Data Protection Statement – Delegates

46^th Global Privacy Assembly Conference

Jersey Data Protection Authority

What this statement covers

This data protection statement (the Statement) relates to the Jersey Data Protection Authority’s (the Authority) hosting of the 46^th Global Privacy Assembly Conference in Jersey on 28 October 2024 – 1 November 2024 (the Conference).

It applies to information the Authority collects about you as data controller when you engage with use about the Conference including when you use our bespoke conference website www.gpajersey.com (the Conference Website). It explains how information is collected, how it is used, your rights and what controls you have. In particular:

• What information the Authority may collect about you and when;
• How the Authority might use your information;
• How the Authority protects your information; and
• Your rights regarding the information you provide.

(This Statement does not apply to our standard regulatory and enforcement activity, Authority staff or those applying for jobs with the Authority or speakers at the Conference and to which separate policies apply.)

Throughout our Conference Website, we will link to other websites owned and operated by certain trusted third parties including those helping us manage delegate bookings and also to other sites we think will be of interest to  those attending the conference, such as accommodation and travel information together with information about our beautiful Island.

How our Conference Website works

Our Conference Website sets out general information about the Conference such as our agenda and speakers.

For those who want to attend our Conference, you will be directed to a registration button which takes you through to an external website hosted by the Registration Platform (https://eur.cvent.me/ryDxQ) (Registration Platform) that will take you through the booking process, including taking payment. Once registered, you will be able to login to see your booking and associated information. Further functionality will be switched on closer to the Conference date.

For speakers, you will be able to login to your speaker page and be able to upload slides and other content.

Sponsors, speakers and individuals with general queries will be able to engage with us using email addresses provided on the Conference Website.

What information we collect

In order to register for the Conference, delegates will be transferred from the Conference Website to register directly with the Registration Platform. Their privacy notice is here.

As part of the registration process, you will be asked to provide and the Registration Platform will collect:

• Your name, address and contact information, including email address and telephone number
• Your emergency contact (name and contact number)
• Information about your job role. We will also need your organisation’s name and the sector in which you work
• If you choose to tell us, details of any special dietary requirements as catering at our event will be provided
• Your billing information, transaction and payment card or other payment method information, bank account and payment details
• Your account details (username and login)
• Your contact history, purchase history and saved items

Your preferred language for conference delivery We will also collect:

• Any information, feedback or other matters you give to us by phone, email, post or via our social media channels

We will provide translation at our event in Spanish and French and captioning for our online sessions. All our venues comply with local access requirements, but if you need to request any special assistance, you can contact us via email.

For those delegates attending remotely, are planning to record the conference however delegates’ cameras and audio are not used for the duration of the conference and will not be captured in the recording. Any questions submitted in the Q&A function box can be submitted anonymously and all question will be read out anonymously.

Any compulsory information will be marked with an asterisk* in order to process your booking.

How we collect information

Information will be collected from you:

1. Directly, when you enter information on the Registration Platform in order to register for the Conference and/or when you contact us (including via email); and
2. Indirectly, such as your login activity once registered with the Registration Platform.

Please note, we do not use any form of tracking activity on the Conference Website itself.

What we use your data for

So you can register and attend the Conference, you need to provide the information asked for as part of the registration process and once registered, you will be able to access your account. You will also receive correspondence from us about the Conference.

The Conference will be a hybrid conference with the ability to join in-person and online.

Our purpose and lawful basis for collecting your personal data

We collect your personal data is so we can facilitate the Conference and provide you with an acceptable service, including taking your booking, dealing with any queries,  contacting you about the event and making the Conference sessions available to its virtual attendees (including providing translation services in certain languages). The lawful basis we rely on to process the personal data of delegates in this way is contract (Schedule 1 Part 1 para.2).

Where we collect your dietary requirements, we do so with your consent (Schedule 1 Part 1 para.1). This is so that we can make sure your requirements are catered for.

In order to provide the conference, including generating reports for internal use by us in relation to attendance at the Conference (and any of its sessions), engagement with our third-party service providers, recording Conference sessions and making available to virtual attendees, we do so on the basis it is necessary to perform our public tasks as regulator (Schedule 2 Part 2 para.13(b).

We have other obligations to ensure a safe event and will ask for emergency contact information and so we can comply with local health and safety legislation (Schedule 2 Part 2 para.7).

Who we share your personal data with

As mentioned above, we are using a company called Cvent to help us manage the registration process and all delegate information for the Conference by the provision of the Registration Platform.

3D Events are also acting event managers for us and helping us to organise and manage the delegate registration process. They will also be dealing with any queries on a day-to-day basis.

These processors will help us facilitate the Conference and will only process information in line with our instructions.

Do we transfer information to a third country/international organisation?

Your data will be processed within Jersey and the EU. It will not be transferred to any third countries.

How long we will keep your data

We will not keep your personal data for longer than we need it for the purpose for which it is used.

Information will be kept on the Registration Platform for ninety (90) days after the event.

What are your rights?

Data protection legislation provides data subjects with a number of rights. These include:

1. The right to know what type of personal data we hold about you, given details about how we use it and to be provided with a copy of the personal data held;
2. The right to have an errors or omissions corrected;
3. In certain circumstances, the right to request erasure of all your personal data that we hold;
4. The right to request we restrict the processing of your personal data;
5. The right to object to the further processing of your personal data, including the right to object to direct marketing;
6. The right to withdraw consent if you had previously given us consent to process your data;
7. The right to request that personal data that you have given to us be moved to a third party;
8. The right to lodge a complaint.

Please note that Schedule 1 of the DPJL 2018 sets out that certain of rights referred to above may be restricted in certain circumstances, including where it is necessary to avoid obstructing official or legal inquiries, investigation or procedures or to avoid prejudicing the prevention, detection, investigation or prosecution of a criminal offence.

If you wish to exercise any of these rights, please email our DPO at dpo@jerseyoic.org. In your request, please make clear (a) what personal information is concerned, and (b) which of the above rights you would like to enforce. For your protection, we may only implement requests with respect to the personal information associated with the particular email address that you use to send us your request, and we may need to verify your identity before implementing your request. We will try to comply with your request as soon as reasonably practicable.

You can find template letters and additional guidance on our website.

When you make a request, we will consider any lawful exemptions that may apply and that may prevent us from responding to your request in the manner you may wish. It is possible that there is something that may prevent us from responding to your request in the way you would like. If that is the case, we will explain this to you in writing when we respond to your request.

Keeping your personal data secure

We have appropriate security measure to prevent personal data from being accidentally lost, or used accessed unlawfully. We limit access to your personal data to those who have a genuine need to access it.

We also have systems in place to deal with any suspected personal data breach. We will provide any notifications when legally required to do so.

Your right to complain

We aim to meet the highest standard when processing personal data.

If at any stage you dissatisfied with the manner in which we collect, hold or process your personal data or if you have any questions, please contact us. Any complaints should be addressed to the Information Commissioner at the address below.

Changes to this privacy policy

We may change this privacy policy rom time to time – when making significant changes we will provide appropriate notice on this website and/or via email communication with you.