“All human beings have three lives: public, private, and secret” Gabriel García Márquez
For the purpose of the Data Protection Act 1998 and GDPR, the data controller is Provider Exchange, Somerset House, Strand, London, WC2R 1LA, United Kingdom. Tel: +44 (0) 20 7887 2992
Legal basis for collection and use of personal information
Depending on the context of your relationship with us, we may process data on the basis of consent, legitimate interest and or to fulfill a contract.
We will generally let you know at the time of collection what personal data we collect and how we intend to use your personal information.
For example, we collect personal information about you when you want or need to create an account with us. We may also process personal data to respond to your enquiries, for payment processing and or for the provision of goods and services to you.
We also process your personal information where we are required to do so by law, and for the exercise or defence of legal claims.
We may, from time to time, contact you for research purposes, or to tell you about our special offers and other services in accordance with your contact preferences. Where appropriate, we will obtain your consent to do so.
Personal information collected from you may include your name, payment processing information, postal address, email address, landline or mobile telephone number, delivery details as well as other non sensitive personal information. If you use our web sites, we may also collect information about you or your computer when you browse to allow you to use the services available.
Website usage and cookies
If you are using our web sites, we will use your personal information to help you to create and log on to your account and into restricted areas of our web sites and to permit future use of the web sites.
We may use technical data such as the IP address you have used to log onto our web sites to help diagnose problems with our server, or to administer our web sites.
We use Google Analytics to conduct analyses of user traffic to measure the use of our sites and to improve the content of our web sites and our services. These analyses will be performed through the use of IP addresses and cookies. With respect to your IP address, Google Analytics truncates this and prevents us from seeing it in its analytics reports so we could not see it or use it to identify you as an individual.
We have no access to or control over those third party cookies (although we may use statistical information provided to us – not containing personal information – arising from these third party cookies to improve the targeting of advertisements to you and other users of the web sites).
You may be able obtain further information about third party privacy policies or their cookies by visiting their web sites. You can also review and change the privacy settings of your browser at any time to accept or deny a cookie from another website or web service.
You can find out more about how to control cookies in some of the most popular browsers here:
Third party disclosure
We will only disclose personal data about you internally and to third parties according to our legal basis and if and where required to do so by law.
For example, we may provide certain details to third parties in order to process a payment process, to supply goods and services to you, for web site administration and security, or elsewhere when you have consented to such disclosures, or where such disclosures are required or permitted by legitimate interest, contract or law.
These third parties we contractually bound only to use personal information to perform the services that we hire them to provide.
Where you have agreed that we may do so, we may lease or rent your personal data to carefully selected third parties for their postal or telephone marketing use.
Please contact us at any point if you would like more information about the personal data we process about you. You can submit a Subject Access Request at any time. We will need to verify your identity in order to respond to this and we may refuse to provide the detail requested if you are unable to prove your identity and or authority if you are submitting a request to us on behalf of a third party.
Transfer of data
Third party data processors, advertisers, exhibitors and other such business relationships outside of the EEA, are required to take adequate technical and organisational safeguards to protect personal information. We also take measures to ensure that personal information transferred by us outside of the EEA is adequately protected.
In the case of your use of one of our virtual products e.g. Virtual Exhibitions, Webinars etc., we may pass the information you provided to us to 3rd parties. Generally this will be via a process whereby you, as the user, visit or interact with a 3rd party eg: visit a stand at an exhibition. However, in some instances our virtual products are sponsored and, in such cases the data you provided to us will be given to the sponsor. Generally, we will let you know at the time of collection if a product is sponsored.
If you wish to change your contact preferences with an individual exhibitor/sponsor, please follow their own unsubscribe request details. Unsubscribing to Provider Exchange will stop Provider Exchange from contacting you in the future, but not the individual 3rd parties whom you have interacted with.
We take your contact preferences very seriously. If you would prefer for your details not to be passed to any 3rd parties as laid out in this section, you are advised not to register for the virtual product.
Where you have given us permission, or where it is permissible according to the law or legitimate interest, Provider Exchange may from time to time send you email communications about this product and other relevant Provider Exchange products and services. You can unsubscribe from marketing emails at any time.
Mobile phone capture
Where you have given us permission, or where it is permissible according to the law or legitimate interest, Provider Exchange may from time to time contact you via SMS or voice calls about this product and other relevant Provider Exchange products and services. You can unsubscribe from marketing SMS and voice calls at any time.
Security of personal information
We use administrative, technical, and physical measures to safeguard personal information against loss, theft and unauthorised uses, access or modifications. Certain areas of our web sites may be password protected. If you are a user of our web sites and have a password, you can help to preserve your privacy by ensuring that you do not share your password with anyone else.
Payments made via our web sites are processed in a secure environment using software provided by Verifone or other third party providers.
We take steps to regularly validate the personal information we hold to ensure that the information is accurate and, where necessary, up to date. Information that is no longer required for any contractual, legitimate business purpose, and that we are not required to keep pursuant to any applicable law, will be routinely destroyed by secure means.
Making automated decisions
We do not ordinarily use personal information for the purposes of automated decision making. However, may do so in order to fulfil compelling obligations imposed by law, in which case we will inform of any such processing and provide you with an opportunity to object.
Access to personal information
You may renew and update personal information that we hold about you by contacting us as detailed below.
You can also write to the Data Controller, Provider Exchange, Somerset House, Strand, London, WC2R 1LA, United Kingdom. Tel: +44 (0) 20 7887 2992.
The GDPR gives you important rights over your data and you may submit a Subject Access Request by email to us at any time. Please use “Subject Access Request” in your email subject line.
You can use a Subject Access Request to:
- Object to your data being processed
- Ask us to delete it
- Ask us to rectify it
- Ask us to restrict the use of it
- Ask for access to it
- Ask for it to be ported (transferred)
- Confirm what data we process and why
If you submit a Subject Access Request, we will need to verify your identity in order to respond to it and we may refuse to provide the detail requested if you are unable to prove your identity and or authority if you are submitting a request to us on behalf of a third party.
You can find out more about your rights according to GDPR by visiting the Information Commissioner’s website (UK): https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/
The website of the Information Commissioner’s Office (UK) also has to more detail about data protection and your rights in general.