Women of the Year Luncheon & Awards Privacy and Fair Processing Notice
How Women of the Year Luncheon and Awards uses Personal Data
Women of the Year Luncheon and Awards Limited collects, holds and processes personal data relating to its nominees/guests, which is essential for it to manage its operations fairly and effectively. These activities are carried out in accordance with the General Data Protection Regulation 2016 and Women of the Year Luncheon and Awards Limited’s Data Protection & Retention Policy.
The data held by Women of the Year Luncheon and Awards Limited, is mainly taken from the details that guests provide during the nomination/event booking process, and may be added to as necessary and appropriate.
During the nomination/event booking process, guests give their consent for Women of the Year Luncheon and Awards Limited to process and retain their personal and company data, with a legitimate interest for doing so.
Women of the Year Luncheon and Awards Limited provides this Privacy and Fair Processing Notice to inform nominees/guests of how their personal and company data will be processed by Management and the purposes for which the data has been collected.
What is personal data?
As a general guide, anything that counted as personal data under the Data Protection Act also qualifies as personal data under the GDPR. Under the Regulation, personal data is data which relates to a living/natural individual who can be identified from that data or from other information which is in the possession of, or is likely to come into the possession of, the data controller. In this case, the data controller is Women of the Year Luncheon and Awards Limited. It includes any expression of opinion about the individual as well as statements of fact.
IP addresses now qualify as personal data. Other data, like economic, cultural or mental health information, are also considered personally identifiable information. ‘Pseudonymised’ personal data may also be subject to GDPR rules, depending on how easy or hard it is to identify whose data it is.
What is meant by data ‘processing’?
The processing of data includes obtaining, recording, storing, organising, maintaining, updating, retrieving, using, disclosing, transferring, and deleting.
Is consent to data processing always necessary for employment purposes?
According to Article 9, S.2(b) of the GDPR:
Consent is not required where “processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment …. for appropriate safeguards for the fundamental rights and the interests of the data subject;” provided the connection is conferred or imposed by Law.
Types of personal data processed
Types of personal data that Women of the Year Luncheon and Awards Limited may process, although not an exhaustive list, are:
- personal details (name, address, photographs or other digital images, date of birth, contact details)
- e-mail addresses
- registration form and any references
- financial information such as bank details, etc
- qualifications and professional registration details and certificates
- eligibility to work documents, licences and clearances
- dispute or litigation case information
- all information contained on either our nomination or booking form
- emergency contact information
The General Data Protection Regulation 2016
The Regulation requires Women of the Year Luncheon and Awards Limited to process personal data in line with its 7 principles:
- Fairly, lawfully and transparently – the Data Subject has given consent
- Purpose limitation – consider what the data is held for
- Data minimisation – nothing held that isn’t necessary
- Accuracy – information must be correct and up to date
- Storage limitation – for no longer than is reasonably necessary
- Integrity & confidentiality – data to only be accessed by authorised people
- Accountability – the Data Controller (company) has the burden of proof to evidence that they are compliant, not the individual (this is a major change from the DPA).
How your personal data will be used by Women of the Year Luncheon and Awards Limited
To manage its operations effectively, provide nomination information to Judges and Sponsors and meet certain legal requirements, Women of the Year Luncheon and Awards Limited will process and maintain the personal data and company data of its guests. This personal data may include all or any of the above listed data types.
Personal data may be shared by Women of the Year Luncheon and Awards Limited to provide guests with information and support.
Women of the Year Luncheon and Awards Limited may also use personal data and/or company data to produce non-identifiable statistical data for analysis to fulfil monitoring commitments for purposes such as Equality & Diversity, demographical reports, etc.
Sharing your personal data (disclosures to third parties)
Women of the Year Luncheon and Awards Limited may disclose appropriate personal and company data to third parties where there is a legitimate need or obligation, during or after a nominees/guests participation in the event. Such disclosure is subject to procedures to ensure the identity and legitimacy of such agencies. These third parties may include the following:
- Sponsors of Women of the Year Luncheon and Awards Limited
- Judges of the Women of the Year Luncheon and Awards Limited Business Award.
- Other relevant partner organisations, such as our marketing partner, Law Firms, etc.
- Third parties performing or providing resources for administrative functions on Women of the Year Luncheon and Awards Limited’s behalf
- The Government and other local authorities during information gathering exercises when Women of the Year Luncheon and Awards Limited is legally obliged to provide data
- Police, crime or taxation agencies regarding the detection or prevention of a crime
This is not an exhaustive list and such third parties may have access to employee data only for the purpose of performing their function.
Any disclosures to third parties not listed here will be made only where there is a legitimate reason to do so and in accordance with the law and with prior affirmative consent from the nominee/guest.
Women of the Year Luncheon and Awards Limited may also use third party companies as data processors to carry out certain administrative functions on the company’s behalf. If so, a written contract will be put in place to ensure that any personal data disclosed will be held in accordance with the GDPR.
Nominees/Guests have certain rights and responsibilities regarding their personal and company data, including:
- To know what personal data Women of the Year Luncheon and Awards Limited holds about them and what it is used for
- To securely access and review their own personal data
- To request that their personal data is accurately updated/rectified if they believe that it is out of date or incorrect (supporting evidence must be provided, where appropriate)
- To request to have their data erased and to ‘be forgotten’ (this is not an automatic right, but if granted, Women of the Year Luncheon and Awards Limited will ensure total deletion of data, i.e. from its own systems and those of partner organisations/third parties)
- To know how Women of the Year Luncheon and Awards Limited is complying with its obligations under the Regulation
- To make a complaint if they believe that the GDPR and/or Women of the Year Luncheon and Awards Limited’ Data Protection/Retention policy has not been followed.
Nominees/Guests have a responsibility to ensure that the personal and company information they provide to Women of the Year Luncheon and Awards Limited is accurate and up to date.
Nominees/Guests wishing to receive a copy of their own data can do so by making a Subject Access Request to the Directors.
For any queries regarding the General Data Protection Regulation and how this affects your membership, please contact the Directors at [email protected]
The Information Commissioner’s Office: www.ico.org.uk.