Privacy Notice for Conference Delegates / Seminar Attendees

This privacy notice is for individuals who attend conferences or seminars run by Kate Grimley Evans Ltd. It does not apply to individuals who contact the company through the form on the company’s website (www.kategrimleyevans.co.uk) for whom there is a separate privacy policy that you can see by clicking the button


Who we are

Kate Grimley Evans Ltd

A limited company registered in England and Wales under company number 12146367.  The company may be contacted by clicking the button here or by emailing your usual contact at the company.

This company is the Controller for the purposes of the GDPR (General Data Protection Regulation)

In this policy ‘we’ and ‘us’ means Kate Grimley Evans Ltd and ‘you’ means you as an individual who is a business contact of the Company.

The information which we collect

We will collect the information which you provide when you contact us to register for a seminar or conference place.

We will usually collect:

  • Name
  • Job title
  • Organisation you work for
  • Email address

Card payment details are not collected by us as you will be directed to a third party website (Stripe) for that purpose (as described further below). We do not have any access to your card details.

What we use the information for

This information is used so that we can arrange the conference and correspond with you for business purposes related to the conference or seminar, for example:

  • To add you to the list of delegates, collect payment, email you to confirm attendance.

Your email address will not be added to any marketing lists without your consent.

Legal Basis for using your personal data

When you give us your details to book a conference place or when someone registers you on your behalf, the legal basis on which we use your personal data is legitimate interest. This is under article 6, 1(f) of the GDPR. This is because we have a legitimate interest in processing this personal data so that we can  provide our training services to you.

When you contact us to tell us that you want to use your data protection rights, our legal basis for using your personal data is that it is necessary to comply with a legal obligation which we are subject to. This is under article 6, 1 (c) of the GDPR.

We share your name and organisation with the conference venue on the basis of legitimate interest. This is because we have a legitimate interest in registering the attendance of delegates so that we can make sure that all those who attend have made a booking and a legitimate interest in ensuring that the delegates are safe in the event of an emergency evacuation of the building.


Sharing with third parties

We will never sell your personal data.  There are limited situations in which we would need to pass your data on to a third party. This will only be done when it is lawful to do so. Your personal data will only be shared after very careful consideration. Circumstances in which it will be shared are as follows:

1. Sharing with the Conference Venue

We will usually provide your name and the organisation you are from to the conference venue. This will be for the purpose of registering your attendance and to make sure that you have safely left the building in the event of a fire or similar emergency evacuation.

The conference venue may also ask you for additional information directly such as your car number plate so that they can monitor use of the car park.

2. The use of processors

Hi Hosting
Processors deal with personal information under our instruction and are not permitted to act outside the instruction. Web hosting companies count as processors. When you enter your details via the form on our website this may be seen by the company which hosts our website which is Hi Hosting. Hi Hosting is a UK based web hosting company operating from the address:

240 Paintworks
Arnos Vale
Bristol
BS4 3AQ

Hi Hosting will not see your payment card details as payments are collected via a third party website (Stripe).The services provided by Hi Hosting are GDPR compliant. The information is held in a London data centre.

Microsoft Office 365
We use Microsoft Office 365 cloud storage which is GDPR compliant because Microsoft subscribes to the EU-US Privacy shield framework which mean that they have agreed to work with the appropriate regulatory authorities to resolve any complaints. More information about the EU-US Privacy by clicking the button.

IT Support
Our IT technician will be able to see the information you enter on the booking form. He will not be able to see your payment card information

3. On takeover, merger, transfer or sale

If we transfer our company or its assets then the personal data held by the company may be transferred to the new owner.

4. Limited disclosures which are permitted by law
For example disclosures in connection with a police investigation.


Important Note about Card Payment Details

When you pay for the conference you will be redirected to a payment service provided by Stripe. The website of Kate Grimley Evans Ltd simply redirects you to the payment website and does not collect any data related to your payment card. This means that Stripe is a separate data controller with its own data protection responsibilities. Stripe has been selected as a provider with care but please note that Stripe’s privacy policy will apply. Please click the logo for the policy.


Note about Gravity Forms

When you submit your details to book a conference or seminar place, our website uses a Gravity Form. The details you submit in the form are saved by our website and do not go to Gravity. The Gravity Form has been set up so that it does not store IP addresses.


How long we keep your personal data

We will only keep your personal data for as long as we need it. Usually this will be for the time between your booking and the date of the conference or seminar and for a short time afterwards.

At present the information you submit is automatically deleted 90 days after you enter it.


Your data protection rights

You have the following rights in relation to your personal information:

Right of access
You have the right to ask for a copy of the personal information which we have about you. You can find out more by clicking the button

Right of rectification
You have the right to rectification. This means that you can ask us to correct the personal information we have about you. You can find out more by clicking the button

Right of erasure
You have the right to erasure also often referred to as the ‘right to be forgotten’. This is the right to have your personal information deleted. You can find out more by clicking the button

Right to object to processing
You have the right to object to what we do with your personal information. You can find out more by clicking the button

Right to portability
This right only applies if we are using your personal data and the legal basis for us doing so is either consent or performance of a contract. In certain circumstances, it means that you can ask us to transfer your personal data to another organisation. This only applies where you have provided the personal data to us and we hold it electronically. You can find out more by clicking the button

Right to withdraw your consent
We do not use the information of business contacts on the basis of consent so your right to withdraw consent is not relevant. You could use your right to object instead. You can find out more by clicking the button

To use any of your rights, contact us by clicking the button or email your usual contact at the Company. We will normally be under an obligation to respond to you within one month, although we are sometimes permitted to extend the deadline.

If at any time you have a complaint about what we do with your personal data then you can complain to us by clicking the button or by emailing your usual contact or you can complain directly to the Information Commissioner’s Office:

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113