Guidance

Cross-government content community events privacy notice

Updated 29 November 2023

Content community events are run by the GOV.UK content community team. Events aim to help grow capability in the content profession, share best practice and network with others.

Content community events are provided by the Government Digital Service (GDS) which is part of the Cabinet Office. The data controller for GDS is the Cabinet Office – a data controller determines how and why personal data can be processed. Read the Cabinet Office’s entry in the Data Protection Public Register for more information.

What data we collect from you

The personal data we collect from you will include:

  • name
  • email address
  • job title
  • organisation

We will also make use of:

  • gender
  • any disabilities which need to be considered (by us) to enable participation at the event

The legal basis for processing this data is that it’s necessary for:

  • a contract you have with us (if you’re a staff member)
  • performing a public task

If you’re not a GOV.UK publisher the legal basis is consent.

We may also have photography taking place at our events for which we will seek consent per event notification.

The legal basis for processing sensitive health personal data is that it’s necessary for us to comply with the law.

Why we need your data

We need this information to effectively manage the event you would like to attend.

This includes making sure:

  • we know who is attending and capacity limits are not exceeded
  • the event is accessible and caters to everyone’s needs as much as possible including those with disabilities
  • we maintain a diverse and equal audience

We also use the data, specifically your name, job title and organisation, to create name badges for the event.

What we do with your data

We will make sure your data is only used in relation to the event you are attending for the purpose of event management and communications.

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for marketing purposes

We will share your data if we’re required to do so by law – for example, by court order, or to prevent fraud or other crime.

How long we keep your data

We will keep your personal data for 3 years or until consent is withdrawn.

Where your data is processed and stored

We design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.

Your personal data may be transferred outside the European Economic Area (EEA) while being processed by GDS. If this happens, we’ll make sure you’re given the same level of technical and legal protection as you are within the EEA.

The tool we use to manage content community events is operated by a US company which offers safeguards to data handling supported by Model Contract Clauses. The US Privacy Shield also supports the safeguarding of your personal data.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access to or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All third parties that process personal data for GDS are required to keep that data secure.

Children’s privacy protection

We don’t design or promote services for children who are 13 years of age or younger, and we don’t intentionally collect or keep data about anyone under the age of 13.

Your rights

You have the right to request:

  • information about how your personal data is processed
  • a copy of that personal data - this copy will be provided in a structured, commonly used and machine-readable format
  • that anything inaccurate in your personal data is corrected immediately

You can also:

If you have any of these requests, get in contact with our Privacy Team - you can find their contact details below.

If you gave your consent for us to collect and process your data, you have the right to:

  • withdraw your consent - this can be done at any time
  • request a copy of your personal data - this copy will be provided in a structured, commonly used and machine-readable format

Changes to this notice

We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the top of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, GDS will take reasonable steps to make sure you know.

Questions and complaints

Contact the GDS Privacy Team if you:

  • have any questions about anything in this document
  • think that your personal data has been misused or mishandled
  • want to make a subject access request (SARS)

Email: [email protected]

The contact details for our Data Protection Officer are:

Data Protection Officer

Cabinet Office
70 Whitehall
London
SW1A 2AS

You can also complain to the Information Commissioner, who is an independent regulator.

Information Commissioner's Office

Email [email protected]

Contact form https://ico.org.uk/glo...

Telephone 0303 123 1113

Textphone 01625 545 860