply will be treated in accordance with applicable data protection laws, including the Data Protection Act 2018, the General DataProtection Regulation (the “GDPR”) and any other applicable or superseding legislation.
If you wish to engage any of these rights and need to contact us, please email email@example.com
You have a right to:
- request a copy of the personal information we hold about you. To do this, please contact us making clear that you are requesting a copy of your personal information and including full details of what you require. You may also be required to submit a proof of your identity.
- request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected.
- request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it (such as a legal requirement for us to retain it for tax purposes).
- object to the processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- request that we provide your personal information to you in a structured, commonly used and machine readable format and have it transferred to another provider of the same or similar services to us. Where this right is applicable, we will comply with such transfer as far as it is technically feasible.
- object to your personal information being used for direct marketing. Where required we will ensure we obtain your consent before undertaking marketing and you will have the ability to opt out.
- withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
Questions and complaints
If you have any questions relating to this privacy notice, please email firstname.lastname@example.org
In the event that you wish to make a complaint, we would appreciate the chance to deal with your concerns, so please contact us. However, you also have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues.
Changes to our privacy notice
Any changes we may make to our privacy notice in future will be posted on this page and, where appropriate, notified by email. This privacy notice was last updated on 14th April 2022. It was updated to indicate our use of - a new cookie preferences system on the site, and to clarify (but not substantively change) some other existing points.