Privacy
We ask that you read this privacy policy carefully because it contains important information on who we are, how and why we collect, store, use and share personal information, your rights in relation to your personal information and how to contact us and supervisory authorities in the event you have a complaint.
Summary
- We use your data to provide our webinars, courses and other content to people who request or register for it, and to manage our relationships with those people and educational establishments we partner with.
- We delete your data when it is no longer needed for these things.
- Generally, we do not give your information to third parties, but there are some exceptions where we use external service providers to power our operations — some of these are outside Europe.
- We are happy to answer your questions about any of this — please email us.
Who we are
Sensible Media Ltd collects, uses and is responsible for certain personal information about you, in the course of our websites (paynegotiation.com, alumniextra.com) operations and in running our webinars. When we do so we are regulated under data protection laws and we are responsible as ‘controller’ of that personal information for the purposes of those laws.
The personal information we collect and use
Information collected by us
In the course of running our business we collect the following personal information when you provide it to us. References to the basis of processing (e.g. Basis: legitimate interest) are a reference to the legal basis under which we undertake the processing in question. More information is provided on the different bases for processing at the bottom of this page.
- Registration information, including your name and email address. Depending on the service you are registering for, we may also ask you about your course of study, the year you graduated, the campus you study or studied at, and the territory in which you are resident. We use this to register you for the service, to validate your entitlement to free or discounted services, and to manage our relationships with any educational establishment of which you may be a student or alumnus. Basis: performance of a contract; legitimate interest.
- In some cases, your payment details. We use our service provider, PayPal, to process this to collect any payment charged in respect of our services. Basis: performance of a contract.
- In order to send you information from us regarding professional development or other webinars we offer we will ask you for your email address. Basis: consent; legitimate interest.
- Information about people with whom we have discussed possible partnerships. We use this to document and progress those discussions. Basis: legitimate interest; performance of a contract.
- If you get in touch with us to raise a question or make a comment, we will use this to help us to resolve any issues or reply to your question. Basis: performance of a contract; legitimate interest.
Information collected from other sources
We also obtain personal information from other sources as follows:
- If you are registering as part of a relationship we have with an educational establishment, we may obtain from them confirmation of your status as being connected with it. We do this by sharing with them the registration details (including your name and email address) you used to sign up. Basis: legitimate interest, performance of a contract.
- We receive from Mailchimp and SendGrid, our email service providers, an indicator of your level of engagement with our emails. We use this to tailor what we communicate to you and how best to do it. Basis: legitimate interest.
Who we share your personal information with
We engage a number of service providers who process personal information on our behalf to help us deliver our services to you, for example, payment service providers, email, ticketing and video streaming service providers. We engage other third parties to help us run our business, for example, marketing agencies or website hosts and website analytics providers. Some of these may process your personal information as part of their service to us. For example:
We share your email address with Mailchimp and SendGrid, who help us with sending out emails to our users and those interested in our service. We use EventBrite to help us with registration for some webinars and they process your email address and the webinar you wish to attend on our behalf. We use GoToWebinar to help us verify and stream to webinar attendees. We use Copper CRM to help us keep track of discussions regarding potential business partnerships.
If you view one of our webinars by means of a website of one of our partner educational establishments, we will provide them with confirmation that you are entitled to view the webinar. If you register for a webinar as a student or alumnus of our partner educational establishments, we share your registration details with them.
We will share personal information with law enforcement or other authorities if we are subject to a legal obligation to do so.
If we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of that business or those assets. If our business is merged with or acquired by another business, personal information held by us about you may be transferred to that business.
We may share your personal information with government and regulatory bodies, auditors and professional advisers to comply with any legal obligation, to enforce any agreements; or protect the rights, property, or information security of our customers, or others; or obtain any related professional advice.
Some recipients of your personal information will be outside of the United Kingdom — for further information including on how we safeguard your personal data when we share data with them, see Transfer of your information out of the UK below.
Whether information has to be provided by you, and if so why
The provision of the registration and any payment information is required from you to enable us to provide you with our service.
Transfer of your information out of the UK
We operate internationally, and some of the processes involved in our use of your personal information will require it to be stored or processed in countries outside the country where you are located. In particular, your personal information may be transferred to, and processed in the United States, where some of our service providers’ systems are located.
We may transfer your personal information to service providers such as Mailchimp, SendGrid, GoToMeeting, Copper CRM and Eventbrite, which are located in the USA. We may also share your information as set out above, with the educational establishment of which you are an alumnus or student – that may involve transferring your data outside the UK.
Under data protection laws, we can only transfer your personal data to a country outside the UK where:
- the UK government has decided that the particular country ensures an adequate level of protection of personal data (known as an ‘adequacy regulation’). A list of countries considered ‘adequate’ by the UK currently is available here. We rely on adequacy regulations for transfers to the European Economic Area.
- there are appropriate safeguards in place, together with enforceable rights and effective legal remedies for you. We may use specific contracts approved for use in the UK, which give personal data the same protection it has in the UK, or by relying upon the recipient participating in an approved international data transfer mechanism, including the adoption of binding corporate rules.
- a specific exception applies under relevant data protection law.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the UK.
Your rights
Under data protection laws you have a number of important rights free of charge. In summary, those include rights to:
- access to your personal information and to certain other supplementary information that this privacy policy is already designed to address
- require us to correct any mistakes in your information which we hold
- require the erasure of personal information concerning you in certain situations
- receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations
- object at any time to processing of personal information concerning you for direct marketing
- object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you
- object in certain other situations to our continued processing of your personal information
- otherwise restrict our processing of your personal information in certain circumstances
For further information on each of those rights, including the circumstances in which they apply, see the guidance from the UK Information Commissioner’s Office (ICO) on individual’s rights under the General Data Protection Regulation. If you would like to exercise any of those rights, please:
- email or write to us (see How to contact us below)
- let us have enough information to identify you (your name and email address)
- if we need it to identify you, let us have proof of your identity and address (a copy of your driving licence or passport and a recent utility or credit card bill), and
- let us know the information to which your request relates, including any account or webinar reference numbers, if you have them
If you would like to unsubscribe from any email information we send you, you can also click on the ‘Unsubscribe’ button at the bottom of the email.
Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
For detailed information on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems visit Get Safe Online. Get Safe Online is supported by HM Government and leading businesses.
How to complain
We hope that we can resolve any query or concern you raise about our use of your information. Data protection laws also give you right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner or telephone 0303 123 1113.
Changes to this privacy policy
This privacy policy was last updated on 4 July 2022. We may change this privacy policy from time to time, when we do in any material way we will inform you via email.
How to contact us
Contact us if you have any questions about this privacy policy or the information we hold about you. Please email us or write to Newcombe House, 45 Notting Hill Gate, London W11 3LQ.
Legal bases for processing
In the section of this policy which sets out what data we collect and how we use it, we refer to different legal bases for processing. Further details on each of those are set out here.
- Legitimate interest means the interest of our business in conducting and managing our business to enable us to give you the best service and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.
- Performance of contract means processing your data where it is necessary for the performance of a contract between us and you or to take steps at your request before entering into such a contract.
- Comply with a legal or regulatory obligation means processing your personal data where it is necessary for compliance with a legal or regulatory obligation that we are subject to.
- Consent means your freely-given specific consent. If you have provided such a consent you may withdraw it at any time by contacting us (this will not affect the lawfulness of our use of your personal data in reliance on that consent before it was withdrawn).