CMAC privacy policy for events marketing and communications

This privacy notice explains how CMAC, located at the University of Strathclyde will use your personal information and your rights under data protection legislation.

It is important that you read this notice prior to providing your information. Where you are registering to attend an event hosted by CMAC, if there are any additional privacy implications relating to the conference/event you are attending/booking, you will be advised of these separately.

Who we are

CMAC, is a medicines manufacturing research centre located at the University of Strathclyde, and is the organisation responsible for your personal data in terms of data protection legislation (the data controller).

Information we collect and use about you

We will collect information necessary to manage your booking/attendance at a conference/event or in relation to booking conference/event facilities and services.

For event attendees this will consist of information you provide to us when registering. The information required will be clearly set out in the registration form and depends on the event you are attending. At a minimum we will require your name and contact information.

Depending on the event, we may ask for some additional information (where relevant), for example:

-          job title/role, company/sector of employment;

-          dietary requirements;

-          accessibility requirements;.

-          academic profile, e.g. research interests, abstract submissions;

-          marketing preferences;

-          product and services you have used/shown an interest in;

-          passport and date of birth details (only where you have requested a letter from us for visa purposes to attend an event); and

-          payment details.

 

Photography/filming – at some events photography and/or filming will take place. If this is the case you will be advised in advance and at the event. Where necessary we will obtain consent.

Video Conferencing - When events are held using video conferencing applications, some personal data may be collected by the companies who own these applications. This may include your name, username, email address, your computer’s IP address and device name.

Where University-approved video conferencing applications are used to record meetings, personal data captured within the recording are stored for a limited period within the cloud service owned by that company, on behalf of the University.

The University may choose to retain the recording on its own servers for a longer period. Where recording is taking place, you will be notified of this prior to the event taking place and it will be clearly visible to all participants during the event.

For further information about how third-party applications may use your data, please read the privacy policy of the relevant video conferencing application.

When booking University conferencing/event facilities and/or associated services, e.g. catering, we will require contact details (as set out on the booking form) to manage and process your booking and payment information.

Why we require this information and our lawful basis

We require information to:

-          manage your booking and/or attendance (including access and dietary requirements);

-          comply with legal obligations, e.g. health and safety, public health, equality requirements and/or licensing requirements; or

-          communicate with you after the event or about future events (depending on your marketing preferences).

We process your information on the basis that:

-          it is necessary to fulfil a contract with you;

-          it is in the legitimate interests of the University to process your information;

-          it is necessary to deal with emergency situations (vital interests);

-          we have a legal obligation, e.g. health and safety legislation or equality monitoring; - it falls within the University’s public task relating to learning/teaching/research activities; or

-          we have your consent to process the information.

Where collect any special category data (for example, relating to health, racial or ethnic origin etc.), we process on the basis that:

-          we have obtained your explicit consent;

-          it is necessary for reasons of substantial public interest (equality of opportunity)

-          we have a legal obligation, e.g. health and safety legislation or equality monitoring; - it is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes; or

-          it is necessary to deal with emergency situations (vital interests).

Disclosing your information

Your information may be shared with third party agents appointed by CMAC to provide event services. These agents will only act under instruction from the University.

If the event is being organised with another partner, who your personal information will be shared with, you will be advised of this when booking the event.

Where events which involve networking, we may want to share your contact details with other attendees. If we plan to do this, we will ask for your consent when you register for the event.

Transferring data internationally

Your data will not be shared outside the United Kingdom, unless it is to a country covered by the UK ‘adequacy regulations’ (declaring the recipient country as a 'safe' territory for personal data) or by another safeguard, as set out in applicable data protection legislation.

How long your information is retained

Your personal data will only be retained for as long as is necessary. This may vary depending on the purpose of the event and if there are to be any follow-up events, for example.

Information will be retained to manage marketing lists, until you unsubscribe.

Data is required as part of a statutory or contractual requirement or obligation

You will be advised of any statutory or contractual requirements or obligations as part of the booking process/event information.

Your rights

Under data protection legislation, you have a number of rights* including the right to:

-          withdraw consent, at any time, where that is the lawful basis of our processing;

-          access your personal data and obtain a copy, free of charge;

-          rectify inaccuracies in personal data that we hold about you;

-          erasure, that is have your details removed from systems that we use to process your personal data;

-          restrict the processing in certain ways;

-          obtain a portable copy of data you have given to us in a commonly used electronic form; and

-          object to certain processing of your personal data by us.

*Please note that the ability to exercise these rights will vary and depends on the lawful basis under which the processing is being carried out.

Please contact dataprotection@strath.ac.uk if you wish to exercise/enquire about any of these rights.

Complaints

If you wish to make a complaint about how we have handled your personal data, you can contact the Data Protection Officer at dataprotection@strath.ac.uk.

If you are not satisfied with our response or believe we are not processing your personal data in accordance with the law, you also have the right to complain to the Information Commissioner’s Office (https://ico.org.uk/concerns/).