Privacy Policy for Events

updated 10 April 2024

This Privacy Policy for Events (Policy) explains how Suade Labs Limited (Suade, we, us and our) processes your personal data when you attend our events (including events on our premises, events at other venues, and online events such as webinars) (Events) and your rights in relation to the personal data we hold.

For the purposes of any applicable data protection laws in England and Wales, including from the EU General Data Protection Regulation 2016/679 (GDPR) including the GDPR as it forms part of UK law via section 3 of the European Union (Withdrawal) Act 2018 (the UK GDPR) and the Californian Privacy Act of 2018 California Civil Code S 1798.100 et seq (California Consumer Privacy Act or CCPA) Suade is the data controller of your personal data. Suade has appointed a Data Protection Officer, who can be contacted via email at info@suade.org.

How your personal data is collected

Suade collects your personal data from the following sources:

  • from you, typically when you:

    • complete forms in relation to attending or participating in an Event, including buying or registering for tickets online;
    • attend and participate in an Event;
    • interact with one of our representatives or employees during an Event (for example when you sign up to a mailing list);
    • complete our surveys and feedback forms;
    • communicate with us by post, email, online chat, social media, telephone or another format;
    • visit Suade's website, including when you search, register or use our online payment/ticketing portals or sign-up for an event.
  • from third parties such as:

    • ticketing agencies who sell tickets or process ticket orders on our behalf;
    • a third party who may purchase tickets on your behalf or register your details with us;
    • our website, webinar, ticketing and sign-up platform providers;
    • our payment provider who will confirm details of your payment;
    • publicly available sources when researching and creating biographies of speakers and key attendees.

What categories of personal data are collected?

We collect the following categories of personal data:

Identification, background and contact details

  • biographical information such as your name and title;
  • your image, audio and likeness (as captured on a webinar, in photographs or on recordings we make of the Event, and on CCTV where the Event is hosted at our premises);
  • your contact details such as address, email address, online chat or social media account details and phone number;
  • your job title and institution, organisation or employer (where this is relevant to an Event).

Online and transactional

  • details of your IP address, browser type and operating system when you visit our website;
  • events that you have attended in the past or for which you are registered to attend in the future;
  • payment details and your financial transactions in relation to Events, where relevant;
  • records of communications sent to you by Suade or received from you.

We may also collect the following special categories of personal data where it is necessary for the purposes set out in this Notice (please also see the section on Special categories of personal data for details about how we process this data):

  • information concerning your health and medical conditions (e.g. disability and dietary needs); or
  • criminal acts caught on our CCTV cameras.

The basis for processing your data, how we use that data and with whom we share it

We will process your personal data either in ways you have consented to, or because it is otherwise necessary for a lawful purpose. We set these out as follows:

As part of the contractual relationship between you and Suade (for example, in relation to a ticket you have purchased)

In this respect we use your personal data for the following purposes:

  • to deliver the Event you have registered for; and
  • to correspond with you about the Event, including sending you pre- and post-event information.

As part of this process, we will expect to share your personal data with:

  • our agents, contractors and service providers where applicable and where it is necessary for them to receive the information;
  • our bank to whom payment details are provided in order to process a payment;
  • co-organisers or partners who are involved in the delivery of an Event;
  • relevant professional bodies or institutions where membership or affiliation affects your entitlement to attend (or results in a discount on) an Event.

Other legitimate interests

Your personal data will also be processed because it is necessary for Suade's legitimate interests or the legitimate interests of a third party. This will always be weighed against your rights, interests and expectations. Examples of where we process data for purposes that fall under legitimate interests include:

  • creating biographies of attendees or a delegate or speaker list and distributing the biography/list to speakers and attendees (except in circumstances where it is appropriate to gain your consent);
  • sharing your information with sponsors of an event (except in circumstances where it is appropriate to gain your consent);
  • filming, photographing or otherwise recording Events and publishing such content on our website, social media accounts and other formats where it would not be necessary, appropriate or practicable to obtain your specific consent (for example, we may seek specific consent for prominent or impactful uses);
  • analysing and improving the use of our website;
  • using digital and analytical tools to monitor the impact of our marketing and promotional communications;
  • processing feedback to improve the quality of our Events and marketing activities; and
  • marketing Suade, its services and its Events by post, telephone, social media and electronic mail (but without prejudice to your rights under the legislation that regulates the sending of marketing communications by electronic means).

In addition to those organisations named above, we will also share your personal data with:

  • our agents and contractors where they require your personal data to perform the services outlined above; and
  • direct mail agencies who assist Suade in the administration of marketing communications.

Legal obligations

Your personal data will be processed for compliance with Suade's legal obligations. For example:

  • for the detection and prevention of crime and to assist the police and other competent authorities with investigations; and
  • to comply with tax legislation, safeguarding duties and subject access requests of others.

In this respect, as well as the organisations mentioned above, we may in specific circumstances need to share your personal data with third parties who have made legitimate requests under data protection or freedom of information law; the police and other law enforcement agencies; HMRC and Suade’s external auditors.

Where you have consented

Your personal data will also be processed by Suade where we have your consent.

Where applicable, consent will always be specific and informed on your part, and the consequences of consenting or not, or of withdrawing consent, will be made clear.

Special categories of personal data

In addition to the above, Suade may process types of personal data that the law considers to fall into a special category (such as race, religion, health, sexual life or criminal record). This will be under the following circumstances:

  • where you have provided your explicit consent. Examples might include where you have provided information on your dietary requirements, allergies or where you inform us of the requirement for wheelchair access;
  • where such processing is necessary for the establishment, exercise or defence of legal claims (including sharing with Suade's insurers and legal advisers) or the prevention or detection of crime (for example, detecting criminal actions through the use of CCTV or reporting allegations to the police); and
  • where it is in your vital interests to do so and you are incapable of giving consent, for example to inform your specified emergency contact, the NHS or emergency services in the event of your illness or other emergency.

International transfers of data

Suade will in limited circumstances disclose personal data to third parties, or allow personal data to be stored or handled, in countries outside the European Economic Area. For example, we will transfer data to IT and ticketing/sign-up platform providers based overseas and share information with international co-organisers of an Event.

In these circumstances, your personal data will only be transferred where the transfer is subject to one or more of the "appropriate safeguards" for international transfers prescribed by applicable law.

Your rights under the Data Protection Legislation

  • to obtain access to, and copies of, the personal data we hold about you. Further information of how to make such an application can be found at /info/privacy-policy;
  • to require that we cease processing your personal data if the processing is causing you damage or distress;
  • to require us not to send you marketing communications;
  • to request that we erase your personal data;
  • to request that we restrict our data processing activities in relation to your personal data;
  • to receive from us the personal data we hold about you, which you have provided to us, in a reasonable format specified by you, including for the purpose of transmitting that personal data to another data controller; and
  • to require us to correct the personal data we hold about you if it is incorrect.

Please note that the above rights are not absolute, and requests may be refused where exceptions apply.

If you have any questions about these rights or how your personal data is used by us, you should contact the Data Protection Officer using the details below:

  • Post – Data Protection Officer
  • Address – Suade Labs Ltd, 33 Canon Street, London EC4M 5SB , United Kingdom
  • Email – info@suade.org

How long is my personal information retained for?

Your data is held in accordance with Suade’s Privacy Policy.

In addition, we hold information on participants for up to three months after an Event unless we have a legitimate reason for retaining your information for longer.