Data Protection Statement – Breakthrough Events
Your personal data is data which by itself, or with other data available to us can be used to identify you. We are Santander UK Plc, the data controller. This data protection statement sets out how we’ll use your personal data. You can contact our Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.
This statement relates to the use of personal data obtained in relation to registration for events organised and arranged by us as well as attendance at and participation in the events. It covers the processing of personal data in relation to that event. Such events may include conferences, visits, dinners, talks, quiz nights, etc. Any references to ‘we’ or ‘us’ are references to Santander UK Plc.
Where the personal data of two or more people are collected as part of this registration process or in relation to participation in the event, this data protection statement applies to each person separately.
The types of personal data we collect and use
As part of your registration for and participation in the event we’ll use your personal data for the reasons set out below. The personal data we use may be about you as an individual or in a business capacity and may include:
- Full name, personal and business details including contact information (e.g. home and business address, personal and business email addresses, home, business and mobile telephone numbers);
- Date of birth and/or age (e.g. to make sure that you’re eligible to take part in the event);
- Attendees at the event may receive a Guest User Account associated with their registration data. This will be provided to access our services and infrastructures in relation to the event. In such a case, the Guest account information and the Internet navigation logs are both collected. The identification of the user connected to a log entry may only be provided on the basis of an administrative inquiry and/disciplinary action by us or upon a legally binding request by a judicial or a law-enforcement authority;
- Personal data about other named individuals, e.g. guests that may accompany you to the event. You must have their authority to provide their personal data to us and share this data protection statement with them beforehand together with details of what you’ve agreed on their behalf
- Documentation may be required to verify your identity. This might include for instance, your passport, driving licence or other forms of identification. These items may be used for preparing the entrance permissions and access control purpose by security guards or other competent Santander UK Plc staff to our premises or the premises where the event takes place;
- Payment details where the event is a paid for event;
- Participants at the event may be given the opportunity to indicate individual requirements, e.g. those relating to diet or mobility. This information will be processed only to ensure that these requirements are taken into account and will not be used or stored beyond that single event;
- Photographs/pictures, presentations, audio and video recording of speakers and participants and live web streaming of this public event may be taken. They may be reproduced in various media including our publications, websites, social networks, TV channels and the press, in connection with the event, or for further promotional activities; and
- If you wish that your image or voice is not recorded and published, for compelling and legitimate grounds relating to your particular situation, please contact the event organisers who will accommodate your needs, if possible.
We will process your data in accordance with Data Protection legislation.
Providing your personal data
Where the provision of personal data is optional you will be told this. In all other cases you will need to provide the information if you want to register for and take part in the event.
Using your personal data: the legal basis and purposes
We collect and process your personal information for the following purposes:
- Maintaining clear contact information for the event, visit, booking, provision and payment of services. We will hold your name, address, email address, phone number and other relevant contact details you provide to us, and will use this information to maintain contact with you to provide your requested services, manage their delivery and bill you for them. We retain relevant information in our events record for 7 years after the most recent visit or event you attend.
- Providing you with necessary and preferred services. Where relevant, we will also collect data for the provision of services, your reason(s) for attending the event or visiting our premises, your nationality and passport/identity card and driving licence details, your car registration, your credit or debit card information and/or any service preferences you request specifically (e.g. dietary requirements) as well as photos and videos of the event. This may include you providing sensitive personal information. We will not retain this information for any longer than necessary for the provision of the specific event or visit, which might require you to provide it on successive occasions.
- Providing you with details of future events organised by us. While we retain your contact information, we will contact you about future events we believe may be of interest to you providing you have given us explicit consent to do so. Consent may be withdrawn at any time.
- The operation of CCTV on our sites for the safety of our staff and visitors and to assist with the prevention and detection of crime. Further details can be found by calling the number displayed on the CCTV signs displayed on our premises. Where events are held in venues not controlled by Santander, the venue owners will be responsible for the operation of their CCTV systems. For more information please contact the venue owner
We’ll process your personal data:
1. As necessary to perform our contract or agreement with you for the relevant event:
a) To take steps at your request prior to entering into it;
b) To decide whether to enter into it;
c) To manage and perform that contract; and
d) To update our records.
2. As necessary for our own legitimate interests or those of other persons and organisations, e.g.:
a) For good governance, accounting, and managing and auditing our business operations;
b) To monitor emails, calls, other communications, and activities relating to our dealings with you;
c) For market research, analysis and developing statistics;
d) To send you marketing communications and for marketing to you in-branch, including automated decision making relating to this;
e) To contact you in relation to competitions; events and initiatives and processes i.e. to determine if you have successfully passed to the next stage of the Programme;
f) To contact you to understand and assess the impact the Santander donations funding you have received has had on you; and
g) To contact you to request your participation in future events;
3. As necessary to comply with a legal obligation, e.g.:
a) When you exercise your rights under data protection law and make requests;
b) For compliance with legal and regulatory requirements and related disclosures;
c) For establishment and defence of legal rights;
d) For activities relating to the prevention, detection and investigation of crime;
e) To verify your identity, make credit, fraud prevention and anti-money laundering checks; and
f) To monitor emails, calls, other communications, and activities relating to your dealings with us.
4. Based on your consent, e.g.:
a) When you request us to disclose your personal data to other people or organisations such as a company organising an event on our behalf, or otherwise agree to disclosures and;
b) To send you marketing communications where we’ve asked for your consent to do so.
I’m free at any time to change my mind and withdraw my consent. The consequence might be that you can’t do certain things for me.
We may keep your contact details, and the details of events you have attended so that we can invite you to future events. If you no longer wish to be contacted about future events please contact Breakthrough.Events@santander.co.uk.
Sharing of your personal data
Subject to applicable data protection law we may share your personal data with:
- The Santander group of companies* and associated companies in which we have shareholdings;
- Sub-contractors and other persons who help us provide our events, products and services;
- Companies and other persons providing services to us (e.g. to manage the event);
- Our legal and other professional advisors, including our auditors;
- In an emergency or to otherwise protect your vital interests;
- To protect the security or integrity of our business operations;
- Market research organisations who help to improve our products or services; and
- Anyone else where we have your consent or as required by law.
In some cases, where necessary for the event, your personal data may be transferred outside the UK and the European Economic Area. While some countries have adequate protections for personal data under applicable laws, in other countries steps will be necessary to ensure appropriate safeguards apply to it. These include imposing contractual obligations of adequacy or requiring the recipient to subscribe or be certified with an ‘international framework’ of protection. Further details can be found in the ‘Using My Personal Data’ booklet.
Criteria used to determine retention periods
The following criteria are used to determine data retention periods for your personal data:
- Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries in relation to the event
- Retention in case of claims. We’ll retain your personal data for as long as you might legally bring claims against us; and
- Retention in accordance with legal and regulatory requirements. We’ll retain your personal data after the event has come to an end based on our legal and regulatory requirements.
Your rights under applicable data protection law
Your rights are as follows (noting that these rights don’t apply in all circumstances and that data portability is only relevant from May 2018):
- The right to be informed about our processing of your personal data;
- The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
- The right to object to processing of your personal data;
- The right to restrict processing of your personal data;
- The right to have your personal data erased (the “right to be forgotten”);
- The right to request access to your personal data and information about how we process it;
- The right to move, copy or transfer your personal data (“data portability”); and
- Rights in relation to automated decision making including profiling.
You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.
For more information on the Santander group companies, please see the ‘Using My Personal Data’ booklet.