This notice describes how InsTech London, as a data controller, collects, uses, shares and retains the personal data you provide and informs you of the choices regarding use, access and correction of your personal data. InsTech London is committed to ensuring that any personal data it receives is protected and handled in accordance with applicable data protection laws.
For the purposes of this Privacy Notice, references to "we", "us" or "our" shall refer to InsTech London.
What personal data do we process about you, and why?
We may collect the following personal data from you during our business. Under legitimate interest, we will also use the provided personal data to track engagement in our events and for future contact purposes. It's also in InsTech London's legitimate interest to send you market updates, promotional materials and event invitations. We may disclose some elements of your personal data to third parties, as detailed in the section 'Who are we sharing your data with'.
Individual Member Sign-up
When you sign up for individual membership, we collect the following personal data: name, email address and company name, to provide specific benefits associated with InsTech London individual membership.
Corporate Member Sign-up
When a company or individual takes advantage of InsTech London corporate membership, we collect the following personal data: name, email address and company name, to provide specific benefits associated with InsTech London corporate membership.
Digital and Live Events
If you sign up to attend any of our events, we collect the following personal data: name, email address, company name and IP address where applicable, and register your communication preferences.
When you download any InsTech London reports, we collect the following personal data: name, email address and company name, and register your communication preferences.
When you sign up to receive our newsletter, we collect the following personal data: name, email address, company name and IP address where applicable.
If you do not want to receive further newsletters from InsTech London, you can unsubscribe at any time using a link at the bottom of the newsletter email.
We collect and send cookies. Cookies are small pieces of data that websites send to a user's computer and are stored on the user's web browser. They are designed to enable the website to remember information, such as what a user might have put in a shopping cart.
Who are we sharing your data with?
To help manage our business and deliver services, we may share your personal data with third-party service providers such as IT suppliers, document management providers and others. We require all our third-party providers to respect the confidentiality and security of personal data. We may be under legal or regulatory obligations to share your personal data with courts, regulators and law enforcement bodies.
We may disclose some elements of your personal data to third parties under legitimate interests. This will only include name, company, job title.
We may also disclose to third parties aggregated or other information that does not identify you individually, such as how many users viewed a particular product or web page, to conduct website analytics or to serve you targeted advertising.
Transfers to service providers and other third parties will always be protected by contractual commitments and further assurances, where appropriate.
Why do we share data outside of the UK?
We may transfer personal data to a country outside of the UK, for example if a third party we share data with has servers located outside of the UK. If this is the case, we will obtain your consent or otherwise ensure that the transfer is legal and your data is secure by following UK guidelines. We may also make other disclosures of your personal data overseas, such as receiving a legal or regulatory request from a foreign law enforcement body.
We will always take steps to ensure that any international transfer of information is carefully managed to protect your rights and interests:
- We will only transfer your personal data to countries recognised as providing an adequate level of legal protection or where we can be satisfied those alternative arrangements are in place to protect your privacy rights.
- Transfers to service providers and other third parties will always be protected by contractual commitments and further assurances, where appropriate.
- Any requests for information we receive from law enforcement or regulators will be carefully checked before personal data is disclosed.
We have listed below the systems we use, and where we send data outside of the UK and on what basis we do so.
- Eventbrite – Data is transferred outside of the UK to the United States.
- Pipedrive - Data is not transferred outside of the European Economic Area.
- MailChimp – Data is transferred outside of the UK to the United States.
- ConvertKit - Data is transferred outside of the UK to the United States.
- Google Analytics – Data is not transferred outside of the European Economic Area.
- CiviCRM – Data is transferred outside of the UK to the United States.
How long do we keep your data?
We will retain your personal data for as long as is reasonably necessary to fulfil the relevant purposes set out in this Privacy Notice. The retention period will primarily be determined by applicable legal and regulatory obligations and/or the duration of our business relationship with you or another associated party. We check our data retention policy regularly to ensure we maintain a legitimate reason for retaining your data. We will securely delete or erase your personal data if there is no valid business reason for retaining your data. In exceptional circumstances, we may retain your personal data for longer periods of time if we reasonably believe there is a prospect of litigation in the event of any complaints or there is another valid business reason the data will be needed in the future.
How do we keep your personal data secure?
We keep your data secure in the following ways:
- by following internal policies of best practice and training for staff
- by keeping personal data within our systems where possible
- by transferring data using best practices
In the unlikely event of a breach of our security, we will inform the relevant regulatory body within 72 hours of the breach being discovered. If your personal data were involved in the breach, we shall also inform you.
Changes to our Privacy Notice and control
We may change this Privacy Notice from time to time. When we do, we will revise the date on this policy, notifying users of only significant changes. You agree to be bound by the revised Privacy Notice by continuing to access or use our services after those changes become effective.
You have certain rights as an individual, which you can exercise in relation to the personal data we hold about you. If you request to exercise any of your rights, we reserve the right to ask you for proof of your identity. We aim to acknowledge your request as soon as possible and address your query within one month from your request.
The right to access
You are entitled to a confirmation whether we are processing your data, a copy of your data, and information about purposes of processing, who we disclose it to, whether we transfer it abroad and how we protect it, how long we keep it for, what rights you have, where we got your data from and how you can make a complaint.
The right to rectification
If you believe the personal data, we hold about you is inaccurate or incomplete, you can request for it to be rectified.
The right to erasure
You have the right to ask for the erasure of your data if you withdraw your consent, terminate a contract with us, or believe the personal data is no longer necessary for the purposes for which it was collected. In that case, you may request that your data be deleted. However, this will need to be balanced against other factors; for example, certain regulatory obligations may mean we cannot comply with your request.
The right to restriction of processing
You can ask us to restrict (i.e. keep but not use) your personal data, but only where:
- Its accuracy is contested, to allow us to verify its accuracy; or
- The processing is unlawful, but you do not want it erased; or
- It is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise or defend legal claims; or
- You have exercised the right to object, and verification of overriding grounds is pending.
We can continue to use your personal data following a request for restriction, where we have your consent; to establish, exercise or defend legal claims; or protect the rights of another natural or legal person.
The right to data portability
If we collected your personal data under a contract or your consent, you could request us to transfer your personal data to provide it to another third party of your choice.
The right to object
You have the right to object at any time to processing of your personal data where processing is necessary for the performance of a task carried out in the public interest or the exercise of an official authority vested in the controller. You may also object where the processing is necessary for the purposes of the legitimate interests, except where such interests are overridden by your interests or fundamental rights and freedoms, where you are a child.
The right to withdraw consent
If we process your personal data under your consent, you can withdraw it at any time. You can contact us at firstname.lastname@example.org.
We do not have to comply with a request where it would adversely affect the rights and freedoms of other individuals.
If you have any questions relating to data protection that you believe we can answer, please contact us as indicated below.
We are Instech London Limited, and our address is 7 Granard Business Centre, Bunns Lane, Mill Hill, London NW7 2DQ. You can contact us at email@example.com.
If you are not satisfied with our response or believe we are not processing your personal data in accordance with legal requirements, you can make a complaint to the relevant Data Protection Authority.
Our Lead Authority is the UK Information Commissioner's Office.