Skip to main content
  1. Home
  2. Main privacy policy of the Department for Business and Trade

Privacy policy for attending a Department for Business and Trade event

Purpose of this document

The Department for Business and Trade (DBT) is committed to protecting the privacy and security of your information.

This privacy notice describes how DBT as a ‘data controller’ collects and uses personal information about you when you register for one of our in-person or online events in accordance with UK Data Protection legislation, including the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are required under data protection legislation to notify you of the information contained in this privacy notice. It is important that you read this notice so that you are aware of how and why we are using your information.

What data we collect

Personal data we collect includes your:

  • name
  • organisation and role
  • contact details (email address and phone number)
  • dietary requirements
  • accessibility requirements
  • car registration
  • travel arrangements
  • passport or visa number

Depending on the event, we may not collect all of this information. Occasionally, we may need to collect information from you which is not on this list, either at registration or afterwards.

Some of our events involve filming and photography. Where this is the case, we may capture your image if you enter into an area where filming or photography is taking place. These areas will be designated by signage or by other means.

Why we need your data

The information you provide will be processed by DBT and selected third parties in order to facilitate your attendance at the event you have registered for. This may include:

  • contacting you about the event
  • ensuring your dietary and accessibility requirements are met
  • enabling your access to any event technology
  • printing name badges
  • facilitating your travel to and from the event
  • ensuring event security

Other purposes which may be relevant (to be considered on a case-by-case basis) are to:

  • use some of your information to create or update your record on our Client Relationship Management (CRM) system
  • use photographs and film of our events, which may feature your image, to promote the work of the department on our social media channels.
  • contact you about other DBT events and services you may be interested in, or to invite you to participate in research.
  • share your contact details with event sponsors for marketing purposes but only with your consent

Lawful basis for processing

We rely on the ‘public task’ lawful basis, where the processing is necessary for us to perform a task carried out in the public interest or for one of our official functions (Article 6(1)[e]) to:

  • facilitate your attendance at the event to which you are registering
  • create or update your record on our Client Relationship Management (CRM) system
  • use photographs and film of our events, which may feature your image, to promote the work of the department on our social media channels
  • process dietary requirements, passport details and/or visa details
  • contact you about other DBT events and services you may be interested in, or to invite you to participate in research

Lawful basis for processing special category data

When we process your dietary requirements and accessibility requirements, we do so on the basis of Article 9(2)(h) of the UK GDPR, which permits processing for purposes of health or social care.

Your rights

When processing personal data under the public task lawful basis, you have the following rights:

  • Right to be informed: you have the right to be informed about the collection and use of your personal data
  • Right of access: you can request access to your personal data
  • Right to rectification: you can request correction of inaccurate or incomplete personal data
  • Right to restrict processing: you can request the restriction of processing of your personal data in certain circumstances
  • Right to object: you have the right to object to the processing of your personal data

Please note that the right to erasure and right to data portability do not apply when processing is based on public task.

Article 9(2)(h) (Special category data)

When processing special category data under Article 9(2)(h), you have the following rights:

  • Right to be informed: you have the right to be informed about the collection and use of your special category data
  • Right of access: you can request access to your special category data
  • Right to rectification: you can request correction of inaccurate or incomplete special category data
  • Right to restrict processing: you can request the restriction of processing of your special category data in certain circumstances
  • Right to object: you have the right to object to the processing of your special category data

These rights ensure that you have control over your personal and special category data and can take action if you believe your data is being processed unfairly or inaccurately.

Third party processors

We use Microsoft products to communicate with you and to run online events.

We use Stova to collect registration information.

We may use Bray Leino and Live Group to help manage event delivery and to process your personal data accordingly. Bray Leino and Live Group use sub-contractors, for example, to print name badges and to provide delegate networking technology.

We have contracts with our data processors which means they are required to meet appropriate security standards and cannot use your data without our instruction.

How we share your information

We will, in some circumstances and where the law allows, share your data with other government departments, agencies, public bodies, and third-party service providers which may include, but are not limited to:

  • our event partners, where the event you register to attend is co-delivered
  • our third-party data processors as governed by contract
  • our event sponsors for marketing purposes, when you have provided your consent
  • event venues, to ensure your accessibility requirements are met
  • caterers, to ensure your dietary requirements are met
  • airlines, travel agencies and hotel groups, to facilitate your travel to and from the event
  • other government departments, public authorities, law enforcement agencies and regulators, for example to ensure event security
  • other third parties where we consider it necessary in order to fulfil our functions as a government department
  • responses to information requests, for example, under Freedom of Information (FOI) law or the Environmental Information Regulations (EIR), where not exempt
  • a court, tribunal or party where the disclosure is necessary in order to exercise, establish or defend a legal claim
  • The National Archives, for archival purposes

You will be notified if your information is shared with other third parties not included in this list.

Aggregated analysis of responses may also be shared with

  • Information Commissioner’s Office (ICO)
  • Government Internal Audit Agency (GIAA)
  • National Audit Office (NAO)

We will not:

  • sell or rent your data to third parties
  • share your data with third parties for their marketing purposes

We will also share your data if we are required to do so by law or regulation, for example, by court order or to prevent fraud or other crime.

How long we keep your data

In line with our records management and retention and disposal policy, we will only retain your personal information for as long as:

  • it is needed for the purposes set out in this document
  • the law requires us to

We will retain your personal information for up to 10 years from the date on which it is provided or subsequently updated, in order to fulfil the purposes for which it was collected.

How we protect your data and keep it secure

We are committed to doing all that we can to keep your data secure. We have set up systems and processes to prevent unauthorised access or disclosure of your data. For example, we protect your data using varying levels of encryption. All personal data is stored in the European Economic Area (EEA).

We also ensure that any third parties keep all personal data they process on our behalf secure.

Contact us

If you have any requests relating to your rights or have questions about this privacy policy and how we handle your personal information, you can contact:

Data Protection Officer

Department for Business and Trade
Old Admiralty Building
Whitehall
LONDON
SW1A 2DY

Email: data.protection@businessandtrade.gov.uk

Information Commissioner’s Office 

Contact the Information Commissioner for independent advice about data protection, privacy, and data-sharing issues.

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113
Textphone: 01625 545860

Email: casework@ico.org.uk

Changes to this privacy policy

We reserve the right to update this privacy policy at any time and we will provide you with a new privacy notice when we make any substantial updates.

Confidentiality

Information provided whilst using this service, including personal information, may be disclosed in accordance with access to information regimes, primarily the Freedom of Information Act 2000 (FOIA).

If you want the information you provide to be treated confidentially, please be aware that, in accordance with the FOIA, public authorities are required to comply with a statutory code of practice that addresses obligations of confidence, among other things.

Something went wrong. Please try again.

Was this page useful?

Thanks for letting us know

Can you tell us why this page was useful?

Do not share any personal or commercially sensitive information.

Cancel

Thanks for letting us know

Can you tell us more about your feedback?

Do not share any personal or commercially sensitive information.

Cancel

Thanks for your feedback