Events Privacy Notice
Privacy Notice for Imperial College London Events
This Privacy Notice (Notice) explains how Imperial College London (the College, we, our, us) processes your personal data when you attend its events (including public lectures, demonstrations, competitions, tours of the College's campus and facilities, and online events such as webinars (Event)) and your rights in relation to the personal data we hold.
For the purposes of the EU General Data Protection Regulation 2016/679 (GDPR) and the Data Protection Act 2018, the College is the data controller of your personal data. The College has appointed a Data Protection Officer, who can be contacted via email at firstname.lastname@example.org, via telephone on 20 7594 3502 and via post at Imperial College London, Data Protection Officer, Faculty Building Level 4, London SW7 2AZ.
For more information about the College's data protection policies please refer to our data protection webpage http://www.imperial.ac.uk/admin-services/legal-services-office/data-protection/.
How your personal data is collected
The College collects your personal data from the following sources:
- from you, typically when you:
- complete forms in relation to attending or participating in an Event, including buying or registering for tickets online;
- attend and participate in an Event;
- interact with one of our representatives or employees during an Event (for example when you sign up to a mailing list or enter a competition);
- complete our surveys and feedback forms;
- communicate with us by post, email, online chat, social media, telephone or another format;
- visit the College's website, including when you search, register or use our online payment/ticketing portals or sign-up for an event.
- from third parties such as:
- ticketing agencies who sell tickets or process ticket orders on our behalf;
- a third party who may purchase tickets on your behalf or register your details with us;
- our website, webinar, ticketing and sign-up platform providers;
- our payment provider who will confirm details of your payment;
- publicly available sources when researching and creating biographies of speakers and key attendees.
What categories of personal data are collected?
We collect the following categories of personal data:
Identification, background and contact details
- biographical information such as your name, title, gender and date of birth;
- your image, audio and likeness (as captured on a webinar, in photographs or on recordings we make of the Event, and on CCTV where the Event is hosted at our premises);
- your contact details including address, email address, online chat or social media account details and phone number;
- your qualifications, professional experience and institution or employer (where this is relevant to an Event);
- your student clubs or societies, affiliations and other connections with the College (for example, where this is relevant to Alumni Events);
- information about your school, educational background, and family financial information (such as family income) where this is relevant to selecting participants for an Event and deciding whether you are eligible to participate in a particular Event;
Online and transactional
- details of your IP address, browser type and operating system when you visit our website;
- events that you have attended in the past or for which you are registered to attend in the future;
- payment details and your financial transactions in relation to Events;
- records of communications sent to you by the College or received from you;
We may also collect the following special categories of personal data where it is necessary for the purposes set out in this Notice (please also see the section on Special categories of personal data for details about how we process this data):
- information concerning your health and medical conditions (e.g. disability and dietary needs);
- trade union membership number (for example, where membership provides you with access to (or a discount on) an Event;
- criminal acts caught on our CCTV cameras; and
- diversity information about your racial or ethnic origin; religion or similar beliefs; and sexual orientation.
The basis for processing your data, how we use that data and with whom we share it
We will process your personal data either in ways you have consented to, or because it is otherwise necessary for a lawful purpose. We set these out as follows:
As part of the contractual relationship between you and the College (for example in relation to a ticket you have purchased)
In this respect we use your personal data for the following purposes:
- to deliver the Event you have registered for;
- to correspond with you about the Event, including sending you pre and post-event information.
As part of this process, we will expect to share your personal data with:
- our agents, contractors and service providers (including providers of accommodation, catering, IT, webinar and other support services) where applicable and where it is necessary for them to receive the information;
- our bank to whom payment details are provided in order to process a payment;
- co-organisers or partners who are involved in the delivery of an Event;
- relevant professional bodies or institutions where membership or affiliation affects your entitlement to attend (or results in a discount on) an Event.
Where the College is undertaking activities in the exercise of its official authority or performs a task that is carried out in the public interest and it is deemed necessary to process your personal data for these purposes. Examples would include:
- Education (No. 2) Act 1986 - requires the College to “take such steps as are reasonably practicable to ensure that freedom of speech within the law is secured for members, students and employees of the establishment and for visiting speakers”;
- Counter-Terrorism and Security Act 2015 - requires the College “in the exercise of its functions, [to] have due regard to the need to prevent people from being drawn into terrorism.”
Other legitimate interests
Your personal data will also be processed because it is necessary for the College's legitimate interests or the legitimate interests of a third party. This will always be weighed against your rights, interests and expectations. Examples of where we process data for purposes that fall under legitimate interests include:
- creating biographies of attendees or a delegate or speaker list and distributing the biography/list to speakers and attendees (except in circumstances where it is appropriate to gain your consent);
- sharing your information with sponsors of an event (except in circumstances where it is appropriate to gain your consent);
- filming, photographing or otherwise recording Events and publishing such content on our website, social media accounts and other formats where it would not be necessary, appropriate or practicable to obtain your specific consent (for example, we may seek specific consent for prominent or impactful uses);
- analysing and improving the use of our website;
- using digital tools to monitor the impact of our marketing communications (such as using email tracking to record when an email we send you has been opened);
- analysing who is attending our Events, including so that we can monitor the success of our outreach programs and understand trends in participation (for example, by monitoring participation by socio-economic group);
- informing our Advancement activities (please find a link to the Advancement team’s privacy notice - http://www.imperial.ac.uk/advancement/about-us/advancement-policies/privacy-policy/ );
- processing feedback to improve the quality of our Events and marketing activities;
- marketing the College and its Events by post, telephone, social media and electronic mail (but without prejudice to your rights under the legislation that regulates the sending of marketing communications by electronic means);
- defining and targeting new audiences (for example, we use the personal data of Event attendees to create a ‘source audience’ for online tools such as Facebook Lookalike Audiences which identifies new target audiences for receiving our Event advertising); and
- consulting our professional advisers where it is necessary for us to obtain their advice or assistance;
In addition to those organisations named above, we will also share your personal data with:
- our agents and contractors where they require your personal data to perform the services outlined above; and
- direct mail agencies who assist the College in the administration of marketing communications.
Your personal data will be processed for compliance with the College's legal obligations. For example:
- for the detection and prevention of crime and to assist the police and other competent authorities with investigations;
- to comply with tax legislation, safeguarding duties and subject access requests of others.
In this respect, as well as the organisations mentioned above, we may in specific circumstances need to share your personal data with third parties who have made legitimate requests under data protection or freedom of information law; the police and other law enforcement agencies; HMRC and the College’s external auditors.
Where you have consented
Your personal data will also be processed by the College where we have your consent.
Examples where consent would be sought include where the law or some other protocol requires that the College obtains your consent (for certain marketing or fundraising communications) or where, having balanced the College’s legitimate interests against your rights, interests and expectations, we feel it is appropriate to obtain your consent for our processing, rather than rely on the legitimate interests basis.
Where applicable, consent will always be specific and informed on your part, and the consequences of consenting or not, or of withdrawing consent, will be made clear.
Special categories of personal data
In addition to the above, College may process types of personal data that the law considers to fall into a special category (such as race, religion, health, sexual life or criminal record). This will be under the following circumstances:
- where you have provided your explicit consent. Examples might include where you have provided information on your dietary requirements, allergies or where you inform us of the requirement for wheelchair access;
- where such processing is necessary for the establishment, exercise or defence of legal claims (including sharing with the College's insurers and legal advisers) or the prevention or detection of crime (for example, detecting criminal actions through the use of CCTV or reporting allegations to the police);
- where it is in your vital interests to do so and you are incapable of giving consent, for example to inform your specified emergency contact, the NHS or emergency services in the event of your illness or other emergency.
International transfers of data
The College will in limited circumstances disclose personal data to third parties, or allow personal data to be stored or handled, in countries outside the European Economic Area. For example, we will transfer data to IT and ticketing/sign-up platform providers based overseas (such as MailChimp, Google and EventBrite) and share information with international co-organisers of an Event.
In these circumstances, your personal data will only be transferred where the transfer is subject to one or more of the "appropriate safeguards" for international transfers prescribed by applicable law, such as:
- an approved certification mechanism such as Privacy Shield;
- where the College has entered into contractual clauses approved by the European Commission that provide appropriate safeguards; or
- there exists another situation where the transfer is permitted under applicable law (for example, where we have your explicit consent).
We may use personal characteristics such as age, role, your expressed interests, your previous interactions with the College or geographical location to target our communications, and advertising and promotions so that they are relevant to you. We may also use your personal characteristics (such as those contained within your Facebook profile) to assist us in identifying and targeting new audiences for our Events, including through online behavioural advertising (for example, through tools such as Facebook Lookalike Audiences).
Your rights under the Data Protection Legislation
- to obtain access to, and copies of, the personal data we hold about you. Further information of how to make such an application can be found at http://www.imperial.ac.uk/admin-services/legal-services-office/data-protection/subject-access-requests/ ;
- to require that we cease processing your personal data if the processing is causing you damage or distress;
- to require us not to send you marketing communications;
- to request that we erase your personal data;
- to request that we restrict our data processing activities in relation to your personal data;
- to receive from us the personal data we hold about you, which you have provided to us, in a reasonable format specified by you, including for the purpose of transmitting that personal data to another data controller; and
- to require us to correct the personal data we hold about you if it is incorrect.
Please note that the above rights are not absolute, and requests may be refused where exceptions apply.
If you have any questions about these rights or how your personal data is used by us, you should contact the Data Protection Officer using the details below:
- Post – Data Protection Officer
Address - Level 4 Faculty Building, Imperial College London, South Kensington, London, SW7 2AZ
- Email – email@example.com
- Telephone – 020 7594 3502
If you are not satisfied with how your personal data is used by the College you can make a complaint to the Information Commissioner (www.ico.org.uk).
How long is my personal information retained for?
Your data is held in accordance with the College’s Retention Schedule available at http://www.imperial.ac.uk/media/imperial-college/administration-and-support-services/records-and-archives/public/RetentionSchedule.pdf.
In addition, we hold information on participants for up to three months after an Event unless we have a legitimate reason for retaining your information for longer; for example, where you have requested to receive further information from us and to keep you informed about future Events.