Privacy Statement For Frontline Events
Who is this statement intended for?
This Privacy Statement applies to anyone who is attending a Frontline event, with the exception of those who are on one of our programmes, registrants/pre-registrants of one of our programmes or a member of the Fellowship and are attending the event in that capacity. Anyone who meets the exception criteria should refer to Frontline’s privacy statement for our programmes and Fellowship.
The Frontline Organisation regards the lawful and correct treatment of personal data as critical to successful working and to maintaining the confidence of those with whom we deal with. To this end, we will adhere to the General Data Protection Regulations (GDPR) and any other current data protection or privacy legislation.
If you have any concerns about the privacy of your data or rights under GDPR, then please contact: Data Protection Lead, Frontline, Coram Campus, 41 Brunswick Square, London WC1N 1AZ or firstname.lastname@example.org.
The Frontline Organisation is a data controller and delivers its events by working alongside some key suppliers. Although we may share your data with these partners (see below), they may also be data controllers in their own right. They may have new purposes for the data, or wish to collect or process new personal data from you. They may, therefore, issue their own privacy notices at appropriate stages.
What personal data is collected and processed and for what purpose?
We may collect and process personal data on you for the purposes of running the events and supporting you to attend and access events you have signed up for, as well as monitoring the diversity and mobility of attendees. We may also keep you updated on future events and Frontline news, if you give your consent.
Data we collect from you will include, but not be limited to: your name, contact details, job title and organisation.
When you book to attend an event we may ask you (at your entire discretion and only with your consent) to disclose to us certain special category data regarding: (a) any disability you may have so that we can make adaptations; (b) your ethnic origin, sexual orientation, religious affiliations or personal history so that we can monitor diversity and mobility; (c) information regarding your health, such as known dietary requirements etc., which will be used to cater for your requirements and (e) any other information to help to administer your application on the programme.
During events we may capture video footage and photographs of you. This will be used for one or more of the following purposes:
- allowing people who were unable to attend the event and/or Frontline’s wider network and/or the general public to view footage of the event;
- promotion of past and future events, including on Frontline’s social media pages;
- illustration in Frontline reports.
On what lawful basis do we collect and process your data?
For (non-sensitive) personal data we rely on our legitimate interests.
This means that The Frontline Organisation has made a careful assessment on the most appropriate lawful means to collect and process the data. This decision is based on the following: we have identified a lawful business objective; processing is not likely to result in unwarranted harm or distress to you; the processing is in your interest; and the processing would be expected by you. You can object to this processing at any time and we will no longer process your personal data unless we can demonstrate compelling legitimate or legal grounds. You should be aware that to stop processing may affect your ability to attend an event and if so we will explain our reasoning.
For special categories of data (sensitive data) we rely on your consent.
This includes: racial or ethnic origin, political opinions, religious of philosophical beliefs, sexual orientation, and mental and physical health. You can withdraw consent and we will inform you if this will have an impact on your event attendance.
If we send you material that is explicitly for marketing purposes, we shall rely on your prior consent which you can withdraw at any time.
Who will your information be shared with?
Whenever we share your information, we always require strict compliance with data protection legislation from the third party and we ensure appropriate controls are in place to protect it.
The information you provide in relation to a Frontline event may be shared with: the venue provider, caterers, event speakers, ticketing services and evaluation survey providers. If you have requested that your image not be captured in video or photographs, your information may be shared with the photographer and/or videographer to facilitate compliance with your request.
Our information security policy and how we protect your data
The Frontline Organisation is certified to ISO27001 standard for managing its information security. The means we are externally audited to a recognised international standard to ensure that we have in place appropriate technical and organisational measures to protect data from unauthorised access. In addition to a Data Protection Policy to which all staff must adhere to, we have a number of policies to control how data is protected. This includes: the use of encryption, security of data in transit, clear desk policy, mobile working policy, access control and password policy, information sensitivity policy, virus protection and network security.
International transfer of data
Data processors are third parties who provide elements of our services for us. We have contracts in place with our data processors, some of whom are international companies. If the companies store your data within the EEA then this is deemed to provide adequate safeguards under EU law. If they do not, and are not listed in an EU-approved third country list, then we follow GDPR guidance. We ensure that the individual processors in question have adequate safeguards to protect your data and this is formally agreed within the contract with hold with them.
In selecting further third-party international processors in the future, we will ensure that we follow the same GDPR safeguards as above and amend the online versions of this privacy statement to reflect any changes.
Frontline will follow GDPR principles regarding data minimisation, both in terms of the volume of data stored on you and how long it is retained for. Personal data shall be kept for no longer than is necessary for the purposes for which it is being processed. There are some circumstances where personal data may be stored for longer periods (e.g. legal, regulatory, archiving or research purposes). The period for which the personal data is stored will be limited to a strict minimum. Time limits are established by Frontline for deletion of the records or for a periodic review.
We will therefore ensure personal data is securely disposed of when no longer needed in line with our data retention policy which is subject to periodic change.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access – you have the right to request a copy of the information that we hold about you providing it does not infringe the rights of others.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing. Right to object to automated processing, including profiling.
Right to judicial review – in the event that Frontline refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain as outlined below.
In the event that you wish to make a complaint about how your personal data is being processed, please contact: Data Protection Lead, Frontline, Coram Campus, 41 Brunswick Square, London WC1N 1AZ or email@example.com. If you are not satisfied with how your compliant is handled by Frontline, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO): Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF or telephone 0303 123 1113.
Last updated: 07.01.2020