Event planning and newsletter privacy notice
Updated 29 November 2023
The Government Digital Service (GDS) and Central Digital and Data Office (CDDO) host events to support the delivery of platforms, products and services, as well as digital, data and technology for government.
GDS and CDDO are part of the Cabinet Office. The ‘data controller’ for GDS and CDDO is the Cabinet Office – a data controller determines how and why personal data can be processed. Read the Cabinet Office’s entry in the Data Protection Public Register for more information.
What data we collect from you
We may collect personal data to arrange and hold events or distribute materials that support our official functions. The personal data we collect from you includes:
- name
- business contact details
- email address
Where we use our suppliers to provide video conferencing and online collaboration tools, the information may also include IP address and session data. You can refer to the privacy policies of the suppliers when accessing their tools for more information.
Recording the event
If the event is virtual, we may record it. When this happens, we will inform you in the event invitation that recording will take place, and again at the start of the event before recording begins. The full consent process for recording virtual events is managed on an event by event basis.
Our legal basis for using your data
When we arrange and hold events and distribute corresponding material in support of our official functions, the legal basis for processing your data is in the exercise of a public task. This means we need to process your personal data to perform the functions of a government department: in particular, to support the delivery of platforms, products and services, as well as digital, data and technology for government.
When we record events that are held virtually, the legal basis for processing your data is your consent. The full consent process is managed on an event by event basis. However, if you do not want to be recorded during a virtual event, you can simply turn your camera and microphone off.
Why we need your data
We need to process personal data to support communication and collaboration between teams within government departments.
What we do with your data
GDS and CDDO use third party applications to facilitate information sharing, collaboration and event organisation with other government departments.
The types of applications include:
- mailing list providers
- event management tools
- video conferencing tools
We use these applications to send out news and updates, and to hold virtual conferences.
These applications are ‘data processors’, which means they process personal data on behalf of GDS and CDDO.
How long we keep your data
We will keep your personal data for a maximum of 2 years.
Our data processors will hold the information for as long as the service is used.
Where your data is processed and stored
As your personal data is stored on our IT infrastructure and shared with our data processors, it may be transferred and stored securely outside the United Kingdom. Where that is the case it will be subject to equivalent legal protection through the use of Standard Contract Clauses.
Your personal data may be transferred outside the United Kingdom while being processed by our data processors. When this happens, your personal data is protected through the use of Standard Contract Clauses.
We also design, build and run our systems to make sure that your data is as safe as possible at any stage, both while it’s processed and when it’s stored.
Who we share your data with
As part of the activities described above we share your personal data with our data processors who provide:
- mailing list providers
- event management tools
- virtual collaboration tools including video conferencing and virtual whiteboards
How we protect your data and keep it secure
We are committed to doing all that we can to keep your data secure. We set up systems and processes to prevent unauthorised access to or disclosure of the data we collect about you – for example, we protect your data using varying levels of encryption. All third parties that process personal data for GDS and CDDO are required to keep that data secure.
Your rights
You have the right to request:
- information about how your personal data is processed, and to request a copy of that personal data
- that any inaccuracies in your personal data is rectified without delay
- that any incomplete personal data is updated - you can include the missing information in your request
- that your personal data is erased if there is no longer a justification for it to be processed
- that the processing of your personal data is restricted in certain circumstances - for example, where accuracy is contested
If you have any of these requests, get in contact with us at our contact details below.
Questions and complaints
Contact the GDS Privacy Team if you:
- have any questions about anything in this document
- think that your personal data has been misused or mishandled
- want to make a subject access request (SARS)
Cabinet Office (Government Digital Service)
The White Chapel Building
10 Whitechapel High Street
London
E1 8QS
Email: [email protected]
The contact details for our Data Protection Officer are:
The Data Protection Officer provides independent advice and monitoring of Cabinet Office’s use of personal information.
You can also complain to the Information Commissioner, who is an independent regulator.
Information Commissioner's Office
Email [email protected]
Contact form https://ico.org.uk/glo...
Telephone 0303 123 1113
Textphone 01625 545 860
Changes to this notice
We may change this privacy notice. When we make changes to this notice, the ‘last updated’ date at the bottom of this page will also change. Any changes to this privacy notice will apply to you and your data immediately. If these changes affect how your personal data is processed, GDS will take reasonable steps to let you know.