Cross-government content community events privacy notice
Updated 29 November 2023
© Crown copyright 2023
This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.
Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.
This publication is available at https://www.gov.uk/government/publications/cross-government-content-community-events-and-training-privacy-notices/cross-government-content-community-events-privacy-notice
Content community events are run by the GOV.UK content community team. Events aim to help grow capability in the content profession, share best practice and network with others.
Content community events are provided by the Government Digital Service (GDS) which is part of the Cabinet Office. The data controller for GDS is the Cabinet Office – a data controller determines how and why personal data can be processed. Read the Cabinet Office’s entry in the Data Protection Public Register for more information.
What data we collect from you
The personal data we collect from you will include:
- name
- email address
- job title
- organisation
We will also make use of:
- gender
- any disabilities which need to be considered (by us) to enable participation at the event
The legal basis for processing this data is that it’s necessary for:
- a contract you have with us (if you’re a staff member)
- performing a public task
If you’re not a GOV.UK publisher the legal basis is consent.
We may also have photography taking place at our events for which we will seek consent per event notification.
The legal basis for processing sensitive health personal data is that it’s necessary for us to comply with the law.
Why we need your data
We need this information to effectively manage the event you would like to attend.
This includes making sure:
- we know who is attending and capacity limits are not exceeded
- the event is accessible and caters to everyone’s needs as much as possible including those with disabilities
- we maintain a diverse and equal audience
We also use the data, specifically your name, job title and organisation, to create name badges for the event.
What we do with your data
We will make sure your data is only used in relation to the event you are attending for the purpose of event management and communications.
We will not:
- sell or rent your data to third parties
- share your data with third parties for marketing purposes
We will share your data if we’re required to do so by law – for example, by court order, or to prevent fraud or other crime.
How long we keep your data
We will keep your personal data for 3 years or until consent is withdrawn.
Where your data is processed and stored
We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.
Your personal data may be transferred outside the European Economic Area (EEA) while being processed by GDS. If this happens, we’ll make sure you’re given the same level of technical and legal protection as you are within the EEA.
The tool we use to manage content community events is operated by a US company which offers safeguards to data handling supported by Model Contract Clauses. The US Privacy Shield also supports the safeguarding of your personal data.
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access to or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All third parties that process personal data for GDS are required to keep that data secure.
Children’s privacy protection
We don’t design or promote services for children who are 13 years of age or younger, and we don’t intentionally collect or keep data about anyone under the age of 13.
Your rights
You have the right to request:
- information about how your personal data is processed
- a copy of that personal data - this copy will be provided in a structured, commonly used and machine-readable format
- that anything inaccurate in your personal data is corrected immediately
You can also:
- raise an objection about how your personal data is processed
- request that your personal data is erased if there is no longer a justification for it
- ask that we only process your data in certain circumstances
If you have any of these requests, get in contact with our Privacy Team - you can find their contact details below.
If you gave your consent for us to collect and process your data, you have the right to:
- withdraw your consent - this can be done at any time
- request a copy of your personal data - this copy will be provided in a structured, commonly used and machine-readable format
Changes to this notice
We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, GDS will take reasonable steps to make sure you know.
Questions and complaints
Contact the GDS Privacy Team if you:
- have any questions about anything in this document
- think that your personal data has been misused or mishandled
- want to make a subject access request (SARS)
Email: gds-privacy-office@digital.cabinet-office.gov.uk
The contact details for our Data Protection Officer are:
You can also complain to the Information Commissioner, who is an independent regulator.
Information Commissioner's Office
Email icocasework@ico.org.uk
Contact form https://ico.org.uk/glo...
Telephone 0303 123 1113
Textphone 01625 545 860