Skip to main content

Data Protection & GDPR Compliance

GDPR / Data Protection

Data Protection & GDPR Compliance
Last updated: February 17, 2026

PPE Media Ltd (https://ppe.org/) (“we,” “us,” “our,” or the “Directory”) is committed to protecting your personal data in full compliance with the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR) where applicable, the Data Protection Act 2018, and all other relevant data protection laws.

This page summarises our approach to data protection. For full details on how we collect, use, store and protect your personal information, please refer to our main Privacy Policy.

1. Who We Are (Data Controller)

PPE Media Ltd is the data controller responsible for your personal data when you use the Site https://ppe.org/.
Company registration: 11516602
Registered office: 96 River View, High Street, Garstang, Preston, PR3 1WZ, UK
Email: directory@ppe.org

2. Lawful Basis for Processing

We process personal data only when we have a lawful basis under UK GDPR / EU GDPR, including:

  • Consent — where you have given clear, specific permission (e.g., subscribing to updates)
  • Contract — when processing is necessary to fulfil a contract with you (e.g., responding to a claim request)
  • Legal obligation — to comply with UK law (e.g., retaining records for tax or regulatory purposes)
  • Legitimate interests — where our interests are balanced against your rights (e.g., site analytics, security, fraud prevention)

We never rely solely on legitimate interests for sensitive data or profiling.

3. Your Rights Under UK GDPR / EU GDPR

You have the following rights regarding your personal data:

  • Right to be informed — this Privacy Policy & GDPR page
  • Right of access — request a copy of your data
  • Right to rectification — correct inaccurate data
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making and profiling (we do not carry out automated decisions with legal effects)

To exercise any of these rights, email directory@ppe.org. We will respond within one month (extendable by two months for complex requests). No fee is usually charged unless requests are manifestly unfounded or excessive.

4. International Data Transfers

The Site is hosted in the United Kingdom. If data is transferred outside the UK/EEA, we ensure appropriate safeguards are in place, such as:

  • Adequacy decisions
  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules (where relevant)
  • Approved codes of conduct or certification mechanisms

5. Data Protection Principles

We adhere to the core principles of UK GDPR / EU GDPR:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

6. Data Protection Officer (DPO)

We are not required to appoint a formal DPO under current UK GDPR rules. For any data protection queries, contact directory@ppe.org.

7. Complaints

If you are unhappy with how we handle your personal data, you have the right to complain to the supervisory authority:

  • UK: Information Commissioner’s Office (ICO) — https://ico.org.uk/make-a-complaint/
  • EU: Your local data protection authority (list: https://edpb.europa.eu/about-edpb/board/members_en)

We encourage you to contact us first so we can try to resolve any concerns.

Contact
If you have questions about data protection or wish to exercise your rights, please contact:

PPE Media Ltd
Email: directory@ppe.org
Website: https://ppe.org/

Thank you for trusting us with your data.

This page is for informational purposes and is not legal advice. Consult qualified legal counsel in your jurisdiction for advice specific to your situation.

Share: