Data Protection Statement

Delegates

46th Global Privacy Assembly Conference

Jersey Data Protection Authority

What this statement covers

This data protection statement (the Statement) relates to the Jersey Data Protection Authority’s (the Authority) hosting of the 46th Global Privacy Assembly Conference in Jersey on 28 October 2024 – 1 November 2024 (the Conference).

It applies to information the Authority collects about you as data controller when you engage with use about the Conference including when you use our bespoke conference website www.gpajersey.com (the Conference Website). It explains how information is collected, how it is used, your rights and what controls you have. In particular:

What information the Authority may collect about you and when;
How the Authority might use your information;
How the Authority protects your information; and
Your rights regarding the information you provide.

(This Statement does not apply to our standard regulatory and enforcement activity, Authority staff or those applying for jobs with the Authority and to which separate policies apply.)

Throughout our Conference Website, we will link to other websites owned and operated by certain trusted third parties including those helping us manage delegate bookings and also to other sites we think will be of interest to those attending the conference, such as accommodation and travel information together with information about our beautiful Island.

It also covers your use of the mobile application (the Conference App) we make available to delegates as part of the conference experience, including its use for reserving places at certain events and for transportation.

How our Conference Website works

Our Conference Website sets out general information about the Conference such as our agenda and speakers.

For those who want to attend our Conference, you will be directed to a registration button which takes you through to an external website hosted by Cvent (the Registration Platform) that will take you through the booking process, including taking payment. Once registered, you will be able to login to see your booking and associated information. Further functionality will be switched on closer to the Conference date.

For speakers, you will be able to login to your speaker page and be able to upload slides and other content.

Sponsors, speakers and individuals with general queries will be able to engage with us using email addresses provided on the Conference Website.

How the Conference App works

All delegates have the opportunity to download our bespoke Conference App (available via the Apple store or Android marketplace). The Conference App allows you to:

View details about our conference sessions (dates, times, location, topic and speakers)
Book places at side events
Book transportation
Make a profile that you can make visible to other delegates

What information we collect

In order to register for the Conference, delegates will be transferred from the Conference Website to register directly with Cvent. Their privacy notice is here.

As part of the registration process, you will be asked to provide and Cvent will collect:

Your name, address and contact information, including email address and telephone number
Your emergency contact (name and contact number)
Information about your job role. We will also need your organisation’s name and the sector in which you work
If you choose to tell us, details of any special dietary requirements as catering at our event will be provided
Your billing information, transaction and payment card or other payment method information, bank account and payment details
Your account details (username and login)
Your contact history, purchase history and saved items
Your preferred language for conference delivery

We will also collect:

Any information, feedback or other matters you give to us by phone, email, post or via our social media channels

We will provide translation at our event in Spanish and French and captioning for our online sessions. All our venues comply with local access requirements, but if you need to request any special assistance, you can contact us via email.

For those delegates attending remotely, we are planning to record the conference however delegates cameras and audio are not used for the duration of the conference and will not be captured in the recording. Any questions submitted in the Q&A function box can be submitted anonymously and all question will be read out anonymously.

Any compulsory information will be marked with an asterisk* in order to process your booking.

If you decide to use our Conference App, this will collect:

Your name and email address

You must provide that information to use the app.

Sometimes you can choose if you want to give us your information and let us use it. Where that is the case we will tell you. This type of information is:

Details of your transportation request (which includes venue of pick up and drop off)
The side events you have chosen to attend (hosted by third parties and not operated by the Authority)
Any information you voluntarily decide to input into the “My Profile” section of the Conference App:
o Names and pronouns
o Job title
o Company
o Location
o Social media links
 

How we collect information

Information will be collected from you:

1. Directly, when you enter information on the Cvent platform in order to register for the Conference and/or when you contact us (including via email) and on the Conference App; and
2. Indirectly, such as your login activity once registered with Cvent and if you use the Conference App.

Please note, we do not use any form of tracking activity on the Conference Website and the location services in the Conference App will not operate unless location services/data are generally enabled on your device. You may disable this functionality at any time by accessing the Settings feature on your device.

What we use your data for

So you can register and attend the Conference, you need to provide the information asked for as part of the registration process and once registered, you will be able to access your account. You will also receive correspondence from us about the Conference. We also use this information so that we can enforce our legal rights or defend or undertake legal proceedings.

The Conference will be a hybrid conference with the ability to join in-person and online.

Our purpose and lawful basis for collecting your personal data

We collect your personal data is so we can facilitate the Conference and provide you with an acceptable service, including taking your booking, dealing with any queries, contacting you about the event and making the Conference sessions (not including side events) available to its virtual attendees (including providing translation services in certain languages). The lawful basis we rely on to process the personal data of delegates in this way is contract (Schedule 1 Part 1 para.2).

Where we collect information about your wish to attend side events and provide that information to the side event organisers, we do so to facilitate your attendance at those events, we do so with your consent (Schedule 1 Part 1 para.1),

Where we collect your dietary requirements, we do so with your consent (Schedule 1 Part 1 para.1). This is so that we can make sure your requirements are catered for.

In order to provide the conference, including generating reports for internal use by us in relation to attendance at the Conference (and any of its sessions), engagement with our third-party service providers, recording Conference sessions and making available to virtual attendees, we do so on the basis it is necessary to perform our public tasks as regulator (Schedule 2 Part 2 para.13(b).

We have other obligations to ensure a safe event and will ask for emergency contact information and so we can comply with local health and safety legislation (Schedule 2 Part 2 para.7).

Who we share your personal data with

As mentioned above, we are using a company called Cvent to help us manage the registration process and all delegate information for the Conference.

3D Events are also acting event managers for us and helping us to organise and manage the delegate registration process. They will also be dealing with any queries on a day-to-day basis.

These processors will help us facilitate the Conference and will only process information in line with our instructions.

Certain third parties are hosting their own side events during conference week. These side events are not hosted or operated by us, but we are helping the organisers of those events by allowing individuals to book a space for those events on the Conference App. Before the side event takes place, we will be sharing the names of those individuals who have signed up to attend the side event, directly with the side event organiser. They need this information to facilitate the running of the side event but will destroy this information once the event has taken place and they are not allowed to use that information for any other purpose.

Do we transfer information to a third country/international organisation?

Your data will be processed within Jersey and the EU. It will not be transferred to any third countries.

How long we will keep your data

We will not keep your personal data for longer than we need it for the purpose for which it is used.Information will be kept on the Registration Platform for ninety (90) days after the event.Whatare your rights?

Data protection legislation provides data subjects with a number of rights. These include:

1. The right to know what type of personal data we hold about you, given details about how we use it and to be provided with a copy of the personal data held;
2. The right to have an errors or omissions corrected;
3. In certain circumstances, the right to request erasure of all your personal data that we hold;
4. The right to request we restrict the processing of your personal data;
5. The right to object to the further processing of your personal data, including the right to object to direct marketing;
6. The right to withdraw consent if you had previously given us consent to process your data;
7. The right to request that personal data that you have given to us be moved to a third party;
8. The right to lodge a complaint.

Please note that Schedule 1 of the DPJL 2018 sets out that certain of rights referred to above may be restricted in certain circumstances, including where it is necessary to avoid obstructing official or legal inquiries, investigation or procedures or to avoid prejudicing the prevention, detection, investigation or prosecution of a criminal offence.

If you wish to exercise any of these rights, please email our DPO at dpo@jerseyoic.org. In your request, please make clear (a) what personal information is concerned, and (b) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

You can find template letters and additional guidance on our website.

When you make a request, we will consider any lawful exemptions that may apply and that may prevent us from responding to your request in the manner you may wish. It is possible that there is something that may prevent us from responding to your request in the way you would like. If that is the case, we will explain this to you in writing when we respond to your request.

Keeping your personal data secure

We have appropriate security measure to prevent personal data from being accidentally lost, or used accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it.

We also have systems in place to deal with any suspected personal data breach. We will provide any notifications when legally required to do so.

Your right to complain

We aim to meet the highest standard when processing personal data.

If at any stage you dissatisfied with the manner in which we collect, hold or process your personal data or if you have any questions, please contact us. Any complaints should be addressed to the Information Commissioner at the address below.

Changes to this privacy policy

We may change this privacy policy rom time to time – when making significant changes we will provide appropriate notice on this website and/or via email communication with you.

 

Speakers

46th Global Privacy Assembly Conference

Jersey Data Protection Authority

 

What this statement covers

This data protection statement (the Statement) relates to the Jersey Data Protection Authority’s (the Authority) hosting of the 46th Global Privacy Assembly Conference in Jersey on 28 October 2024 – 1 November 2024 (the Conference).

It applies to information the Authority collects about you as data controller when you engage with us about the Conference as one of our speakers. It explains how information is collected, how it is used, your rights and what controls you have. In particular:

What information the Authority may collect about you and when;
How the Authority might use your information;
How the Authority protects your information; and
Your rights regarding the information you provide.

(This Statement does not apply to our standard regulatory and enforcement activity, Authority staff or those applying for jobs with the Authority and to which separate policies apply.)

For information about the mobile application (the Conference App)_we make available to all conference delegates (including speakers) as part of the conference experience (including its use for reserving places at certain events and for transportation), please see our delegate data protection statement.

 

How we engage with you as a speaker

We are using a platform called Cvent to help us manage the Conference. Their privacy notice is here. All our speakers will be able to engage with us via this platform including uploading of presentation content. This will also host any bios/contact information about you.

Once we publish our full Conference agenda on our website www.gpajersey.org (the Conference Website), we will publish pictures of all our speakers and their bios. (This information is also available in the same format and with the same content on the Conference App.)

 

What information we collect

As one of our speakers, you will be asked to provide and we/Cvent will collect:

Your name, address and contact information, including email address and telephone number
Your emergency contact (name and contact number)
Information about your job role (including qualifications and experience). We will also need your organisation’s name and the sector in which you work
If you choose to tell us, details of any special dietary requirements as catering at our event will be provided
Your billing information, transaction and payment card or other payment method information, bank account and payment details
Your account details (username and login)
Photographs
Audio and visual recordings of you (whether you are attending the Conference in-person or remotely)

We will also collect:

Any information, feedback or other matters you give to us by phone, email, post or via our social media channels

We will provide translation at our event in Spanish and French and captioning for our online sessions. All our venues comply with local access requirements, but if you need to request any special assistance, you can contact us via email.

 

How we collect information

Information will be collected from you:

1. Directly:
a. when you engage with us (including via email) about being a speaker at the Conference
b. when you enter information on the Cvent platform
2. Indirectly
a. From publicly available sources (the internet) for information in terms of contact details
b. via your login activity once registered with Cvent
3. From a third party
a. When you ask another to liaise with us on your behalf (such as your PA/secretary)

 

What we use your data for

So we can engage with you and so you can attend the Conference as a speaker and so you will be able to access your account on Cvent. You will also receive correspondence from us about the Conference.

The Conference will be a hybrid conference with the ability to join in-person and online.

Our purpose and lawful basis for collecting your personal data

In order to provide the conference, including sourcing appropriate speakers, generating reports for internal use by us in relation to attendance at the Conference (and any of its sessions), engagement with our third-party service providers, recording Conference sessions and making available to virtual attendees, we do so on the basis it is necessary to perform our public tasks as regulator (Schedule 2 Part 2 para.13(b)).

We collect your data so we can engage with you as a speaker for the Conference including booking you for the event, dealing with any queries, contacting you about the event and making the Conference sessions available to its virtual attendees.

The lawful basis we rely on to process the personal data of confirmed speakers is contract (Schedule 1 Part 1 para.2)

Where we collect your dietary requirements, we do so with your consent (Schedule 1 Part 1 para.1). This is so that we can make sure your requirements are catered for.

We have other obligations to ensure a safe event and will ask for emergency contact information and so we can comply with local health and safety legislation (Schedule 2 Part 2 para.7).

 

Who we share your personal data with

As mentioned above, we are using a company called Cvent to help us manage the registration process and all speaker (and delegate) information for the Conference. In addition:

3D Events are acting as event managers for us and helping us to organise and manage the speaker registration process, including use of the Cvent platform. They will also be dealing with any queries on a day-to-day basis.

 

Inkblot Creative are assisting with promotion of the Conference (including programme and speakers)

These processors will help us facilitate the Conference and will only process information in line with our instructions and we only allow those organisations to handle your personal data if we are satisfied they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.

If you are a speaker on a panel, your name and email address will be shared with the moderator of that session and the other panel members to facilitate preparation for that session.

Do we transfer information to a third country/international organisation?

Your data will be processed within Jersey and the EU. It will not be transferred to any third countries.

 

How long we will keep your data

We will not keep your personal data for longer than we need it for the purpose for which it is used.Please see our retention schedule here.

We will be keeping a recording of our Conference and making speaker talks available for a short period of time after the Conference.

 

What are your rights?

Data protection legislation provides data subjects with a number of rights. These include:

1. The right to know what type of personal data we hold about you, given details about how we use it and to be provided with a copy of the personal data held;
2. The right to have an errors or omissions corrected;
3. In certain circumstances, the right to request erasure of all your personal data that we hold;
4. The right to request we restrict the processing of your personal data;
5. The right to object to the further processing of your personal data, including the right to object to direct marketing;
6. The right to withdraw consent if you had previously given us consent to process your data;
7. The right to request that personal data that you have given to us be moved to a third party;
8. The right to lodge a complaint.

Please note that Schedule 1 of the DPJL 2018 sets out that certain of rights referred to above may be restricted in certain circumstances, including where it is necessary to avoid obstructing official or legal inquiries, investigation or procedures or to avoid prejudicing the prevention, detection, investigation or prosecution of a criminal offence.

If you wish to exercise any of these rights, please email our DPO at dpo@jerseyoic.org. In your request, please make clear (a) what personal information is concerned, and (b) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

You can find template letters and additional guidance on our website.

When you make a request, we will consider any lawful exemptions that may apply and that may prevent us from responding to your request in the manner you may wish. It is possible that there is something that may prevent us from responding to your request in the way you would like. If that is the case, we will explain this to you in writing when we respond to your request.

 

Keeping your personal data secure

We have appropriate security measure to prevent personal data from being accidentally lost, or used accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it.

We also have systems in place to deal with any suspected personal data breach. We will provide any notifications when legally required to do so.

 

Your right to complain

We aim to meet the highest standard when processing personal data.

If at any stage you dissatisfied with the manner in which we collect, hold or process your personal data or if you have any questions, please contact us. Any complaints should be addressed to the Information Commissioner at the address below.

 

Changes to this privacy policy

We may change this privacy policy from time to time – when making significant changes we will provide appropriate notice on this website and/or via email communication with you.

You are leaving our website

You are now leaving the GPA website and being redirected to our trusted conference partner Cvent, to proceed with registration. Please note that whilst we are partnering with Cvent and trust it’s content, we encourage you to review its privacy notice and terms of use.