Privacy Notice

Your privacy and the protection of your personal information is important to us. We are committed to robust compliance with the UK General Data Protection Regulation 2016 and the Data Protection Act 2018.

This notice is also for visitors to our conference stand.

Who We Are

[Organisation Name] is the Data Controller for any personal data you give to us. Our contact details are:

Address       2^nd Floor, Kelvin House, RTC Business Park, London Road, Derby, DE24 8UP
Telephone    07883 328933

Email            DDLMC.thehubplus@nhs.net

You can find us in the Information Commissioner's register of organisations who have paid the Data Controller fee here, reference number ZB185889.

In the rest of this document, we will refer to the organisation as "we" or "us". When discussing "Our Services" we mean all our offerings including training courses, webinars, products, and publications.

If you have any questions about our use of your personal information or wish to exercise your GDPR rights, please contact our Data Protection Lead, Paul Couldrey.

What Information We Process About You and Why

1. Website Users

On some parts of our website, we will automatically capture:

• Internet Protocol (IP) address
• App ID
• Device ID
• Vendor ID

This means our systems may keep a record of what type of device and app you are using to access our online services and from what online location. This is usually anonymised and we cannot identify you from the information alone.

2. Service Users

If you also book a training course or webinar (or order a product from us) we will process all the personal data you, or others on your behalf such as your employer, disclose to us when completing the booking form or by booking training. This includes your name, organisation, office address, contact details, previous courses attended and payment method. We will use this information to:

• Deliver our contract to provide our services to you
• Contact you with regard to any matter arising from your booking or attendance at our events
• Plan our services and marketing activities on a general level
• Keep you informed of forthcoming training events run by {organisation Name]but only where you have consented to this when booking or subsequently

 Sharing Your Information

We will normally only use your personal data internally and will not disclose it to third parties except where we are required by law, to exercise or defend our legal rights or where you have given your express consent. Some exceptions to this are:

• We may also need to share your information with our hotels, venue providers and trainers to ensure that appropriate arrangements are made for you where you have specific dietary or access requirements.
• We share your name and organisation with our trainers and consultants so that they can customise our courses to your needs.
• From time to time an employer may request details of course attendance by their staff. We will disclose this information only where the employer has paid for the course or has allowed staff time off work for this purpose. In all other situations we will seek your written consent.

 Our Legal Basis

We have a legal basis for processing your personal data in accordance with Article 6 of UKGDPR.

As a provider of information governance training courses, webinars and products most of the information set out above is processed to fulfill a contract with you or, for your benefit, with your employer. Without it we would not be able to process your booking or attendance at our events.

We also have a legitimate interest in processing other information about you for the purpose of the smooth running of our business, for marketing and for planning purposes.

How Long We Keep Your Personal Data

By law we have to keep basic information about receivers of our services for a minimum of 6 years for tax purposes.

Where you are a regular attendee on our courses, we will keep your personal data for longer to speed up the course booking process and to save you having to give us the information again.

Subject to any legal requirement, we will delete your information where you tell us that you will no longer be attending our courses in the future or six years after you last attended a course.

You can of course ask us to delete your information at any time and we will oblige (subject to some exceptions set out in law).

Protecting Your Personal Data

We are committed to ensuring that your personal data is secure. To prevent unauthorised access or disclosure, we have put in place appropriate technical, physical, and managerial procedures to safeguard and secure the information we collect from you. This includes:

• ensuring all PCs and laptops have secure passwords
• buildings where the data is stored have 24-hour CCTV surveillance.
• access to personal data is only given to individuals on a need-to-know basis via secure login.

We are currently working towards industry-accepted security standards.

Your Rights

You are in complete control. Subject to some legal exceptions, you have the right to:

• request a copy of the personal information [organisation Name] holds about you;
• to have any inaccuracies corrected;
• to have your personal data erased;
• to place a restriction on our processing of your data;
• to object to processing; and
• to request your data to be ported (data portability).

To learn more about these rights please see the ICO website.

Please address any such requests to our Data Protection Lead, , Paul Couldrey.

If you do this, in some cases we may not be able to provide your requested service (e.g. course or blog subscription) where the information processing is an integral part of the service. We will tell you if this is likely to be the case.

If you are dissatisfied with our response you can complain to the Information Commissioner's Office. The full address is:

Information Commissioner's Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone 0303 123 1113 (local rate) or 01625 545 745
Fax 01625 524 51