Privacy notice
Attending a DBT event
This privacy notice explains how the Department for Business and Trade (DBT), as a ‘data controller’, processes your personal data when you register for one of our in-person or virtual events.
This notice is supplemented by the DBT Clients privacy notice, which provides further information on how DBT processes personal data.
What personal data we collect
When you register for one of our events, we may collect the following information from you:
- name
- organisation and role
- contact details (email address and phone number)
- dietary requirements
- accessibility requirements
- car registration
- travel arrangements
- passport or visa number
Depending on the event, we may not collect all of this information. Occasionally, we may need to collect information from you which is not on this list, either at registration or afterwards.
Some of our events involve filming and photography. Where this is the case, we may capture your image if you enter into an area where filming or photography is taking place. These areas will be designated by signage or by other means.
Why we need your personal data
i. DBT collects your information in order to facilitate your attendance at the event to which you are registering. This may include:
- contacting you about the event
- ensuring your dietary and accessibility requirements are met
- enabling your access to any event technology
- printing name badges
- facilitating your travel to and from the event
- ensuring event security
ii. We will use some of your information to create or update your record on our Client Relationship Management (CRM) system.
iii. We use photographs and film of our events, which may feature your image, to promote the work of the department on our social media channels.
iv. We may contact you about other DBT events and services you may be interested in, or to invite you to participate in research.
v. With your consent, we may share your contact details with event sponsors for marketing purposes.
Our legal basis for processing
The table sets out the primary legal bases we rely on for processing the personal data we collect about you.
In some instances, we may process your data for another compatible purpose and/or using another legal basis. For example, your data may be used for archiving, research and/or statistical purposes. These are compatible purposes for further processing in UK GDPR and your data will be subject to appropriate safeguards if used for such purposes.
Personal data | Special category data |
---|---|
We rely on your consent (Article 6(1)[a]) to process your personal data for the following purposes, which are also set out in the ‘Why we need your personal data’ section: - to facilitate your attendance at the event to which you are registering - to share your contact details with event sponsors for marketing purposes We rely on the ‘public task’ lawful basis, where the processing is necessary for us to perform a task carried out in the public interest or for one of our official functions (Article 6(1)[e]), for the following purposes: - to create or update your record on our Client Relationship Management (CRM) system - to use photographs and film of our events, which may feature your image, to promote the work of the department on our social media channels - to contact you about other DBT events and services you may be interested in, or to invite you to participate in research |
When we process your dietary requirements, accessibility requirements, passport details and/or visa details, we do so on the basis that you have explicitly consented to our doing so. |
How we process your personal data
Once received, your data will be stored on DBT’s own systems and on those of our processors and will only be used for the purposes explained in the table.
Third party processors
We use Microsoft products to communicate with you and to run virtual events. We use Stova to collect registration information. We sometimes use Bray Leino and Live Group to help manage event delivery and to process your personal data accordingly. Bray Leino and Live Group use sub-contractors, for example to print name badges and to provide delegate networking technology.
We have contracts with our data processors which means they are required to meet appropriate security standards and which also means they cannot use your data without our instruction.
How we share your personal data
We may share personal data you provide:
- with our event partners, where the event to which you register is co-delivered
- with our third party data processors as governed by contract
- with our event sponsors for marketing purposes, where you have consented to our doing so
- with event venues and caterers, to ensure your dietary and accessibility requirements are met
- with airlines, travel agencies and hotel groups, to facilitate your travel to and from the event
- with other government departments, public authorities, law enforcement agencies and regulators, for example to ensure event security
- with other third parties where we consider it necessary in order to further our functions as a government department
- in response to information requests, for example, under Freedom of Information (FOI) law or the Environmental Information Regulations (EIR), where not exempt
- to a court, tribunal or party where the disclosure is necessary in order to exercise, establish or defend a legal claim
- with The National Archives, for archival purposes
- where we are ordered to do so or where we are otherwise required to do so by law
If we need to share your personal data with a recipient based overseas, the transfer will be conducted on the basis of existing country-country adequacy assessments, or with appropriate safeguards in place, or where a derogation applies to the transfer. We will inform you of any such transfers subject to appropriate safeguards or derogations prior to them taking place.
You can find out more detailed information about how we share data and further processing in the DBT Clients privacy notice.
How long DBT will hold your data for
DBT will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements. This means that some of your information, such as any dietary and accessibility requirements, will be deleted promptly after the event to which you have registered has ended.
Other information, such as your name, organisation and contact details, will be stored on our Client Relationship Management system for 10 years from the date which it was provided, or subsequently updated. Images on our social media channels may be retained for archival purposes.
If we decide that we need to process your personal data for a reason which is incompatible with the purposes for which we collected it for, we will contact you to explain why we are doing this and why it is lawful to do so.
Your rights
You have a number of rights available to you under UK data protection legislation, including:
- the right to request copies of the personal data we hold about you
- the right to request that we rectify information about you which you think is inaccurate or incomplete
- the right to request that we restrict your data from further processing (in certain circumstances)
- the right to object to the processing of your data (in certain circumstances)
- the right to data portability (in certain circumstances)
- the right to request that we erasure your data (in certain circumstances)
- the right not to be subject to a decision based on solely automated data processing
Where we process your personal data on the lawful basis of consent, you have the right to withdraw your consent at any time. If you withdraw your consent to processing required to facilitate your attendance at an event, you will not be able to attend that event.
To exercise any of your rights or to make a complaint about how your personal data has been processed, you can contact us at:
Data Protection Officer
Department for Business and Trade
Old Admiralty Building
Whitehall
LONDON
SW1A 2DY
Email: data.protection@businessandtrade.gov.uk
You can also submit a complaint to the Information Commissioner’s Office (ICO) at:
Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
Website: https://ico.org.uk/
Tel: 0303 123 1113