Women of the Year Luncheon & Awards Privacy and Fair Processing Notice
How Women of the Year Luncheon and Awards uses Personal Data
Women of the Year Luncheon and Awards Limited collects, holds and processes personal data relating to its nominees/guests, which is essential for it to manage its operations fairly and effectively. These activities are carried out in accordance with the General Data Protection Regulation 2016 and Women of the Year Luncheon and Awards Limited’s Data Protection & Retention Policy.
The data held by Women of the Year Luncheon and Awards Limited, is mainly taken from the details that guests provide during the nomination/event booking process, and may be added to as necessary and appropriate.
During the nomination/event booking process, guests give their consent for Women of the Year Luncheon and Awards Limited to process and retain their personal and company data, with a legitimate interest for doing so.
Women of the Year Luncheon and Awards Limited provides this Privacy and Fair Processing Notice to inform nominees/guests of how their personal and company data will be processed by Management and the purposes for which the data has been collected.
What is personal data?
As a general guide, anything that counted as personal data under the Data Protection Act also qualifies as personal data under the GDPR. Under the Regulation, personal data is data which relates to a living/natural individual who can be identified from that data or from other information which is in the possession of, or is likely to come into the possession of, the data controller. In this case, the data controller is Women of the Year Luncheon and Awards Limited. It includes any expression of opinion about the individual as well as statements of fact.
IP addresses now qualify as personal data. Other data, like economic, cultural or mental health information, are also considered personally identifiable information. ‘Pseudonymised’ personal data may also be subject to GDPR rules, depending on how easy or hard it is to identify whose data it is.
What is meant by data ‘processing’?
The processing of data includes obtaining, recording, storing, organising, maintaining, updating, retrieving, using, disclosing, transferring, and deleting.
Is consent to data processing always necessary for employment purposes?
According to Article 9, S.2(b) of the GDPR:
Consent is not required where “processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment …. for appropriate safeguards for the fundamental rights and the interests of the data subject;” provided the connection is conferred or imposed by Law.
Types of personal data processed
Types of personal data that Women of the Year Luncheon and Awards Limited may process, although not an exhaustive list, are:
- personal details (name, address, photographs, or other digital images, date of birth, contact details)
- e-mail addresses
- registration form and any references
- financial information such as bank details, etc
- qualifications and professional registration details and certificates
- eligibility to work documents, licences and clearances
- dispute or litigation case information
- all information contained on either our nomination or booking form
- emergency contact information
The General Data Protection Regulation 2016
The Regulation requires Women of the Year Luncheon and Awards Limited to process personal data in line with its 7 principles:
- Fairly, lawfully and transparently – the Data Subject has given consent
- Purpose limitation – consider what the data is held for
- Data minimisation – nothing held that isn’t necessary
- Accuracy – information must be correct and up to date
- Storage limitation – for no longer than is reasonably necessary
- Integrity & confidentiality – data to only be accessed by authorised people
- Accountability – the Data Controller (company) has the burden of proof to evidence that they are compliant, not the individual (this is a major change from the DPA).
How your personal data will be used by Women of the Year Luncheon and Awards Limited
To manage its operations effectively, provide nomination information to Judges and Sponsors and meet certain legal requirements, Women of the Year Luncheon and Awards Limited will process and maintain the personal data and company data of its guests. This personal data may include all or any of the above listed data types.
Personal data may be shared by Women of the Year Luncheon and Awards Limited to provide guests with information and support.
Women of the Year Luncheon and Awards Limited may also use personal data and/or company data to produce non-identifiable statistical data for analysis to fulfil monitoring commitments for purposes such as Equality & Diversity, demographical reports, etc.
Sharing your personal data (disclosures to third parties)
Women of the Year Luncheon and Awards Limited may disclose appropriate personal and company data to third parties where there is a legitimate need or obligation, during or after a nominees/guests participation in the event. Such disclosure is subject to procedures to ensure the identity and legitimacy of such agencies. These third parties may include the following:
- Sponsors of Women of the Year Luncheon and Awards Limited
- Judges of the Women of the Year Luncheon and Awards Limited Business Award.
- Other relevant partner organisations, such as our marketing partner, Law Firms, etc.
- Third parties performing or providing resources for administrative functions on Women of the Year Luncheon and Awards Limited’s behalf
- The Government and other local authorities during information gathering exercises when Women of the Year Luncheon and Awards Limited is legally obliged to provide data
- Police, crime, or taxation agencies regarding the detection or prevention of a crime
This is not an exhaustive list and such third parties may have access to employee data only for the purpose of performing their function.
Any disclosures to third parties not listed here will be made only where there is a legitimate reason to do so and in accordance with the law and with prior affirmative consent from the nominee/guest.
Women of the Year Luncheon and Awards Limited may also use third party companies as data processors to carry out certain administrative functions on the company’s behalf. If so, a written contract will be put in place to ensure that any personal data disclosed will be held in accordance with the GDPR.
Nominees/Guests have certain rights and responsibilities regarding their personal and company data, including:
- To know what personal data Women of the Year Luncheon and Awards Limited holds about them and what it is used for
- To securely access and review their own personal data
- To request that their personal data is accurately updated/rectified if they believe that it is out of date or incorrect (supporting evidence must be provided, where appropriate)
- To request to have their data erased and to ‘be forgotten’ (this is not an automatic right, but if granted, Women of the Year Luncheon and Awards Limited will ensure total deletion of data, i.e. from its own systems and those of partner organisations/third parties)
- To know how Women of the Year Luncheon and Awards Limited is complying with its obligations under the Regulation
- To make a complaint if they believe that the GDPR and/or Women of the Year Luncheon and Awards Limited’ Data Protection/Retention policy has not been followed.
Nominees/Guests have a responsibility to ensure that the personal and company information they provide to Women of the Year Luncheon and Awards Limited is accurate and up to date.
Nominees/Guests wishing to receive a copy of their own data can do so by making a Subject Access Request to the Directors.
For any queries regarding the General Data Protection Regulation and how this affects your membership, please contact the Directors at firstname.lastname@example.org
The Information Commissioner’s Office: www.ico.org.uk.
When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.
If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.
If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.
If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.
When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.
If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.
Embedded content from other websites
Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.
Who we share your data with
If you request a password reset, your IP address will be included in the reset email.
How long we retain your data
If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue.
For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.
What rights you have over your data
If you have an account on this site, or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes.
Where we send your data
Visitor comments may be checked through an automated spam detection service.
We collect information about you during the checkout process on our store.
What we collect and store
While you visit our site, we’ll track:
- Products you’ve viewed: we’ll use this to, for example, show you products you’ve recently viewed
- Location, IP address and browser type: we’ll use this for purposes like estimating taxes and shipping
- Shipping address: we’ll ask you to enter this so we can, for instance, estimate shipping before you place an order, and send you the order!
When you purchase from us, we’ll ask you to provide information including your name, billing address, shipping address, email address, phone number, credit card/payment details and optional account information like username and password. We’ll use this information for purposes, such as, to:
- Send you information about your account and order
- Respond to your requests, including refunds and complaints
- Process payments and prevent fraud
- Set up your account for our store
- Comply with any legal obligations we have, such as calculating taxes
- Improve our store offerings
- Send you marketing messages, if you choose to receive them
If you create an account, we will store your name, address, email and phone number, which will be used to populate the checkout for future orders.
We generally store information about you for as long as we need the information for the purposes for which we collect and use it, and we are not legally required to continue to keep it. For example, we will store order information for 1 year for tax and accounting purposes. This includes your name, email address and billing and shipping addresses.
We will also store comments or reviews, if you choose to leave them.
Who on our team has access
Members of our team have access to the information you provide us. For example, both Administrators and Shop Managers can access:
- Order information like what was purchased, when it was purchased and where it should be sent, and
- Customer information like your name, email address, and billing and shipping information.
Our team members have access to this information to help fulfil orders, process refunds and support you.
What we share with others
We may share information with third parties who help us provide our orders and store services to you; for example:
Strategi Solutions Group Limited, Hub 3 Evolution, Hooters Hall Road, Lymedale West, Newcastle-under-Lyme, Staffordshire, ST5 9QF
Who host the Women of the Year website and are facilitators of the Luxury Prize Raffle and Boodles Pink Ticket Draw.
We accept payments through Stripe. When processing payments, some of your data will be passed to Stripe, including information required to process or support the payment, such as the purchase total and billing information.
Please see the Stripe for more details.