Eventure Media Ltd (EM), trading as Rushlight Events or through the London Cleantech Cluster, runs events for the business sector and so all communications are intended to be B2B. Where individuals run their business through a personal email address or have provided us with their personal email address for communications as a preference, then we may have that email address in our records. We would always rather have solely a business email address wherever possible, as that avoids any confusion. Any direct marketing emails that are sent by EM are therefore intended to be for business purposes only.
EM takes the handling and processing of data very seriously in view of its potentially sensitive nature and due to its fundamental importance to its business.
The only data that is held on data subjects is at most as follows:
- First name
- Last Name
- Email address
- Position in the organisation
- Telephone number
Where an individual has attended an EM event, then this information will have been provided directly by the individual or the person registering them. For the majority of other data subjects, the data that is held is likely to be limited to items 1-4.
In addition to data obtained from registering for EM events, data is also obtained from business cards received, event brochures, delegate lists, organisation websites, emails received directly by EM, news items including press releases and the internet. In most cases, all the personal data held by EM has manifestly been made public by the data subject.
This data is held on a proprietary platform, currently cvent, and is held securely by that company. A back-up of this data is held by EM on a non-networked computer which is protected by appropriate firewalls and physically secured.
No special categories of data are held. Specifically, EM does not have access to any financial or payment information of data subjects and no records of such data are held by the company.
Form of processing
The only form of processing undertaken by EM is the sending of emails. Under no circumstances does EM ever make data available to 3rd parties. Occasionally, sponsors may ask for delegate information. If this is to be divulged, then the permission of the delegates is sought beforehand.
Similarly, EM has never purchased any personal data lists and will never do so.
Lawful basis for processing
EM sends emails related to its business of running EM events as it is necessary for the purposes of the company’s legitimate business interests under 6(1)(f) of the GDPR.
All emailings include the opportunity for the data subject to opt out, either by clicking the opt out button at the bottom of the email, which is preferred, or by informing the sender or Data Controller they wish to unsubscribe. This procedure will then ensure that no further emails can be sent to that data subject’s email address that has been opted out.
Purpose of the processing
EM sends emails about EM events and related information in order to inform the data subject about them, in the belief that the data subject would potentially be interested in them and may well choose to attend. The database is arranged in such a way that data subjects are divided into the areas of the cleantech and sustainability sectors that they are believed to be most interested in, so that EM tries to send emails only to those most interested potentially in that specific topic.
EM actively encourages data subjects to inform EM about any change in circumstances or interests that would mean that the emailings would no longer be relevant to the data subject. It is not possible for EM to track all the changes that each data subject is undergoing at any given moment.
EM has no wish to send an email to a data subject that is not relevant to that person. This merely wastes the time of the data subject and EM and incurs costs and resources. EM therefore does everything possible to ensure that emails are only sent to interested parties and EM asks that all data subjects do the same and inform EM through opting out straight away if this is not the case.
Right to opt out at any time
All data subjects have the right to opt out of all future emailings at any time, either by clicking on the opt out button at the bottom of the emailing or by sending an email from the email address in question with UNSUBSCRIBE in the heading.
As soon as a data subject’s notification is received by one of the above 2 methods, all processing of that data subject’s personal data for direct marketing purposes will cease. This will take place at any time and free of charge.
EM does not use any automated decision making, including profiling. The decision to send an email to the data subject is done manually based on the database subgroup where the data subject’s details are held and the topic of the event at the time.
Legitimate interests assessment (LIA)
As part of EM’s preparation and ongoing management under the GDPR, a full LIA has been undertaken. In accordance with the GDPR guidance, this is undertaken under 3 headings:
- Identify a legitimate interest
It is EM’s business to create and run events in the cleantech and sustainability area on a commercial basis for the benefit of EM, the sector participants and the wider community.
- Show that the processing is necessary to achieve it
In order for these events to succeed, potential participants who would benefit from engaging with the events need to be informed about the events. The most effective and least obtrusive way of passing on this information is through email. Other methods of communications and dissemination have been considered, but they are either more intrusive, eg telephone calls, or involve significant resource, eg direct mailing, or are much less effective as they are so indirect, eg advertising. The only effective way for data subjects that have been identified as being potentially interested in the events to be informed of the information that they would need to have to make a decision whether to engage with the event is through a direct email.
- Balance it against the individual’s interests, rights and freedoms.
The data subject can choose to engage with the email, ignore the email and delete it with minimal impact on themselves or opt out from future emailings permanently. None of these actions are burdensome in any way and do not impinge on the data subject’s rights or freedoms.
The LIA has utilised the following checklist
☐ We have checked that legitimate interests is the most appropriate basis.
☐ We understand our responsibility to protect the individual’s interests.
☐ We have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure that we can justify our decision.
☐ We have identified the relevant legitimate interests.
☐ We have checked that the processing is necessary and there is no less intrusive way to achieve the same result.
☐ We have done a balancing test, and are confident that the individual’s interests do not override those legitimate interests.
☐ We only use individuals’ data in ways they would reasonably expect, unless we have a very good reason.
☐ We are not using people’s data in ways they would find intrusive or which could cause them harm, unless we have a very good reason.
☐ We have considered safeguards to reduce the impact where possible.
☐ We have considered whether we can offer an opt out.
☐ If our LIA identifies a significant privacy impact, we have considered whether we also need to conduct a DPIA.
☐ We keep our LIA under review, and repeat it if circumstances change.
☐ We include information about our legitimate interests in our privacy notice.
Right to lodge a complaint with a supervisory authority
Data subjects have the right to complain to the UK supervisory authority, the ICO. The ICO is obliged to hear claims lodged by data subjects to check the lawfulness of data processing and inform data subjects that a check has taken place.
The ICO can be contacted directly through their website at https://ico.org.uk
The Data Controller is:
Name: Clive Hall
Telephone: 020 8870 9345