1. About us
This privacy notice explains how Women in Wales collects, stores and uses your personal information. We are the data controller of your personal information, which means information that is about you or from which we can identify you. Please read this carefully to understand how we will use your personal information.
If you have any queries about this privacy notice or wish to exercise any of the rights mentioned in it, please contact our Chairperson, Felicity Ladbroke, by email at email@example.com.
2. Why do we need to collect your personal data?
We use personal information about you in the following ways:
- to provide you with information and updates regarding the annual Women in Wales lunch event;
- updating and enhancing the Women in Wales database records;
- to publish photographs and/or videos of our events in various sources;
- to improve our website to ensure that content is presented in the most effective manner for you;
- to keep our website safe and secure; and
- to enable us to organise and run our annual event.
3. Do you have to provide your personal information to us?
If you do not provide us with the personal information we need, we may be unable to provide you with our services.
4. Where do we collect your personal information from?
We will generally collect your personal information directly from you usually when you attend our lunches.
5. What personal information do we collect?
We collect the following information in connection with our services:
- Your title, full name, your contact details, including mobile telephone number;
- Your email address and, in certain circumstances, your home address.
6. Keeping in contact with you
We may use your address, phone number and email address to provide you with important information in relation to our event.
In addition, we may use your contact details to contact you to provide you with marketing information about our other services, including third party services, which may be of interest to you. You will have the opportunity to opt out of receiving such marketing information.
All marketing communication will offer you the chance to opt out or update your preferences at the point of receiving the communication.
In the case of social media messages you can manage your social media preferences via that social media platform.
7. What are our legal grounds for collecting and using your personal data?
Data protection laws require us to explain our legal grounds for processing your personal information. We use the term processing to describe everything we do with your personal information from its collection, right through to its destruction or deletion. This includes sharing your data with other organisations.
The legal grounds that are relevant to us are:
- Processing which is necessary to perform our contract with you or for taking steps prior to entering into it (during the application stage). We use this ground for:
- administering, managing and updating your records; and
- sharing your personal information with other payment services providers such as when you ask us to share information about your account with them.
- Processing which is necessary for our own legitimate interests or those of other organisations (who we have listed in clause 9 below), where these interests are not outweighed by any prejudice to your rights and freedoms. We use this ground for:
- administering and managing your accounts and updating your records;
- to test the performance of our internal processes;
- to supply services to you;
- for management and audit of our business operations;
- to carry out monitoring and to keep records;
- for market research and analysis and developing statistics;
- to promote, market and advertise our services; and
- for direct marketing communications.
- Processing with your consent.
In certain circumstances we may request that you provide your consent to enable us to process your personal information.
8. How and when can you withdraw your consent?
As we explain above, much of what we do with your personal information is not based on your consent. Instead, it is based on other legal grounds. For processing that is based on your consent, you have the right to withdraw your consent at any time. You can do this by contacting us using the details above.
The consequence of withdrawing your consent might be that we cannot send you some marketing communications (but these outcomes will be relevant only in cases where we rely on explicit consent for this).
9. Who do we share your personal information with?
Depending on the circumstances, we may share your personal information with:
- Our legal and other professional advisers;
- Other organisations and businesses who provide services to us such as back up and server hosting providers, IT software and maintenance providers, event management, financial administration and management administration support, document storage providers and suppliers of other back office functions;
- Payment providers;
- Social media platforms
10. Is your personal information transferred outside the European Economic Area?
Some of the information you provide to us may be transferred to, stored and processed by third party organisations which process data for us and on our behalf. These third parties may be based (or store or process information) in the UK or elsewhere including outside of the EEA. As with many organisations, these third parties may include third party IT platforms (including cloud based platforms), suppliers of administrative and support services and suppliers of other specialist products.
11. What should you do if your personal information changes?
You should tell us without delay so that we can update our records. The contact details for this purpose is: firstname.lastname@example.org.
12. For how long is your personal information retained by us?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal requirements. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. Generally, we will keep your information for a period of six years following your attendance at one of our events.
You can ask us to delete your data: see “Your rights” below for further information.
13. Keeping your personal information secure
We have appropriate security measures in place to prevent personal information from being accidentally lost, or used or accessed in an unauthorised way. We limit access to your personal information to those who have a genuine business need to know it. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses.
14. Your rights
Under data protection laws, you have the rights listed below. If you wish to exercise any of these rights, please contact the Chairperson of Women in Wales Chair. We will aim to respond within one month. There is no fee for making a request. Please note that not all of these rights will apply to all of your personal information.
- The right to be informed – we have to be transparent with you about the processing that we do with your personal information. This is why we have a privacy notice.
- The right to ask us to correct your personal information if it is inaccurate and to have incomplete personal information completed. If we have disclosed the personal information in question to other organisations, we must inform them of the correction where possible.
- The right to object to our processing of your personal information where it is based on our legitimate interests, where it is processed for direct marketing or where it is processed for the purposes of statistics. Your right to object may be relevant if you wish to find out more about what legitimate interests we rely on (they are listed in our privacy notice).
- The right to restrict processing of your personal information in certain circumstances.
- The right ask us to have your personal information erased. This right is not absolute – it applies only in particular circumstances and, where it does not apply, we will tell you. We will not be able to comply if we are required to keep your personal information in order to comply with a legal obligation or to exercise or defend legal claims.
- The right to request access to the personal information held about you. This is often described as a Subject Access Request.
- The right to ask for your personal information in a reusable format (known as the right to data portability). This right only applies where personal information is being processed based on your consent or for performance of a contract and is carried out by automated means. This is separate to a Subject Access Request.
If you are unhappy with the way that we are handling your personal information, please contact our Chair person in the first instance and we will try to resolve your complaint. However, you do also have the right to complain to the Information Commissioner’s Office, which is the regulator for data protection laws: https://ico.org.uk/