Events privacy notice

When you sign up to attend an event hosted by us we will collect one or more of the following categories of your personal data within the event organisation and follow-up work we conduct:

• Name(s), Email Address, Phone number
• Job Title, occupation, place of work, employer
• Areas of interest 
• Opinions you have expressed to us which are relevant to an event 
• Publicly available personal information (e.g. from websites and social media platforms)
• Social media handles and publicly expressed content
• Videos of you where you are in the background when you attend an in-person event we are recording
• Videos of you or Podcasts recordings of you where you are acting as a speaker for our work or being interviewed on or off camera either as an invited guest or as an attendee of an event the Centre is holding
• Accessibility and/or dietary needs/preferences (in relation to events management)
• If applicable, payment details managed by a third-party payment provider

To complete the objectives of the Centre, events are fundamental to its success. Event communications are important to deliver on the Centre’s strategic aims.

The reasons we use your personal data for events work, which will depend on how we capture your personal information, includes:

• To send you information about online and in-person events
• To invite you to attend and/or register you for an online or in-person event
• To manage your data in context of an event which may mean taking payment, alerting you to issues, reviewing your application to the event and sending you updates about the event
• To add you to the Centre’s  list of sector related stakeholders once you have registered for an event, to receive communication from us or registered an interest from another source
• To transcribe audio captured from any recorded interviews, workshops or focus groups we have with you as a participant
• To gather opinions from you on the event activities we are conducting
• To understand and if appropriate take action where the Centre is under any legal or regulatory obligations regarding the uses of your data
• To use in promotional collateral and material as still images or videos where we have either sought your permission to do so or you have verbally agreed have an ad hoc photo taken or to participate in an on-camera interview at a the Centre event you are attending (you may appear in the background and be recognisable)
• To allow for accessibility and dietary needs/requirements at our events
• To improve upon previous communications work and activities, to develop capacity and the ability for the Centre to perform its service to society

If you no longer want to receive event communications from us, you can unsubscribe from our mailing list at any time by please clicking the unsubscribe link, at the bottom of our emails or by emailing dpo@theevidencequarter.com detailing your name and email address and indicating that this is in relation to the unsubscribing.

Collection of your personal information within events will be via one or more of the following:

• When you register or sign up for the the Centre events on our website or via direct contact
• When we communicate with you to request direct feedback from you which may be via email, direct message, unified communications or social media platform
• From events location/space service providers to accommodate for any needs or requirements
• When we record you at an event either foreground or background depending on the circumstances of the recording taking place (we will also provide a Privacy Notice at the events location)
• External event registration locations
• Where relevant, when we take payment from you

We use third party providers to manage event registrations and sign-ups, edit and possibly transcribe recorded footage and to take payments where required. These third parties gather further personal information on behalf of the Centre in conjunction with their services to the Centre. 

We also gather statistics around email opening, clicks, event attendance, engagement levels and events management using industry standard technologies to help us monitor and improve our communications work.

The Centre maintains Data Processing Agreements with all third-party providers where personal data is being collected and processed on the Centre’s behalf.

We will only keep personal information for as long as it is needed to fulfil the purpose for which it was collected.

If you attend one of our events, we will use your information for the purpose of the event and will only contact you for any other purpose if you have said we can. We will retain your personal information collected for the purpose of the event for 3 years for evaluation and organisation development purposes to help us understand our audience and reach, and to improve future events.

We review all Communication’s activities lists on an annual basis and delete, update or request confirmation of accuracy of data and/or preferences where appropriate or required.

We take the security of your information very seriously and have put physical, technical, operational, and administrative strategies, controls and measures in place to help protect your personal information from unauthorised access, use or disclosure as required by law and in accordance with accepted good industry practice. We will always keep these under review to make sure that the measures we have implemented remain appropriate.

We use Google Workspace & Google Cloud Platform for the secure storage of personal information processed by us. Through the use of Google services, the organisation is able to provide a high level of security around the storage of highly sensitive personal data which is captured within a high variety of our activities. You can find further security and compliance information in the Google Compliance Resource Centre, Privacy Resource Centre and the Google Cloud & the GDPR pages.

Your personal data may also be stored with specific third-party services for the minimum period necessary to perform activities with your personal information. Each third-party is subject to contractual and security reviews to ensure adequate and comparative levels of security, we’d expect for ourselves, is provided for the data they process on our behalf. 

The types of third-party providers we use include, but are not limited to:

• Transcription services
• Mass email services
• Communications providers
• Survey platform services
• Client Relationship Management services
• Website services and platform providers
• IT services organisations

Where appropriate, we may share your personal information with our professional advisers including our lawyers and auditors, project partners, industry experts, peers (of a group you are involved in as a Sector Stakeholder), and local and central government departments where it is strictly necessary. It is also possible that we may be required to share your data to comply with applicable laws or with valid legal processes, such as in response to a court order.

Whenever we transfer your personal data out of the UK, we ensure a similar degree of protection is afforded by implementing at least one of the following safeguards:

• Transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the UK (the UK also recognises the European Commission list of adequate countries. For further details, see European Commission: Adequacy of the protection of Personal Data in non-EU countries)
• Specific contracts/agreements approved by the UK which give personal data the same protection it has in the UK. For further details, see UK International Data Transfer Agreements. We will also assess in-country standards as part of this process.

We may share the information we gather with other organisations in these scenarios (where this has been outlined in the privacy notice). The following list is non-exclusive:

• Evaluators and Delivery Partner organisations and other organisations that are funded by us or collaborating with us on projects or pieces of research.
• Independent contractors or suppliers we hire to work on specific projects or pieces of research we conduct or commission.

Where there is a requirement or desire to archive your data for purposes of public interest which may mean the possibility of a secondary use, we carefully review all organisation’s research project proposals to maintain appropriate safeguarding of data when access is granted.

We process personal information for our events work based on different legal bases:

• Legitimate Interest: We may rely on our legitimate interests to process your personal data, provided that such interests are not overridden by your interests, fundamental rights, or freedoms. 
• Consent: We may rely on the consent that you provide us at the point of collection of your personal data to use such information for the purposes outlined herein (you are able to opt-out or unsubscribe at any time).
• Public Task: From time-to-time when we carry out events activities, we may have to process personal data to perform a task that’s in the public interest or in the exercise of a Centre funder’s official authority.
• Legal: We may process your personal data if necessary for us to comply with a legal obligation arising under an applicable law to which we are subject.

We would like to make sure you are fully aware of all of your data protection rights. Every user is entitled to the following:

• The right to access – You have the right to request copies of your personal data. We may charge you a small fee for this service.
• The right to rectification – You have the right to request that we correct any information you believe is inaccurate. You also have the right to request we complete any information you believe is incomplete.
• The right to erasure – You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing – You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing – You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability – You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. 

If you would like to exercise any of these rights, please contact us at info@whatworkswellbeing.org.

If you have any questions about our privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us.

We kindly request you allow us the opportunity to address your complaints when they arise.

If you have any concerns about our use of your personal information, you can make a complaint to us by contacting dpo@theevidencequarter.com 

You can also complain to the UK Information Commissioner’s Office (ICO) using the details below if you are unhappy with how we have used your data. We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please contact us in the first instance.

The ICO’s address:   

Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Helpline number: 0303 123 1113

ICO website: https://www.ico.org.uk

Changes to this privacy notice

The What Works Centre for Wellbeing reserves the right to update this privacy notice at any time, and we will provide you with a new privacy notice when we make any substantial updates. We may also notify you in other ways from time to time about the processing of your personal information.