GDPR and Cookies Policy

Effective Date: 21st May 2025
Last Updated: 21st May 2025

1. Introduction

Praxity Global Alliance Ltd (“Praxity”, “we”, “us”, or “our”) is committed to protecting and respecting the privacy of individuals and firms we interact with. As a not-for-profit global alliance of independent accountancy and professional services firms, we process certain personal and firm-related data to enable international collaboration, facilitate events, assess member engagement, and manage potential new member applications.

This policy sets out how we collect, use, and protect personal data, and how cookies are used on our websites, in line with the UK General Data Protection Regulation (UK GDPR), the EU GDPR (where applicable), and other relevant legislation.

2. Data Controller

Praxity Global Alliance Ltd

Suite 2, Beechwood

57 Church Street

Epsom

Surrey

KT17 4PX

United Kingdom


Email: Website@Praxity.com
Telephone: Tel: +44 (0) 1372 738 190

Praxity is the Data Controller for the personal data described in this policy.

3. Personal Data We Collect

We may collect and process the following categories of personal data:

a) From employees of Active Member Firms:

  • Full name
  • Job title
  • Professional email address
  • Photograph (where provided)
  • Firm name
  • Office location (city and country)
  • Global region
  • Professional biography

b) From the contact persons of  Prospect Firms (Firms Applying to Join):

  • Contact person’s name and professional email address
  • Firm name

All data from prospect firms is held separately from active member data but is processed with the same level of security and care.

Visa Support Documents

For some global events, attendees may choose to upload visa application letters or supporting documents through our event registration platform, Cvent. These documents may contain personal information including name, date of birth, nationality, passport number, and travel details.

Praxity only requests visa documentation where necessary to assist with legitimate travel-related requirements. Submission of such documents is voluntary and only accessed by authorised personnel managing event logistics.

Cvent is a third-party event management platform headquartered in the United States. As such, visa-related data submitted via Cvent may be stored or processed on servers located outside the UK or EEA. Cvent provides data protection safeguards in line with UK GDPR, including the use of Standard Contractual Clauses (SCCs) and a commitment to secure data handling.

Praxity treats this data with the highest level of confidentiality and ensures it is retained only for the minimum period necessary to facilitate the event and comply with legal obligations.

4. Purpose of Processing

We process personal data for the following purposes:

  • Facilitating global collaboration and communication between member firms and their employees
  • Maintaining a secure directory of professionals
  • Managing and promoting participation in working groups, events, and conferences
  • Contacting an employee of a member firm about the triannual assessments for ongoing member firm review
  • Contacting the contact person of a prospective member firm about the evaluation of a prospective member firm prior to approval
  • Registering and managing event attendance via third-party systems
  • Conducting analytics and reporting to improve alliance services
  • Ensuring platform and system security

5. Legal Basis for Processing

We rely on the following lawful bases under the UK GDPR/EU GDPR:

  • Legitimate Interests (Article 6(1)(f)): To support member networking, assess member activity, and maintain the alliance’s strategic function
  • Consent (Article 6(1)(a)): Where required, e.g. displaying photographs in public materials or registering individuals for external systems
  • Contractual Necessity (Article 6(1)(b)): Where processing is necessary to fulfil our obligations to member firms or facilitate engagement with prospects

6. Use of Cloud Storage, Security, and Access Control

All data is stored using secure cloud-based infrastructure, primarily Microsoft Dynamics 365 CRM, in line with industry standards. We implement:

  • Regular backups
  • Encryption at rest and in transit
  • Role-based access control
  • Ongoing security monitoring

These systems are covered under our business continuity and disaster recovery plans, ensuring data resilience in the event of disruption.

We are also introducing a Microsoft Teams integration for working groups. Access is managed via Microsoft Azure B2C, with the following safeguards:

  • Sign-in restricted to pre-approved firm domains
  • Two-Factor Authentication (2FA) required for all users
  • No external public access is permitted

7. Third Parties with Data Access

We may provide secure, limited access to personal data to trusted third-party partners for business and operational purposes:

  • JT Technical (Commensus) – IT infrastructure and security support
  • Blacklight Developers – Digital platform development and technical services
  • Cvent – Used for conference registration and event logistics management

All third parties are contractually bound to process data only in accordance with our instructions and under appropriate data protection terms.

8. International Transfers

As a global alliance, and due to the international nature of our operations, personal data may occasionally be accessed or processed from outside the United Kingdom (UK) or European Economic Area (EEA). This may include:

  • Access by Praxity employees travelling for international events
  • Access by employee/s permanently based in the United States
  • Use of secure third-party systems hosted outside the UK/EEA

Where such access or processing occurs, we ensure appropriate safeguards are in place to protect your data, including:

·       Standard Contractual Clauses (SCCs) approved by the UK and/or EU

·       Use of services and jurisdictions deemed adequate by the UK Government or European Commission

·       Access only from secure, encrypted devices using strong authentication controls (including 2FA)

We continuously monitor international data access to ensure it remains compliant with our data protection obligations and internal security standards.  

9. Data Retention

We retain personal data only for as long as it is required to fulfil the purposes described in this policy. Data is reviewed periodically and securely deleted or anonymised when no longer necessary.

  • Contact data from employees of active member firms is retained for the duration of the membership and for as long as an employee is both an active participant in the Praxity network and employed by the specific member firm
  • Contact data from the contact persons at prospect firms is retained during the evaluation process and for a limited period thereafter.

10. Your Rights Under the GDPR

You have the following rights regarding your personal data:

  • Right to access - to request a copy of your data
  • Right to rectification - to correct inaccurate or incomplete data
  • Right to erasure - to request deletion where no legal basis exists for retention
  • Right to restriction of processing
  • Right to object - to certain types of processing, such as direct communications
  • Right to data portability - where applicable
  • Where the processing is based on your consent, you have the right to withdraw that consent at any time. Please note that withdrawal of your consent will not affect the lawfulness of processing based on consent before the withdrawal.

Please contact us at website@praxity.com to exercise these rights. We may require verification of your identity.

11. Cookies Policy

What Are Cookies?

Cookies are small text files placed on your device when you visit our websites. They help us provide functionality, track usage statistics, and remember preferences.

Types of Cookies We Use:

  • Strictly necessary cookies - Required for site operation
  • Performance cookies - Used to collect anonymous data on site usage
  • Functionality cookies - Remember settings and preferences
  • Third-party cookies - May be used by embedded services (e.g. video, registration forms)

Managing Cookies

You can manage or delete cookies at any time via your browser settings. When you first visit our website, you may be asked to accept or configure cookies using a pop-up or banner in accordance with legal requirements.

12. Contact and Complaints

If you have any questions or concerns about this policy or your data, please contact:

Data Protection Contact
Email: website@praxity.com
Telephone: +44 (0) 1372 738 190

You also have the right to lodge a complaint with a supervisory authority. For the UK the supervisory authority is: the Information Commissioner’s Office (ICO):
https://ico.org.uk

Loading...