This privacy notice describes why and how The Pipeline collects and uses personal data in connection with its services which are:
- Leadership Programmes
- Diagnostic tools
- Bespoke consultancy
This notice provides information about your rights as a user of our services as well as a user of our website. The Pipeline is aware of its obligations under the General Data Protection Regulation (GDPR) and is committed to processing your data securely and transparently. This privacy notice sets out, in line with GDPR, the types of personal data that we collect and process about our clients and web-site visitors. It also sets out how we use that information, for how long we keep it and other relevant information about your data.
Who we are
MK-LF partnership t/a The Pipeline is a data controller, meaning that it determines the processes to be used when using your personal data. Our contact details are as follows:
MK-LF Partnership t/a The Pipeline
Victory House, 1st Floor,
99-101 Regent Street,
London W1B 4EZ
Data protection principles
- In relation to your personal data, we will:
- process it fairly, lawfully and in a clear, transparent way
- collect your data only for specified and specific purposes
- only collect the minimum information we need to meet the purpose
- only use it in the way that we have told you about
- ensure it is correct and up to date
- keep your data for only as long as we need it
- process it securely, reducing the risk of it being lost or stolen
What data we collect about you
Personal data means any information capable of identifying an individual. It does not include pseudonymised/anonymised data. We may process certain types of personal data about you as follows:
For leadership programmes and bespoke consulting:
- Identity Data which may include your first name, last name, title, and gender.
- Contact Data which may include company and personal e-mail address and telephone numbers.
For diagnostic tools:
- Pseudonymised/ anonymised personal data in response to a diagnostic questionnaire collected via The Pipeline’s Genie evaluation tool.
From the website:
- Technical Data internet protocol addresses, browser type and version, browser plug-in types and versions, time zone operating system and platform and other technology on the devices you use to access the Site.
- Usage Data may include information about how you use our website, products and services.
We may also process aggregated data from your personal data, but this data does not reveal your identity and as such in itself is not personal data. If we link the aggregated data with your personal data so that you can be identified from it, then it is treated as personal data. Where we are required to collect personal data by law, or under the terms of the contract between us and you, if you do not provide us with that data when requested, we may not be able to perform the contract (for example, to deliver the Services to you). If you don’t provide us with the requested data, we may have to cancel your order of the Services. If we do, we will notify you at that time.
Why we process your data
- There are 6 lawful reasons for processing personal data, which are:
- You give consent for us to process your data
- It is necessary to fulfil a contractual obligation with you
- There is a regulatory obligation on us to do so
- It is in the legitimate interest of the company to do so
- It is in the public interest to do so
- It is in your vital interest to do so.
How we collect your data
We collect personal data about you through a variety of different methods including:
- Direct Interactions: You may provide data by communicating with us by post, phone, email, or otherwise, including when you:
- Are nominated as a participant on our programmes by your organisation
- Request information on products and services or marketing material to be sent to you
- Sign up to attending Alumni or other networking events
- Accept the invitation from your organisation to complete a diagnostic questionnaire (GENIE evaluation)
- Third parties or publicly available sources: We may receive personal data about you from various third parties and public sources. We may use Identity and Contact Data from publicly available sources such as LinkedIn, Companies House.
Sensitive / Special categories of data
We collect the following categories of “sensitive” (also known as “special”) personal data as part of our diagnostic tool GENIE):
- and sexual orientation.
We must process special categories of data in accordance with more stringent guidelines. Most commonly, we will process special categories of data when the following applies:
- you have given explicit consent to the processing
- we must process the data to carry out our legal obligations
- we must process data for reasons of substantial public interest
- you have already made the data public.
The personal data is subject to the following basic processing activities:
- Personal data in responses to survey questions are collected via The Pipeline’s GENIE evaluation tool
- The raw responses are pseudonymised/anonymised by The Pipeline
- The pseudonymised/anonymised responses are analysed by The Pipeline and
- The aggregated anonymised responses are used to create a tailored report for the client on the role and development of targeted groups in their organisation and the likely need for future change and improvement
We do not need your consent if we use special categories of personal data to carry out our legal obligations. However, we may ask for your consent to allow us to process certain particularly sensitive data. If this occurs, you will be made fully aware of the reasons for the processing. As with all cases of seeking consent from you, you will have full control over your decision to give or withhold consent and there will be no consequences where consent is withheld. Consent, once given, may be withdrawn at any time. There will be no consequences where consent is withdrawn.
Sharing your data
Your data will be shared within The Pipeline where it is necessary for staff to undertake their duties in provision of services to the client. We also share some of your data with the following third parties:
We may also share your data with third parties as part of a Company sale or restructure, or for other reasons to comply with a legal obligation upon us.
Protecting your data
We are aware of the requirement to ensure your data is protected against accidental loss or disclosure, destruction and abuse. We are implementing processes to guard against such and comply with Cyber Security Essentials Guidelines.
As your personal data is stored on our IT infrastructure, and shared with our data processors who provide email, and document management and storage service to us, it may be transferred and stored securely outside the European Economic Area. Where that is the case the suppliers are signatories to the US-EU Privacy Shield.
Where your data is shared with our mailing list management supplier, it may be transferred outside the European Economic Area. Where that is the case it will be subject to equivalent legal protection through the US-EU Privacy Shield.
In line with data protection principles, we only keep your data for as long as necessary.
- We will retain your personal information for as long as it’s required for any of the purposes described above (e.g. for as long as you are a user of our services and for the duration of our relationship with you)
- We will retain personal information for which you have given consent for a period of seven years
- We will retain pseudonymised/anonymised data from our diagnostics for a period of three years
Your rights in relation to your data
The law on data protection gives you certain rights in relation to the data we hold on you. These are:
- the right to be informed. This means that we must tell you how we use your data, and this is the purpose of this privacy notice
- the right of access. You have the right to access the data that we hold on you. To do so, you should make a subject access request. You can request access or changes by contacting firstname.lastname@example.org
- the right for any inaccuracies to be corrected. If any data that we hold about you is incomplete or inaccurate, you can require us to correct it the
- right to have information deleted. If you would like us to stop processing your data, you have the right to ask us to delete it from our systems where you believe there is no reason for us to continue processing it
- the right to restrict the processing of the data. For example, if you believe the data we hold is incorrect, we will stop processing the data (whilst still holding it) until we have ensured that the data is correct
- the right to portability. You may transfer the data that we hold on you for your own purposes
- the right to object to the inclusion of any information. You have the right to object to the way we use your data where we are using it for our legitimate interests
- the right to regulate any automated decision-making and profiling of personal data. You have a right not to be subject to automated decision making in way that adversely affects you.
Where you have provided consent to our use of your data, you also have the unrestricted right to withdraw that consent at any time. Withdrawing your consent means that we will stop processing the data that you had previously given us consent to use. There will be no consequences for withdrawing your consent. However, in some cases we may continue to use the data where so permitted by having a legitimate reason for doing so. If you wish to exercise any of the rights explained above, please contact our Data Manager, contact details below.
How to complain
We hope that you won’t ever need to, but if you do want to complain about our use of personal data, please send an email with the details of your complaint to email@example.com. We will look into and respond to any complaints we receive.
You also have the right to lodge a complaint with the supervisory authority in your country of residence, place of work or the country in which an alleged infringement of data protection law has occurred within the EU. The Information Commissioner’s Office (“ICO”) is the UK data protection regulator/supervisory authority. For further information on your rights and how to complain to the ICO, please refer to the ICO website. We strive to meet the highest standards when collecting and using personal information. Complaints are taken very seriously, and data subjects are encouraged to bring any issues to our attention.
We recognise that transparency is an ongoing responsibility, so we will keep this privacy statement under regular review.
This privacy statement, Version number: 1.0 was last updated on 25 May 2018
ADDENDUM – the data we hold and basis for processing
|Names, work and personal e-mail addresses||To allow programme joining instructions to be sent to delegates
To contact you re changes to our products and services
To send details of products and services that you have requested via the website
To process and deliver your services
|Delegate lists for programmes and alumni/networking events||To maintain contact for purposes of group networking||Legitimate interest||Programmes|
|Technical and Usage data||To use data analytics to improve our website, products/services, marketing, customer relationships and experiences||Legitimate interest||Website|
|Contact data||To provide thought leadership pieces on topics relating to gender equality||Legitimate interest||Consulting|
|Aggregated pseudonymous data||To create client reports on gender equality||Contract||Diagnostic tools|