Overview
Worldwide Projects and Events needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts and other people the organisation has a relationship with or may need to contact. If you fall into one of these categories, then you are a “data subject” for the purposes of this policy. Worldwide Projects and Events is the “data controller” for the purposes of your personal data.
Your privacy is extremely important to us. We take the security and privacy of your data seriously. This privacy policy explains what personal information we have, how we use it and how you can check and update any of your personal information.
Why do we collect information about you?
When you contact us to make an enquiry, we collect information, including your personal data, so that we can respond to it and fulfil our responsibilities to you. We need enough information from you to answer your enquiry.
We hold the names and contact details of individuals acting in their capacity as representatives of their organisations, across the business. If this is in relation to suppliers, contracts, exhibition management, IT services etc., the legal basis for processing this data is article 6(1)(f) of the GDPR because this is within our legitimate interests as a business. Processing specific, relevant information is necessary for the performance of our contract with clients.
Where does the information about you come from?
Most of the personal information we process is provided to us directly by you for example:
- You have made an enquiry to us
- You are representing your organisation
Our lawful basis for processing this data is consent, where the data subject has agreed to process their data for a specific agreed purpose, for example to complete a project.
We also receive personal information indirectly, for example:
- We have contacted an organisation about a project a client has asked us to undertake and you have given us your personal information in response
- Your personal information is contained in instructions given to us by exhibition organisers
- From other regulators or exhibition organisation bodies
We may collect your data from publicly accessible sources, such as exhibition pro-grammes or show guides. We sometimes do this in order to combine, match or add to information that we already hold on an individual. For more information about this kind of data processing, please read our data protection impact assessment.
What information do we collect about you?
We may collect and use the following types of personal data about you:
- Your name
- Your business address
- Your business email address
- VAT registration number
- Credit reference agencies
How do we store this information about you?
Everyone who works for, or on behalf of, Worldwide Projects and Events has some responsibility for ensuring data is collected, stored and handled appropriately, in line with this policy.
When data is stored on paper, when not in use it is kept in a secure place where unauthorised people cannot see it; in a locked room. Employees make sure that paper printouts are not left where unauthorised people could see them, like on a printer. Data printouts are disposed of securely when no longer required.
Where data is stored electronically it will not be saved on personal computers, but on a secure server. To protect the individual’s data, we apply restricted access controls on where the data is stored on the server. Staff members have strong passwords and save their client data onto their own secure part of the server.
For how long do we store this information about you?
Personal data that we process for any purpose shall not be kept for longer than is necessary for that purpose.
Unless we contact you and obtain your consent for us to retain your personal data for a longer period, we will retain and delete your personal data as follows:
- Contact data will be retained for 7 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our system
- Employment data will be retained for 7 years
- Website data will be retained for 7 years
- Enquiry data will be retained for 7 years following the date of our last contact or dealing with you, at the end of which period it will be deleted from our system
- Payment data will be retained for 7 years
We may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
How do we use the information about you?
We collect information to process customer orders and manage their accounts, or to take steps at their request prior to entering a contract.
We process personal information for certain legitimate business purposes, which include some or all of the following:
• Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our customers
• To identify and prevent fraud
• To enhance the security of our network and information systems
• To better understand how people interact with our website
• To determine the effectiveness of promotional campaigns and advertising
Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take into account of these rights. You have the right to object to this processing if you wish. Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit.
When do we disclose your information?
We are committed to ensuring that your information is secure. We will only share data with our employees, contractors, agents or professional advisors insofar as reasonably necessary in order to fulfil a valid, stated purpose.
We may share your personal data with other companies to carry out our obligations under our contract with you. We require those companies to keep your personal data confidential and secure and to protect it in accordance with the law. They are only permitted to process your data for the lawful purpose for which it has been shared and in accordance with our instructions.
We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.
Marketing
We may use your data to contact you for marketing purposes. You will usually have expressly agreed in advance to our use of your personal information for marketing purposes.
If you have consented to receive marketing from us, you have a right at any time to withdraw consent. If you make an objection, we will stop processing your personal data for this purpose.
The information we collect for marketing purposes is typically your full name, business phone number and business email address.
Our lawful basis for processing data for marketing communications is legitimate interest. Please read our legitimate interest assessment.
Data that is stored for marketing purposes is held via our secure server and some secure third party websites including but not limited to MailChimp. Please read MailChimp’s Privacy Policy.
We use a third-party provider, Hootsuite, to manage our social-media interactions. If you send us a private or direct message via social media, it will be stored by Hootsuite for three months. It will not be shared with any other organisations. Please read Hootsuite’s Privacy Policy.
We do not hold data indefinitely, we periodically carry out data cleanses of inactive and old contacts to ensure that our correspondence is relevant and up to date.
Website
We may process data about your use of our website.
The website data may include your IP address, geographical location, browser type and version, operating system, referral source, length of visit, page views and website navigation paths, as well as information about the timing, frequency and pattern of your use of our website. The source of the website data is our analytics tracking systems Google Analytics and Lead Forensics. This website data may be processed for the purposes of ana-lysing the use of the website and services.
The legal basis for this processing is our legitimate interests, namely monitoring and improving our website and services. Please read Google’s Information for Visitors of Sites Using Google Analytics. Please read Lead Forensics’ Software Data Compliance Policy.
How can you access or correct the information we hold about you?
You may exercise any of your rights in relation to your personal data by written notice to us by email or post using the contact information in this document.
We want to make sure that your personal information is accurate and up to date. If you believe that any information we are holding on you is incorrect or incomplete, please write to us by email or post using the contact information in this document. We will promptly correct any information found to be incorrect.
You have the right to request to see or erase the information that we hold about you. If you would like a copy of some or all of your personal information, please write to us by email or post using the contact information in this document.
You have the right to complain to the Information Commissioner. You can do this by contacting the Information Commissioner’s Office directly. Full contact details can be found on their website.
How to contact us
Please contact us if you have any questions about our privacy policy or information we hold about you using the contact information in this document.
Changes to our privacy policy
We keep our privacy policy under regular review and we will place any updates on to this document. This privacy policy was last updated on 12/06/2018.