Visits to our website We use a third-party service, HeySummit, to host our website. The security of the website is protected by industry standard encryption processes (SSL encryption). For more information about how HeySummit secures and processes data, please see HeySummit’s privacy notice: https://heysummit.com/legal/privacy/ We have no legal means of finding out the identities of persons visiting our website and do not make any attempt to do so.
Cookie Use and Policy We use a number of different cookies for various purposes, including enhancing website functionality, website analytics and marketing. For example, we use Google Analytics to collect standard internet log information, details of visitor behaviour patterns and the number of visitors to the various parts of the site. This information is processed in such a way that we cannot identify a specific individual, i.e. there are no unique identifier cookies. Full details of all the cookies we use can be found in our cookie tool, the link to which is the green circle situated at the bottom left corner of all the main pages of this website, including this page. When you visit this website, you are directed to this tool and asked to confirm your preferences. You are able to change your preferences at any time through this tool.
DATA PRIVACY NOTICE The EU General Data Protection Regulation (GDPR), as read with the UK Data Protection Act 2018, both effective from 25 May 2018, give individuals in the European Union enhanced rights over the use of their personal data. Under the GDPR, we are required to give you certain information, including your rights when you provide us with your personal data.
Contract If you subscribe to attend one of our conferences or other events, we will ask you for a minimal amount of personal data to enable us to process your booking, to keep you informed of any developments concerning your attendance at the conference or event and for administration purposes. Our legal basis for processing your personal data for these purposes is contractual (Article 6(1)(b) GDPR).
Legitimate Interests We retain third-party research services to identify appropriate persons at companies and other organisations who we feel, given their position and role, may be interested in, or benefit from, receiving details of our future conferences or other services. These researchers obtain the details of such persons from publicly-available information on the internet. The legal basis on which we process personal data and communicate with data subjects in these circumstances is our legitimate interests under Article 6(1)(f) of GDPR. In conducting our legitimate interests’ assessment, consideration was given to the following:
• The amount of personal data processed is minimal; • The data is publicly available and is not sensitive in any way; • The relationship is business to business and relevant to the job title; • There is minimal privacy risk; • There is no viable alternative means of communication; • The processing is vital to our business operations; • The data subjects are senior business people who would mostly be interested in the services we offer; • There is a simple opt-out facility.
On balance, we concluded that the processing is justified as it is vital to our business interests while having a minimal impact on the rights and freedoms of data subjects.
Data Use The personal data you provide us with when subscribing for our services will be used only for the purposes of providing you with and improving those services. Some data elements, e.g. job titles and company names, may be aggregated on an anonymised basis for analytical and statistical purposes to enable us to improve our services.
Protection of your Personal Information We take all reasonable care and apply necessary technical and organisational measures to protect your personal data. Where we employ data processors to process your data on our behalf, we ensure that the necessary contractual protections are in place. We will not sell your personal data under any circumstances. We will not transfer your personal data to any third parties unless you have specifically consented to this under our marketing terms, other than to our data processors who will be contractually bound to process your data only in accordance with our instructions and to keep your data secure. We do not ourselves transfer your personal data outside of the EU/EEA. However, certain of our data processors may do so and where this occurs, such transfer will only be to the USA and will fall under the Privacy Shield.
Data Retention In accordance with the principle of minimising data retention, we will retain your personal data only for so long as is necessary for the purposes for which it was acquired, subject to legal and other relevant requirements, in accordance with our data retention policy, as follows: • Data acquired for contractual purposes – 7 years • Data acquired through marketing activities – 1 to 2 year At the expiry of the relevant data protection period, personal data will be deleted or anonymised. Legal Rights Your rights under the GDPR include the following: • The right at any time to withdraw your consent to the processing of your personal data for marketing purposes. • The right to be informed of what personal data we hold, how we obtained it, who we may have shared it with and why and how long we intend to keep it. • The right to have your personal data rectified in the event that it is inaccurate or incomplete. • The right to request the erasure of your personal data (also called the right to be forgotten), subject to our retention policy. • The right to restrict the processing of your personal data. • The right to data portability (i.e. transfer of your personal data at your request to another organisation). • The right to be informed of any automated profiling (We currently do not process your personal data in this manner). Your rights above can be exercised free of charge by contacting us as described below. In all cases, we will need to satisfy ourselves of your identity before we can action a subject access request under the GDPR. We will usually require proof of identity such as a passport or driver’s licence. If you feel that any of your rights have been infringed, you have the right to lodge a complaint with the Information Commissioner’s Office (www.ico.org.uk).