EVENT PRIVACY NOTICE
1. WHAT IS THE PURPOSE OF THIS DOCUMENT?
IMH CSC Ltd is committed to protecting the privacy and security of your personal information. This privacy notice tells you about the information we collect from you when you register to attend one of our events. In collecting this information, we are acting as a data controller. By law we are required to provide you with information about us, about how and why we use your data and about the rights you have over your data.
2. DATA PROTECTION PRINCIPLES
We will comply with data protection law and principles, which means that your data will be:
• Used lawfully, fairly and in a transparent way.
• Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
• Relevant to the purposes we have told you about and limited only to those purposes.
• Accurate and kept up to date.
• Kept only as long as necessary for the purposes we have told you about.
• Kept securely.
3. THE KIND OF INFORMATION WE HOLD ABOUT YOU
When you register to attend one of our events, we will collect, store, and use the following categories of personal information about you:
• The information you have provided us when completing a booking form or when registering online to attend our events, including organisation, title, first name, last name, job title, telephone number, mobile number, email address, address, city and postal code.
• As there is a participation fee to attend the event we also ask for payment and if you choose credit card as a method of payment we ask for card number, expiry date, cardholder name and signature.
• Communication information. When you send us an e-mail or other communication we retain that communication in order to process your enquiries and respond to your requests.
• Surveys you may be requested to fill out in some events.
Additionally, when you register to attend one of our online events, our online events platform provider collects the following information about you on our behalf: Account information. To access various parts of the platform you must have an online account. To register for an account on the platform, you must provide your name, email address, telephone number, company name, and other information necessary to confirm that you are authorised to use the platform. End User Information. To access webinars, virtual environments and other events administered by us via the online platform, you may be required to register. The requested personal information typically includes name, email address, telephone number, company name and job title as well as information about your company such as country and industry sector.
4. HOW IS YOUR PERSONAL INFORMATION COLLECTED?
We collect personal information about you from the following sources:
• You directly.
• From our online platform service provider
• Your employer/organisation.
• Other companies wishing to invite you to an event organized by IMH
5. HOW WE WILL USE INFORMATION ABOUT YOU
We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:
• Where we need to perform the contract, we have entered into in order to provide a service to you and your organisation. In other words, we will use your information in order to arrange that you attend our events.
• Where we need to provide you with the information, products and/or services that you request from us.
• Where we need to comply with a legal obligation.
• We may in some circumstances rely on your consent. In those circumstances, we will specifically ask whether you agree to us using your data in specified ways. You can withdraw your consent and ask us to delete your information at any time - please see section 11.
• Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. As you have shown interest in attending our events, we rely on this legal basis to send you information and updates about future events that may be of interest to you. If you DO NOT wish to receive this information, you have the right to object to this at any time, by contacting our Data Protection Officer at email@example.com or by clicking the unsubscribe link at the bottom of our e-mails. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.
6. AUTOMATED DECISION-MAKING
You will not be subject to decisions that will have a significant impact on you based solely on automated decision-making.
7. DATA SHARING
We may share your data with third parties, including the event organisers, event sponsors and third-party service providers, where it is necessary to administer the working relationship with your business or where we have another legitimate interest in doing so, such as the planning, organisation and realisation of our events. We may also share your information where this is required by law. We use data processors to help facilitate the organization of events. We may sometimes charge a fee to attend an event. If this happens, our communications about the event will provide details of the data processor, we use to collect payments. We require third parties to respect the security of your data and to treat it in accordance with the law and we have appropriate agreements in place.
8. TRANSFERING INFORMATION OUTSIDE THE EU
Our online platform service provider will have access to some of your information when you register for one of our online events. Our online platform service provider is located in the US and is committed to protecting the privacy and security of your personal information, in accordance with the General Data Protection Regulation, under Standard Contractual Clauses. If you have any questions about this or you need any further information please contact our Data Protection Officer on 22505555 or at firstname.lastname@example.org.
9. DATA SECURITY
We have put in place appropriate security measures to prevent your personal information from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal information to those employees and agents who have a business need-to-know. They will only process your personal information on our instructions and they are subject to a duty of confidentiality. Details of these measures may be obtained from our Data Protection Officer. We have put in place procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.
10. DATA RETENTION
We will retain your personal information only for as long as we need it or until you withdraw your consent, (in those instances where we process your information based on your consent)or you object to processing when exercising your rights in accordance with section 11 below. You can contact our Data Protection Officer at email@example.com to find out more about our retention times.
11. RIGHTS OF ACCESS, CORRECTION, ERASURE, AND RESTRICTION
Under certain circumstances, by law you have also the right to:
• Request access to your personal information (commonly known as a “data subject access request”. This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
• Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
• Request erasure of your personal information. This enables you to ask us to delete or remove persona l information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
• Object to processing of your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
• Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
• Request the transfer of your personal information to another party but only for information processed by automated means and where the processing is based on your consent or on contract.
• Right to withdraw consent at any time for processing for any purpose for which you have given consent. If you want to exercise any of the above rights, please contact our Data Protection Officer at gdpr@ imhbusiness.com.
12. DATA PROTECTION OFFICER
We have appointed a Data Protection Officer to oversee compliance with this privacy notice. If you have any questions about this privacy notice or how we handle your personal information, please contact our Data Protection Officer at firstname.lastname@example.org. You have the right to make a complaint at any time to the office of the Commissioner of Personal Data Protection, the Cyprus supervisory authority for data protection matters. You can find out more about this at www.dataprotection.gov.cy