Updated 1st April 2019
We will make every effort to protect the personal information that you provide, and are committed to safeguarding the privacy of our website visitors; this policy sets out how we will treat your personal information and forms part of the Terms and Conditions, and covers the Plan Social Ltd websites available at http://www.ptasocial.com, http://www.ptasocial.co.uk and http://app.ptasocial.com.
1. What information do we collect?
We may collect, store and use the following kinds of personal information:
- information about your computer and about your visits to and use of this website including your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views, and website navigation;
- information relating to any transactions carried out between you and us on or in relation to this website, including information relating to any purchases you make of our goods or services;
- information that you provide to us for the purpose of registering with us;
- information that you provide to us for the purpose of subscribing to our website services, email notifications and/or newsletters;
- any other information that you choose to send to us; and
- information that you provide to us during the usage of the PTAsocial web service, when your PTA becomes a subscriber, and you become a registered user on app.ptasocial.com.
A cookie is a file containing an identifier (a string of letters and numbers) that is sent by a web server to a web browser, and stored by the browser. The identifier is then sent back to the server each time the browser requests a page from the server. This enables the web server to identify and track the web browser.
The cookies cannot be used to identify you personally and do not store any credit card information.
These cookies may be created when you visit our website, or click on links that we share with you via email or social media. Cookies may be created by us or by third party services for the purposes of targeting adverts to suit you, i.e. to display adverts more likely to match your interests. This may include platforms such as Facebook, Twitter, Pinterest, LinkedIn, or websites that display Google Ads.
We may use both “session” cookies and “persistent” cookies on the website. Session cookies will be deleted from your computer when you close your browser. Persistent cookies will remain stored on your computer until deleted, or until they reach a specified expiry date.
We will use the session cookies to: keep track of you whilst you navigate the website; keep track of items in your shopping basket; prevent fraud and increase website security; We will use the persistent cookies to: enable our website to recognise you when you visit; keep track of your preferences in relation to the use of our website; and for third parties to display relevant targeted adverts to you when browsing similar sites to ours. This allows us to make special offers and continue to market our services to those who have shown interest in our service.
We also use Mixpanel to analyse user actions on the web app to help us improve the usefulness of this app for our customers.
We use Freshworks for Customer Relationship Management, to provide you with a better service that suits your needs in accordance with your usage of our services. Freshworks is fully GDPR compliant and secure. You can find more details on their GDPR microsite at https://www.freshworks.com/gdpr.
Most browsers allow you to reject all cookies, whilst some browsers allow you to reject just third party cookies. For example, in Internet Explorer you can refuse all cookies by clicking “Tools”, “Internet Options”, “Privacy”, and selecting “Block all cookies” using the sliding selector.
Blocking all cookies will have a negative impact upon the usability of many websites, including this one.
3. Using your personal information
- administer the website;
- improve your browsing experience by personalising the website;
- enable your use of the services available on the website;
- supply to you services purchased via the website;
- send statements and invoices to you, and collect payments from you;
- send you general (non-marketing) commercial communications;
- display targeted and relevant adverts to you through third party advertising services when you are browsing other websites.
- send you email notifications which you have specifically requested;
- send to you our newsletter and other marketing communications relating to our business e.g. our blog, which we think may be of interest to you, where you have specifically agreed to this, by email or similar technology (you can inform us at any time if you no longer require marketing communications);
- provide third parties with anonymous statistical information about our users – this information will not be used to identify any individual user;
- deal with enquiries and complaints made by or about you relating to the website;
- keep the website secure and prevent fraud;
- gather statistical information about events held by, and general communications sent by, PTAs nationally and globally. By identifying emerging patterns we hope to be able share learnings so PTAs everywhere can benefit from them.
We will not without your express consent provide your personal information to any third parties for the purpose of direct marketing.
In addition, we may disclose your personal information:
- to the extent that we are required to do so by law;
- in connection with any legal proceedings or prospective legal proceedings;
- in order to establish, exercise or defend our legal rights (including providing information to others for the purposes of fraud prevention and reducing credit risk);
- to the purchaser (or prospective purchaser) of any business or asset that we are (or are contemplating) selling; and
- to any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal information where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal information.
5. Security of your personal information
We will take reasonable technical and organisational precautions to prevent the loss, misuse or alteration of your personal information.
We will store all the personal information you provide on our secure (password- and firewall- protected) servers. All electronic transactions you make to or receive from us will be encrypted.
Of course, data transmission over the Internet is inherently insecure, and we cannot guarantee the security of data sent over the Internet.
You are responsible for keeping your password and user details confidential. We will not ask you for your password (except when you log in to the website).
6. Data Breach Procedures
6.1 Notification. Plan Social Ltd will notify customers and any affected User of any Data Breach as soon as practicable and without undue delay after becoming aware of it. Such notification will describe the nature of the Data Breach, the categories and numbers of Users concerned, and the categories and numbers of Personal Data records concerned and describe the measures taken or proposed to be taken to address the Data Breach.
6.2. Remedial Actions. In the event of a Data Breach for which Plan Social Ltd is responsible, we will use commercially reasonable efforts to: (a) remedy the Data Breach condition, investigate, document, restore services, and undertake required response activities; (b) provide regular status reports to you on Data Breach response activities; (c) assist you with the coordination of media, law enforcement, or other Data Breach notifications; and (d) assist and cooperate with you in our Data Breach response efforts.
7. Your Rights – Cooperation
We will use commercially reasonable efforts to cooperate and assist with a user’s exercise of his/her rights under applicable Data Protection Laws with respect to Personal Data Processed by Plan Social Ltd, including, without limitation, the right to be forgotten, the right to data portability, and the right to access data under GDPR.
8. Return or Deletion of User Data
We provide tools to facilitate the addition, update or removal of members of your community by You, and by the members themselves. We also provide support via our helpdesk should you have any difficulty self-administering.
We reserve the right to charge an administration fee for support services, should the burden of support staff administering these services on your behalf become too cumbersome, when a viable self-service method is also available to you. You will be notified of any such fees in advance of agreeing to such services.
If User Data is stored in a manner such that it cannot readily be returned or deleted without affecting other data, then we will continue to protect such User Data in accordance with this policy and limit any use to the purposes of such retention.
9.Third party websites
The website may contain links to other websites. We are not responsible for the privacy policies or practices of third party websites.
10. Data controllers
10.1 PTAsocial App. When you sign up as a PTAsocial Community Manager, you are agreeing to take responsibility for the data entered using the app. I.e. You have responsibility as the Data Controller for your PTA community, ensuring that the details of your community members are collected with appropriate consent, up to date within this system, and used only for the agreed intended purposes.
10.2. Customer newsletter. In addition, members that are Community Managers agree upon joining to receive our customer newsletter via a 3rd party email newsletter service called Mailchimp. The Data Controller in respect of this newsletter mailing list in Plan Social Limited, whose address is Kemp House, 152 City Road, London EC1V 2NX. Members of this list are able to opt out at any stage, via a link in each newsletter.
10.3 Blog newsletter. Website visitors who sign up for our blog newsletter voluntarily are added to a separate Mailchimp mailing list for blog content. Community Managers who create an account on our app are also given the option of signing up for the blog during the signup process. The Data Controller in respect of this newsletter mailing list in Plan Social Limited, whose address is Kemp House, 152 City Road, London EC1V 2NX. Members of this list are able to opt out at any stage, via a link in each blog newsletter.
11. Data Processors
11.1 The data processor responsible in respect of the information added via the PTAsocial web app is Plan Social Ltd, whose address is Kemp House, 152 City Road, London EC1V 2NX.
11.2 Furthermore, in order to provide our services satisfactorily, subsets of your data may be passed to one or more data sub-processors, sometime in pseudo-anonymised or fully anonymised formats.
11.3 International Transfers. Plan Social Ltd’s systems and sub-processing of User Data will occur within the following jurisdictions: United Kingdom, United States of America and Ireland. We will not transfer any User Data outside of these jurisdictions except as directed by or with the consent of customer and/or User.
11.4 Before providing User Data of a European citizen to Sub-Processors, Plan Social Limited will use commercially reasonable efforts to ensure that the Sub-Processors will either be certified under the EU-US Privacy Shield or that the Sub-Processors execute EU-prescribed Standard Contractual Clauses.
12. Use by Minors
Plan Social Ltd is committed to protecting the privacy of children. Our app is not intended for anyone under the age of 13. If you are under 13, do not use or provide any information on or through our app. If we learn we have collected or received Personal Data from a child under 13 without verification of parental consent, we will delete that information. If you are a parent or guardian or otherwise believe we might have any information from or about a child under 13, please contact us so that we can delete the child’s information. Our services will never knowingly accept, collect, maintain or use any information from a child under the age of 13. If a child whom we know to be under the age of 13 sends Personal Data to us online, we will only use that information to respond directly to that child or notify parents.
13. Policy Amendments