1. Preamble
Welcome to Presso Network Limited.
We know as event and network goers, that you want your events to run safely and smoothly and we want to deliver that to you through our services. Our goal is to provide you with everything you'd want to know about an event you are attending, so you can enjoy the event and do some valuable face-to-face networking with your fellow attendees.
In this Privacy Policy (“Policy”) under the Data Protection Act 2018 (“Act”) and the EU General Data Protection Regulation (“GDPR”) we explain how Presso Network collects, uses, processes, transfers and discloses personal and non-personal data (“Purpose”). Please read these terms carefully because they explain our commitment to your privacy, and your legal rights, remedies, and obligations.
This Privacy Policy applies to your use of all of the Websites, Apps and Services we operate. These currently include pressonetwork.com (“Website”), Presso Network's Mobile Applications on iOS and Android (“Apps”) and Event Organisers Platform (“Services”). By accessing or using Presso Network's Websites, Apps, and Services, you agree to comply with and be bound by this Privacy Policy, as applicable to you. In addition to this Policy, the Site is subject to the Terms of Use which governs in any conflict with this Policy.
2. Purpose of collecting data
We collect personal and non-personal data to improve our customers' experience and Presso Network' business performance. Our use of data aims (but is not limited to) to enable us to:
- - Evaluate the usefulness and performance of our Websites, Apps, and Services.
- - Deliver content News Subscribers have selected to receive.
- - Create project proposals, negotiate contracts with Prospective Clients.
- - Request project proposals, negotiate contracts with Prospective Suppliers.
- - Fulfill contracts, and send invoices to Clients.
- - Accept delivery, pay Supplier invoices.
- - Pay Employee salaries, insurance, taxes, vacation, etc.
- - We will never sell personal data or non-personal data.
3. Lawful basis for processing data
We will collect data only under the existence of:
- - Consent - you have given clear consent for us to process your personal data for a specific purpose.
- - Contract - the processing is necessary for a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
- - Legal obligation - the processing is necessary for us to comply with the law (not including contractual obligations).
- - Legitimate interest - the processing is necessary for our legitimate interests.
4. Categories of data collected
We distinguish the following categories of data collected
- - Personal information - this is information that would allow a party to identify a person such as e.g. an individuals' full name, email address, telephone number, messaging & social media handles, postal address, bank account details, National Insurance number, financial and payment details.
- - Communication preferences - this is information attached to Personal Information that specifies the type of content we can share as well as the frequency of sharing.
- - Communication history - this is personal information we may create by storing records of communication interactions with us.
- - Company information - this is non-personal information such as company name, company registered/postal address, company number, company VAT number.
- - Non-personal browsing and site usage data - this is general information such as country or city website visitors are located (not intentionally fine-grained location information), pages visited, heat-map of visitors' activity on the site, information about the browser they are using, etc.
- - Transient Information - certain features, like locating contacts in an event, sharing details between attendees, and keeping them up to date, require temporary access to the user's geo-location and phone book. This information passes through our servers to deliver certain features but is never stored or used for anything but the services and features outlined in the Terms of Use.
- - We do not collect any information from anyone under 13 years of age. - Our Websites, Apps, and Services are all directed to people who are at least 13 years old or older.
5. Methods used for data collection
We employ direct, observed and indirect data collection methods.
- - Personal information (direct) - we collect personal information provided to us directly by App Users, News Subscribers, (prospective) Clients and Suppliers and Employees either online (via our websites, applications, email exchanges, messaging & social media conversations, etc) or offline (face-to-face).
- - Communication preferences (direct) - we collect communications preferences provided to us by News Subscribers online (web forms on our website).
- - Communication history (direct) - we create records of communication interactions with app users, news subscribers, (prospective) suppliers/clients, and employees either online (via our website, email exchanges, messaging & social media conversations, etc) or offline (face-to-face).
- - Company information (observed and direct) - we collect company information either publicly available online (business registries, company websites) or lawfully provided to us by apps users, news subscribers, (prospective) suppliers/clients, and employees offline (face-to-face).
- - Non-personal browsing and site usage data (indirect) - we collect browsing and site usage data automatically online.
6. Use of cookies
At Presso we do not install any cookies in your browser. We do not use Cookies on any part of our sites nor do we collect them in any or our services. Presso uses a GDPR compliant provider (Fathom Analytics) which means all website analytics are GDPR compliant, stored in Europe and only shows us information like traffic. This means:
- - No Personal Tracking - when you visit our sites, we have no idea who you are.
- - No Cross-Site Tracking - we can't and won't try to track you across sites to serve ads.
- - No Personal Identifiers - we don't know who you are, who your dog is or where you both live, from you visiting our sites.
- - We don't store your date - we store no information about you, which also mean, we have no data to sell, not that we would anyway.
7. Data retention period
The lawful basis underpinning data collection influences data retention periods.
- - Website visitors - no cookies are retained or stored. In order to meet our legitimate interest, Non-personal browsing and site usage data are retained for at least 4 years.
- - App Users - personal data and communication preferences are retained until consent is revoked. Transient data are kept until a requested service is completed.
- - News subscribers - personal data and communication preferences are retained until consent is revoked. You can revoke it by unsubscribing to any of our emails.
- - Clients/suppliers - In order to meet our legal obligation personal data are retained for 6 years from the point the last active contract ceased.
- - Employees - In order to meet our legal obligation personal data are retained for 6 years from the point the employment contract ceased.
8. Disclosure of personal information
In general, it is not Presso Network' practice to disclose personal information to third parties. We may share personal information in two instances: Presso Network may share personal information with our suppliers and service providers in order to maintain, enhance, or add to the functionality of the websites. we may disclose your personal information to third parties in a good faith belief that such disclosure is reasonably necessary to (a) take action regarding suspected illegal activities; (b) enforce or apply our Terms of Use and Privacy Policy; (c) comply with legal process, such as a search warrant, subpoena, statute, or court order; or (d) protect our rights, reputation, and property, or that of our users, affiliates, or the public.
If Presso Network is required to provide a third party with your personal information (whether by subpoena or otherwise), then provided we have collected and retained an email address for you, Presso Network will use reasonable means to notify you promptly of that event, unless prohibited by law or Presso Network is otherwise advised not to notify you on the advice of legal counsel.
9. Individuals' rights
Here is the list of your rights:
- - Right to be informed - This Privacy Policy is the authoritative information source on how Presso Network collects, uses, processes, transfers and discloses personal and non-personal data. If you have any questions related to your rights as described herein, please contact us.
- - Right of access - you can contact us at any time to request access to personal data we may hold about you. We will comply with your request within one (1) month from receipt at no cost to you. We may, however, charge you a fee, or refuse to comply, if your request is manifestly unfounded, excessive, or repetitive.
- - Right to rectification - you can contact us at any time to request rectification of personal data we may hold about you. We will comply with your request within one (1) month (two months for complex requests) from receipt at no cost to you.
- - Right to erasure - You can trigger the erasure of personal data at any time.
Further:
- - As a website visitor, you can stop visiting our websites
- - As an app user, you can uninstall our applications.
- - As a news subscriber, you can unsubscribe from our mailing list.
- - As a prospective supplier/client/employee: please contact us at any time with your request.
- - As a supplier, you can stop accepting our purchase orders.
- - As a client, you can stop purchasing from us.
Please note that Presso Network may still retain your data based on an overriding legitimate interest, a contract, and/or need for compliance to legal obligations. See Data Retention Period.
- - Right to restrict processing - You can trigger the restriction of processing of personal data at any time.
- - As a news subscriber, you can update your preferences.
- - As a (prospective) supplier/client/employee: please contact us at any time with your request.
- - Right to data portability - As a news subscriber, client, or supplier, you can request an electronic copy of the personal data we may hold about you. We will comply with your request within one (1) month (two months for complex requests). We will provide your personal data in a structured, commonly used and machine-readable form (e.g. CSV).
- - Right to object - You can object to the processing of personal data at any time. Due to the nature of the data processed by Presso Network, such objection is equivalent to the “Right to erasure”.
- - Rights related to automated decision making including profiling - None of Presso Network processing operations comprise automated decision-making including profiling. We are a business run by humans for humans.
- - Right to lodge a complaint with a supervisory authority - You can contact us at any time if you have a concern about the personal information we hold about you, or how we use it.
We will do our best to help. If, after contacting us, you are still not satisfied you have the right to lodge a complaint with the relevant supervisory authority. The supervisory authority will then tell you of the progress and outcome of your complaint. The supervisory authority in the UK is the Information Commissioner's Office (ICO). Presso Network is registered with the ICO. Our registration reference is ZA548570.
10. Security Policy
We have implemented technical measures (security), organisation measures (access roles), processes (transparency of use) and commercial measures (choice of service providers/data processors) to integrate “data protection by design” into our processing activities.
Our website, platform and company email services are hosted on ISO 27001 certified data centers located in the European Union or in data centers that comply with the EU-US and Swiss-US Privacy Shield frameworks. Both our website, platform and email services are configured to be accessed only via a secure connection.
The email clients we use have spam-recognition turned on. We train our staff to use strong passwords, avoid sharing sensitive information via email, recognise phishing attempts, and do not open spam emails.
Whenever personal information is stored on local servers, these have up-to-date firewall, virus scanning, anti-malware and operating system software. Where possible, such systems are set up to receive automatic software and security updates to minimise vulnerabilities.
All access to servers and files containing personal information (whether stored locally or in the cloud) is restricted by password and/or secure key (and where possible: encrypted).
Access to cloud servers that host our information is via a secure connection. We take regular back-ups of the information on our computer systems and keep those in a separate place.
Only required data are processed. This is both a privacy (less exposure) and a commercial measure (higher accuracy, less cost). We take reasonable steps such as contractual templates with pre-determined placeholders to ensure that we only process what is necessary.
Only specifically appointed employees have access to personal data, and they share personal data on a needs-basis.
We securely remove all personal information before disposing of old computers (by using technology or destroying the hard disk).
We operate paper-free. When applicable, we shred all confidential paper waste that might be provided to us by clients, suppliers and service providers.
11. International transfers policy
We may transfer your personal data to recipients in countries outside the EEA. Where this is the case, we have taken steps to ensure your Personal Data is adequately protected.
Presso Network uses the services of the following service providers/data processors:
- - Simply.com (former Unoeuro.com) - Domain Name Provider. Simply hosts data exclusively in its own data centers the EU, Denmark. No international transfers outside the EU/EEA take place for the functionalities used by Presso Network. No personal data are stored by Simply, then are only responsible for our domain names.
- - Render.com - Platform. Render's data centers located in the EU, in Frankfurt, Germany. No international transfers outside the EU/EEA take place for the functionalities used by Presso Network.
- - Xero.com - Accounting services. Presso Network has signed a Data Processing Addendum that warranties an adequate level of protection for any personal data processed by Xero and/or transferred by Xero outside the European Economic Area.
- - MailChimp.com - Marketing Automation Services. Mailchimp's Data Processing Addendum warranties an adequate level of protection for any personal data processed by MailChimp and/or transferred by MailChimp outside the European Economic Area.
- - Calendly.com - Appointment Services. Calendly's Terms of Use include a Data Processing Addendum that warranties an adequate level of protection for any personal data processed by Calendly and/or transferred by Calendly outside the European Economic Area.
- - Google.com - Email and Storage. For Email and Storage services, Google's Data Processing Addendum warranties an adequate level of protection for any personal data processed by Google and/or transferred by Google outside the European Economic Area.
- - Hey.com - Email. For Email and Storage services, 37Signal's Data Processing Addendum warranties an adequate level of protection for any personal data processed by 37Signal and/or transferred by 37Signal outside the European Economic Area.
- - Podio.com - Collaboration Software. Presso Network has signed a Data processing Agreement with Podio / Citrix that warranties an adequate level of protection for any personal data processed by Podio and/or transferred by Podio outside the European Economic Area.
- - Dropbox.com - Storage & Collaboration Software. Presso Network has signed a Data processing Agreement with Dropbox that warranties an adequate level of protection for any personal data processed by Dropbox and/or transferred by Dropbox outside the European Economic Area.
12. Breach notification policy
Whilst we take great care to ensure any confidential information remains protected, no website and/or connected server can fully eliminate security risks. Third parties may circumvent our security measures to unlawfully intercept or access transmissions or private communications sent over the Internet.
We proactively scan notifications of our data processors and from systems to identify breaches that may have occurred. In case we identify a breach, we will always:
- - Contact concerned parties directly and without undue delay.
- - Post a reasonably prominent notice to our websites.
- - Use backups to return to a clean system status (software and data).
- - Review and update our security policy as necessary.
- - Review and update our data processing agreements as necessary.
- - Review and update our data retention policy as necessary.
- - Review and update our data breach notification policy as necessary.
- - Review and update our data protection policy as necessary.
- - Review and update our data protection impact assessment as necessary.
- - Review and update our data protection officer appointment as necessary.
- - Review and update our data protection officer contact details as necessary.
- - Review and update our data protection officer responsibilities as necessary.
- - Inform the relevant supervisory authority within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.
- - Inform the ICO within 72 hours of becoming aware of the breach, unless the breach is unlikely to result in a risk to the rights and freedoms of natural persons.
- - Inform the affected data subjects without undue delay.
13. Data protection officer
Presso Network has appointed a Data Protection Officer. The Data Protection Officer is responsible for overseeing data protection within the Company so if you do have any questions in this regard, please do contact them on the details provided below:
- - Full name of legal entity: Presso Network Limited
- - Name of Data Protection Officer: Mr. Kristian Papadakis
- - Email address: kristian@pressonetwork.com
- - Postal address: 12A Stamford Buildings, South Lambeth Road, London SW8 1UY, United Kingdom
14. Third-party websites
Our Websites, Apps and Services, may include links to other websites. You should consult the respective privacy policies of these third-party sites. This Privacy Policy does not apply to, and we cannot control the activities of, such other websites.
15. Changes to the policy
We may occasionally update this Privacy Policy. When we do, we will provide you with notice of such update through (at a minimum) a reasonably prominent notice on the Websites (and optionally Apps and Services), and will revise the Effective Date at the top of this page. We encourage you to periodically review this Privacy Policy to stay informed about how we are protecting, using, processing and transferring the personal information we collect.
Do you have any question to the above ?
You are always welcome to reach out to our team with any questions or comments you might have
You can contact us here