We will only use the information that we collect about you lawfully and in accordance with the General Data Protection Regulation (GDPR) and the British Data Protection Bill.
We set out below what personal information we hold about individuals, what we do with that personal information, and your rights regarding this information.
This Privacy Notice applies to individuals who are about to be or have been invited to attend an annual Women of the Year Lunch. In legal terms, Lunch Invitees are “Data Subjects” i.e. “you”. Individuals are invited to join our database on receipt of an invitation to attend a Women of the Year Annual Lunch.
The data controller
Women of the Year (“We”) from a legal perspective are classed as the “Data Controller”.
Purpose of processing personal data
We collect personal data primarily to invite you to attend a Women of the Year Annual Lunch. Thereafter, with your consent, we will provide information about out our Alumnae Club, events, talks and news and information about Women of the Year and its associated charity, Women of the Year Foundation.
Lawful basis of processing personal data
The lawful basis of processing your personal data is as follows:
Legitimate interests: Processing is necessary to invite individuals to attend a Women of the Year Lunch for the benefit of the individuals so honoured
Processing takes place with your express consent to invite you to join the Women of the Year Alumnae Club; provide news and information about Women of the Year and its associated charity, Women of the Year Foundation; and to provide news and information regarding future events such as lectures and talks.
Categories of personal data processed
The information we hold should be accurate and up-to-date. The personal information that we hold, will be held securely in accordance with our internal data protection and security policies. The type or categories of personal data we will collect about you includes your:
- Postal address
- Email address
- Job title/honours
- Telephone number
- Dietary requirements
- Images from our events
Lists of attendees at one of the Women of the Year Lunches and other events may include your name, job title and a brief biography about you.
Sharing personal data with other Lunch Invitees
Other than lists of attendees at a Women of the Year Lunch, or other event as referred to above, We will not share any personal information about you with other Lunch Invitees.
Processing personal data via third party data processors. We will only share your information with third party data processors who have entered into legally binding obligations to comply with the terms of this policy and all relevant data protection laws. Examples of third party processors include IT support services, website developers, freelance administrators and cloud service providers. All third-party processors are thoroughly assessed and vetted by Us.
Retention of personal data.
Women of the Year is the sum of its Lunch Invitees and AC Members. Without them, there would be no Women of the Year. We are fortunate to have records dating back to our inception in 1955. We believe it is important not to break the continuity of our archive and to be able to pass on a record of the amazing women who have been honoured by Us to future generations – not just their names, but also a limited amount of information, which will enable the names to be put into some context.
Based on this, We will retain the following personal information about our members for our historical records:
- Full name
- Brief biography
- Invitation date to Women of the Year Lunch
- Images from our events
In addition, during the year of an individual’s invitation to attend the Women of the Year Lunch and for 5 years thereafter, records of an individual’s contact details will be maintained. At the point of invitation to the relevant Lunch each Lunch Invitee will be invited to consent to remain on our Lunch Invitee database. In the absence of such consent, subject to paragraph 9 b above, your personal data will be removed from our database.
Category of recipients of personal data
We take all reasonable care to prevent any unauthorised access to and use of your personal data. Whilst any personal information that we use to provide or promote our services to you, will not be passed to any third-party organisation for marketing purposes. On occasion, your details may be shared with our approved contractors or agents who provide services to Us as described in paragraph 8 above.
Sensitive personal data. We will never collect sensitive personal data about you without your explicit consent and a clear explanation of why it is required.
Sale or passing of personal data to third parties
We will not sell or pass your personal data to any commercial or charitable organisation except where we have express consent to pass your details to our associated charity, the Women of the Year Foundation.
Data subject’s rights
Right of Access
You are entitled to access your personal data so that you are aware of and can verify the lawfulness of the processing. This is achieved through the mechanism of a Subject Access Request (SAR) and you have the right to obtain:
- Confirmation that your data is being processed (held)
- Access to your personal data (a copy)
- Other supplementary information that corresponds to the information in this privacy notice.
Under GDPR this information will be provided without charge, without delay and within one month. If an extension is required to the response time we will inform you within one month of receiving the request and provide an explanation for the delay. If requests are considered manifestly unfounded or excessive, in particular because they are repetitive, we may choose to: charge a reasonable fee taking into account the administrative costs of providing the information; or refuse to respond. The reasons for this will be formally notified to you and your rights to appeal to the appropriate Supervisory Authority, i.e. the UK Information Commissioner’s Office (ICO) will be highlighted.
To protect your personal data we will seek to verify your identity before releasing any information, which will normally be in electronic format.
Right of Rectification
You are entitled to have personal data rectified if it is inaccurate or incomplete. We will respond within one month to your request. In the unlikely event that we do not take action to the request for rectification, we will inform you of your rights to complain or seek judicial remedy.
Right of Erasure
You may request the deletion or removal of personal data where there is no compelling reason for its continued processing. The Right to Erasure does not provide an absolute ‘right to be forgotten’. However, you do have a right to have personal data erased and prevent processing in specific circumstances:
- Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
- When you withdraw consent (where applicable)
- When you object to the processing and there is no overriding legitimate interest for continuing the processing
- The personal data was unlawfully processed
- The personal data has to be erased in order to comply with a legal obligation
Right to Restrict Processing
Under the GDPR you have the right to ‘block’ or suppress processing of personal data. When processing is restricted, we are permitted to store the personal data, but not further process it. In this event exactly what is held and why will be explained to you.
Right to Data Portability
You may request to obtain and reuse your personal data for your own purposes across different services. This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability. The Right to Data Portability only applies:
- To personal data you have provided to us
- Where the processing is based on your consent or for the performance of a contract
- When processing is carried out by automated means
In these circumstances, we will provide a copy of your data in CSV or PDF format free of charge, without undue delay and within one month. If there is a delay to this, you will be informed.
Right to Object
You have the right to object to:
- Processing based on legitimate interests or the performance of a task in the public interest/excise of official authority (including profiling)
- Direct marketing (including profiling)
- Processing for purposes of scientific research/historical research and statistics.
- Automated decision making and profiling. We do not employ any automated decision-making or conduct profiling of Data Subjects.
Questions, comments and requests regarding our use of your personal data are welcomed and should be addressed to: Women of the Year, C/o Diane Coyne, Brewers’ Hall, Aldermanbury Square, London, EC2V 7HR.