Privacy Policy

Privacy Policy for the Triple P Group of companies (GDPR compliant)
At the Triple P Group of companies ("Company"), we're committed to protecting and respecting your privacy.

This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you're happy with any changes. By using our website, you're agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to privacyofficer@triplep.net or by writing to BM Box 9068, London WC1N 3XX. Alternatively, you can telephone Telefoon: + 44 207 987 2944

Who are we?

We're Triple P UK, the implementing body behind the Triple P – Positive Parenting Program®, a parenting program that's regarded as one of the world's most effective, thanks to decades of rigorous and ongoing scientific research.

Triple P UK is registered at BM Box 9068, London WC1N 3XX. The Triple P Group comprises Triple P International Pty Ltd and its related bodies corporate.

Data Controller and DPO

The Data Controller is Triple P International Pty Ltd (for the Triple P Group of companies), with headquarters at 11 Market Street North, Indooroopilly, Brisbane, Queensland 4068 AUSTRALIA ("Controller")
The Data Protection Officer ("DPO") can be contacted at: dpo@triplep.net

How do we collect information from you?

We obtain information about you when you use our website, for example, when you contact us about products and services, if you register for a parenting class near you or sign-up to receive one of our periodical newsletters.

The data we process

With your consent, we process the following personal data which you provide when you interact with our website(s) and use the related services and functions. This data might include:

  • Name,
  • Address,
  • Composition of the family,
  • E-mail address,
  • IP address, and/or
  • Courses or classes of your interest.
  • and the additional data that the Controller might acquire, also from third parties, in the course of business ("Data").

In order to enable us to process the queries/communications you submit it is necessary to consent to the processing of the data marked with an asterisk (*). Without those mandatory data or consent we cannot proceed any further. Conversely, the information requested in fields not marked with an asterisk and your consent to receive information material are optional: failure to provide them shall have no consequence.
In any event, even without your prior consent, the Controller may process your data to comply with legal obligations stemming from laws, regulations and EU Law, to exercise rights in legal proceedings, to pursue its own legitimate interests and in all cases provided by Articles 6 and 9 of the GDPR, where applicable.

Processing shall take place both using computers and on paper, and shall always entail the implementation of the security measures provided by current law.

Credit Card use

If you purchase a product from us, your credit card information is not held by us, it is collected by our third party payment processors, who specialise in the secure online capture and processing of credit/debit card transactions, as explained below.

How is your information used?

We may use your information to:

  • process orders that you have submitted;
  • to carry out our obligations arising from any contracts entered into by you and us;
  • dealing with entries into a parenting course or class;
  • seek your views or comments on the services we provide;
  • notify you of changes to our services;
  • send you communications which you have requested and that may be of interest to you. These may include information about campaigns, appeals, other promotions of our associated companies goods and services; We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations (for example the collection of payments and distribution of access codes). We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.

Persons who have access to the Data

Data are processed electronically and manually according to procedures and logics relating to the abovementioned purposes and are accessible by the Controller's staff authorised to process personal Data and their supervisors, and in particular to staff belonging to the following categories: technical, IT and administrative staff, marketing office staff as well as other individuals who need to process the data to perform their job duties. The Data may be communicated, also in countries outside the European Union ("Third Countries") to:

  1. (i) institutions, authorities, public bodies for their institutional purposes;
  2. (ii) professionals, independent consultants –individually or in partnerships- and other third parties and providers which supply to the Controller commercial, professional or technical services required to operate the Website(s) (e.g., provision of IT and Cloud Computing services), in order to pursue the purposes specified above and to support the Company with the provision of the services you requested;
  3. (iii) third parties in the event of mergers, acquisitions, transfers of business -or branches thereof-, audits or other extraordinary operations;
  4. (iv) the officers, based at the Controller's address, in the pursuit of its supervisory activities and for the enforcement of the Triple P Group Code of Conduct, pursuant to Article 6.1.f and Recital 48 of the GDPR.
    The mentioned recipients shall only receive the Data necessary for their respective functions and shall duly undertake to process them only for the purposes indicated above and in compliance with data protection laws. The Data can furthermore be communicated to the other legitimate recipients identified from time to time by the applicable laws. With the exception of the foregoing, the Data shall not be shared with third parties, whether legal or natural persons, who do not perform any function of a commercial, professional or technical nature for the Controller and shall not be disseminated. The individuals who receive the data shall process them, as the case may be, in the capacity as Controller, Processor or person authorised to process personal data, for the purposes indicated above and in compliance with data protection law.

Regarding any transfer of Data outside the EU, including in countries whose laws do not guarantee the same level of protection to personal data privacy as that afforded by EU Law, the Controller informs that the transfer shall in any event take place in accordance with the methods permitted by the GDPR, such as, for example, on the basis of the user's consent, on the basis of the Standard Contractual Clauses approved by the European Commission, by selecting parties enrolled in international programmes for free movement of data (e.g. EU-USA Privacy Shield) or operating in countries considered safe by the European Commission.

Third Party Service Providers working on our behalf: We may pass your information to our third party service providers, agents subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to process your purchases and send you mailings). We work with: Google Suite, Hotjar, SurveyGismo, MailChimp, PayPal, Molley. However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have Data Processing Agreements in place that require them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the Triple P Group Network for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.

Third Party Product Providers we work in association with: We work closely with various third party service providers to bring you a range of parenting services based on the Triple P system. When you enquire about or register for one or more of these services, the relevant third party service provider will use your details to provide you with information and carry out their obligations arising from your request. In some cases, they will be acting as a data controller of your information and therefore we advise you to read their Privacy Policy.

When you are using our secure online payment pages, your payment is processed by a third party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.

We may transfer your personal information to a third party as part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation, or if we're under a duty to disclose or share your personal data in order to comply with any legal obligation or to enforce or apply our terms of use or to protect the rights, property or safety of our supporters and customers. However, we will take steps with the aim of ensuring that your privacy rights continue to be protected.

Your choices

You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us, then you can select your choices by ticking the relevant boxes situated on the forms that clearly state that they have the purpose of registering your interest in such communications.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted. You can change your marketing preferences at any time by contacting us by email: privacyofficer@triplep.net or telephone on + 44 207 987 2944

Access and Data Subject Rights

Individuals have the right to access the personal data processed about them, subject to applicable law; individuals may request to access their personal data processed by us by emailing us at privacyofficer@triplep.net.
Subject to applicable law, you may also have some or all of the following rights available to you in respect of your personal data

  • to obtain a copy of your personal data together with information about how and on what basis that personal data is processed;
  • to rectify inaccurate personal data (including the right to have incomplete personal data completed);
  • to erase your personal data (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed);
  • to restrict processing of your personal data under certain circumstances
  • to port your data in machine-readable format to a third party (or to you) when we justify our processing on the basis of your consent or the performance of a contract with you;
  • to withdraw your consent to our processing of your personal data (where that processing is based on your consent); and
  • to obtain, or see a copy of the appropriate safeguards under which your personal data is transferred to a third country or international organization.

In addition to the above rights, under EU data protection law, applicable individuals have the right to object, on grounds relating to your particular situation, at any time to any processing of your personal data for which we have justified on the basis of a legitimate interest, including profiling (as opposed to your consent) or to perform a contract with you. You also have the right to object at any time to any processing of your personal data for direct marketing purposes, including profiling for marketing purposes.
You also have the right to lodge a complaint with your local supervisory authority for data protection.
In relation to all of these rights, please contact us at privacyofficer@triplep.net. Please note that we may request proof of identity, and we reserve the right to charge a fee where permitted by law, especially if your request is manifestly unfounded or excessive. We will endeavor to respond to your request within all applicable timeframes.

If you contact us regarding data for which we are a data processor, we will attempt to refer your request to the relevant entity, and data controller for your personal data.

Data subject request Form

This form should be used to submit a data subject request under the provisions of the European Union General Data Protection Regulation (GDPR)

Security precautions in place to protect the loss, misuse or alteration of your information

When you give us personal information, we take steps to ensure that it's treated securely. Any information is encrypted and protected when transmitted with software encryption SSL. When you are on a secure page, a lock icon will appear in the address bar of most web browsers such as Google Chrome.

Information sent to us via other media than our can never be guaranteed by us to be secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Profiling

We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk.

16 or Under

Our website has no intentions to collect personal information of minors. We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian's permission beforehand whenever you provide us with personal information. We encourage parents to be involved with the online behaviour of their child(ren) and prevent the unsolicited collection of personal information without parental consent. In the case where you are convinced that personal information of your child has been collected without parental consent, please contact us at privacyofficer@triplep.net

Transferring your information outside of Europe

As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union ("EU"). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the EU.
By submitting your personal data, you're agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy. We have made sure that our third party service providers comply with GDPR/AVG, ePrivacy or Privacy Shield data protection requirements when transferring personal data from the European Union.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.

Website recording

Our web site may also use the Hotjar web site recording service. Hotjar is a product that has been developed by Hotjar Ltd. Hotjar may record mouse clicks, mouse movements, page scrolling and any text keyed into website forms. The information collected does not include any details or sensitive personal data submitted by data subjects. Data collected by Hotjar is for Triple P International Pty Ltd or our sub-contractors use only. The information collected is used to improve our website usability and is stored and used for aggregated and statistical reporting.

Google Analytics

The Triple P Group has a Data Processing Agreement with Google. Any Data that is collected and stored in Google Analytics is anonymised and encrypted before it's transmitted to Google's servers. The Data Sharing Settings have been disabled. Analytics-cookies are not used in combination with other Google Services, unless your personal consent has been given prior to this connection is made.

Cookies

Change your consent

Triple P UK Information policy documentation

Triple P UK Information Governance Policy, Data Protection Policy, Data Quality Policy, Records Management Policy, Access to Information Policy - Subject Access Requests (“SAR”), Freedom of Information (FOI) Policy, Network and IT Security Policy, Data Security Policy and Policy re sharing of Personal Data with Third Parties – download

Our Confidentiality Policy – download

Our Data Retention Schedule – download

Review of this Policy

We keep this Policy under regular review. This Policy was last updated in May 2018.

Contact

For inquiries please email the Privacy Officer: privacyofficer@triplep.net