DATA PRIVACY POLICY FOR WOMEN OF THE YEAR LUNCH INVITEES

  1. Introduction
    1. Women of the Year, a company limited by guarantee registered in England and Wales under company number 03524013 whose registered office is at c/o Diane Coyne, Brewers’ Hall, Aldermanbury Square, London EC2V 7HR (“We”/”Us”), is dedicated to ensuring the privacy of all individuals whose personal data we process.  We recognise that privacy is important. This Privacy Policy explains how we collect and use any personal information you provide to us.
    1. We will only use the information that we collect about you lawfully and in accordance with the General Data Protection Regulation (GDPR) and the British Data Protection Bill.
    1. We set out below what personal information we hold about individuals, what we do with that personal information, and your rights regarding this information. 
  1. Lunch Invitees.  This Privacy Notice applies to individuals who are about to be or have been invited to attend an annual Women of the Year Lunch. In legal terms, Lunch Invitees are “Data Subjects” i.e. “you”.  Individuals are invited to join our database on receipt of an invitation to attend a Women of the Year Annual Lunch. 
  1. The data controller.  Women of the Year (“We”) from a legal perspective are classed as the “Data Controller”.
  1. Purpose of processing personal data.  We collect personal data primarily to invite you to attend a Women of the Year Annual Lunch. Thereafter, with your consent, we will provide information about out our Alumnae Club, events, talks and news and information about Women of the Year and its associated charity, Women of the Year Foundation.
  1. Lawful basis of processing personal data.  The lawful basis of processing your personal data is as follows:
    1. Legitimate interests: Processing is necessary to invite individuals to attend a Women of the Year Lunch for the benefit of the individuals so honoured
    2. Consent: Processing takes place with your express consent to invite you to join the Women of the Year Alumnae Club; provide news and information about Women of the Year and its associated charity, Women of the Year Foundation; and to provide news and information regarding future events such as lectures and talks.
  1. Categories of personal data processed. 
    1. The information we hold should be accurate and up-to-date.  The personal information that we hold, will be held securely in accordance with our internal data protection and security policies.  The type or categories of personal data we will collect about you includes your:
      1. Name
      2. Postal address
      3. Email address
      4. Job title/honours
      5. Telephone number
      6. Dietary requirements
      7. Images from our events
    1. Lists of attendees at one of the Women of the Year Lunches and other events may include your name, job title and a brief biography about you.
  1. Sharing personal data with other Lunch Invitees.  Other than lists of attendees at a Women of the Year Lunch, or other event as referred to in paragraph 6 b above, We will not share any personal information about you with other Lunch Invitees.
  1. Processing personal data via third party data processors.  We will only share your information with third party data processors who have entered into legally binding obligations to comply with the terms of this policy and all relevant data protection laws. Examples of third party processors include IT support services, website developers, freelance administrators and cloud service providers.  All third-party processors are thoroughly assessed and vetted by Us.
  1. Retention of personal data.
    1. Women of the Year is the sum of its Lunch Invitees and AC Members. Without them, there would be no Women of the Year. We are fortunate to have records dating back to our inception in 1955. We believe it is important not to break the continuity of our archive and to be able to pass on a record of the amazing women who have been honoured by Us to future generations – not just their names, but also a limited amount of information, which will enable the names to be put into some context. 
    1. Based on this, We will retain the following personal information about our members for our historical records:
      1. Full name
      2. Brief biography
      3. Invitation date to Women of the Year Lunch
      4. Images from our events
    1. In addition, during the year of an individual’s invitation to attend the Women of the Year Lunch and for 5 years thereafter, records of an individual’s contact details will be maintained. At the point of invitation to the relevant Lunch each Lunch Invitee will be invited to consent to remain on our Lunch Invitee database. In the absence of such consent, subject to paragraph 9 b above, your personal data will be removed from our database.
  1. Category of recipients of personal data.  We take all reasonable care to prevent any unauthorised access to and use of your personal data.  Whilst any personal information that we use to provide or promote our services to you, will not be passed to any third-party organisation for marketing purposes. On occasion, your details may be shared with our approved contractors or agents who provide services to Us as described in paragraph 8 above.
  1. Sensitive personal data.  We will never collect sensitive personal data about you without your explicit consent and a clear explanation of why it is required.
  1. Sale or passing of personal data to third parties.  We will not sell or pass your personal data to any commercial or charitable organisation except where we have express consent to pass your details to our associated charity, the Women of the Year Foundation.
  1. Data subject’s rights
    1. Right of Access. 
      1. You are entitled to access your personal data so that you are aware of and can verify the lawfulness of the processing.  This is achieved through the mechanism of a Subject Access Request (SAR) and you have the right to obtain:
        1. Confirmation that your data is being processed (held)
        2. Access to your personal data (a copy)
        3. Other supplementary information that corresponds to the information in this privacy notice.
      2. Under GDPR this information will be provided without charge, without delay and within one month.  If an extension is required to the response time we will inform you within one month of receiving the request and provide an explanation for the delay. If requests are considered manifestly unfounded or excessive, in particular because they are repetitive, we may choose to: charge a reasonable fee taking into account the administrative costs of providing the information; or refuse to respond.  The reasons for this will be formally notified to you and your rights to appeal to the appropriate Supervisory Authority, i.e. the UK Information Commissioner’s Office (ICO) will be highlighted.
      3. To protect your personal data we will seek to verify your identity before releasing any information, which will normally be in electronic format.
    1. Right of Rectification. 

You are entitled to have personal data rectified if it is inaccurate or incomplete.  We will respond within one month to your request.  In the unlikely event that we do not take action to the request for rectification, we will inform you of your rights to complain or seek judicial remedy.

    1. Right of Erasure.

You may request the deletion or removal of personal data where there is no compelling reason for its continued processing.  The Right to Erasure does not provide an absolute ‘right to be forgotten’.  However, you do have a right to have personal data erased and prevent processing in specific circumstances:

        1. Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
        2. When you withdraw consent (where applicable)
        3. When you object to the processing and there is no overriding legitimate interest for continuing the processing
        4. The personal data was unlawfully processed
        5. The personal data has to be erased in order to comply with a legal obligation
    1. Right to Restrict Processing.

Under the GDPR you have the right to ‘block’ or suppress processing of personal data.  When processing is restricted, we are permitted to store the personal data, but not further process it.  In this event exactly what is held and why will be explained to you.

    1. Right to Data Portability. 
      1. You may request to obtain and reuse your personal data for your own purposes across different services.  This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.  The Right to Data Portability only applies:
        1. To personal data you have provided to us
        2. Where the processing is based on your consent or for the performance of a contract
        3. When processing is carried out by automated means
      2. In these circumstances, we will provide a copy of your data in CSV or PDF format free of charge, without undue delay and within one month.  If there is a delay to this, you will be informed.
    1. Right to Object.

You have the right to object to:

        1. Processing based on legitimate interests or the performance of a task in the public interest/excise of official authority (including profiling)
        2. Direct marketing (including profiling)
        3. Processing for purposes of scientific research/historical research and statistics.
  1. Automated decision making and profiling.  We do not employ any automated decision-making or conduct profiling of Data Subjects.

Contact us.  Questions, comments and requests regarding our use of your personal data are welcomed and should be addressed to: Women of the Year, C/o Diane Coyne, Brewers’ Hall, Aldermanbury Square, London, EC2V

DATA PRIVACY POLICY FOR WOMEN OF THE YEAR ALUMNAE CLUB MEMBERS 

  1. Introduction
    1. Women of the Year, a company limited by guarantee registered in England and Wales under company number 03524013 whose registered office is at c/o Diane Coyne, Brewers’ Hall, Aldermanbury Square, London EC2V 7HR (“We”/”Us”), is dedicated to ensuring the privacy of all individuals whose personal data we process.  We recognise that privacy is important. This Privacy Policy explains how we collect and use any personal information you provide to us.
    1. We will only use the information that we collect about you lawfully and in accordance with the General Data Protection Regulation (GDPR) and the British Data Protection Bill.
    1. We set out below what personal information we hold about individuals, what we do with that personal information, and your rights regarding this information. 
  1. Alumnae Club Members’ (“AC Members”) terms and conditions.  This Privacy Notice forms part of Terms and Conditions for being an Alumnae Club member of the Women of the Year.  In legal terms, members are “Data Subjects” i.e. “you”.  Individuals are admitted to the Women of the Year Alumnae Club annually on application or renewal.  Upon ceasing to be an active AC Member, an individual remains a past invitee to the Women of the Year Lunch.
  1. The data controller.  Women of the Year (“We”) from a legal perspective are classed as the “Data Controller”.
  1. Purpose of processing personal data.  We collect personal data primarily to administer your membership and renewal of the Alumnae Club, invite you to Alumnae Club events and talks, provide information about Alumnae Club initiatives and provide news and information about Women of the Year and its associated charity, Women of the Year Foundation.
  1. Lawful basis of processing personal data.  The lawful basis of processing your personal data is as follows:
    1. Contractual interests: Processing is a necessary part of the annual contract between us and the AC Members
    2. Legitimate interests: Processing is necessary to ensure the proper administration of our Alumnae Club talks and events for the benefit of AC Members
    3. Consent: Processing takes place with your express consent to provide news and information about Women of the Year and its associated charity and Women of the Year Foundation; and to provide news and information regarding Women of the Year events.
  1. Categories of personal data processed. 
    1. The information we hold should be accurate and up-to-date.  The personal information that we hold, will be held securely in accordance with our internal data protection and security policies.  The type or categories of personal data we will collect about you includes your:
      1. Name
      2. Postal address
      3. Email address
      4. Job title/honours
      5. Telephone number
      6. Images from our events
    1. Lists of attendees at Alumnae Club and other events may include your name, job title and a brief biography about you.
  1. Sharing personal data with other AC Members.  Other than lists of attendees at Alumnae Club events as referred to in paragraph 6 b above, we will not share any personal information about you with other AC Members.
  1. Processing personal data via third party data processors.  We will only share your information with third party data processors who have entered into legally binding obligations to comply with the terms of this policy and all relevant data protection laws. Examples of third party processors include IT support services, website developers, freelance administrators and cloud service providers.  All third-party processors are thoroughly assessed and vetted by Us.
  1. Retention of personal data.
    1. Women of the Year is the sum of its Lunch Invitees and AC Members. Without them, there would be no Women of the Year. We are fortunate to have records dating back to our inception in 1955. We believe it is important not to break the continuity of our archive and to be able to pass on a record of the amazing women who have been honoured by Us to future generations – not just their names, but also a limited amount of information, which will enable the names to be put into some context. 
    1. Based on this, we will retain the following personal information about our members for our historical records:
      1. Full name
      2. Last known address
      3. Brief biography
      4. Images from our events
    1. In addition, during active AC Membership records of an individual’s membership and contact details will be maintained. When an AC Member leaves the Alumnae Club, they will be invited to consent to remain on our AC membership database. In the absence of such consent, subject to paragraph 9 b above, your personal data will be removed from our database after seven years.
  1. Category of recipients of personal data.  We take all reasonable care to prevent any unauthorised access to and use of your personal data.  Whilst any personal information that we use to provide or promote our services to you, will not be passed to any third-party organisation for marketing purposes. On occasion, your details may be shared with our approved contractors or agents who provide services to Us as described in paragraph 8 above.
  1. Sensitive personal data.  We will never collect sensitive personal data about you without your explicit consent and a clear explanation of why it is required.
  1. Sale or passing of personal data to third parties.  We will not sell or pass your personal data to any commercial or charitable organisation except where we have express consent to pass your details to our associated charity, the Women of the Year Foundation.
  1. Data subject’s rights
    1. Right of Access. 
      1. You are entitled to access your personal data so that you are aware of and can verify the lawfulness of the processing.  This is achieved through the mechanism of a Subject Access Request (SAR) and you have the right to obtain:
        1. Confirmation that your data is being processed (held)
        2. Access to your personal data (a copy)
        3. Other supplementary information that corresponds to the information in this privacy notice.
      2. Under GDPR this information will be provided without charge, without delay and within one month.  If an extension is required to the response time, we will inform you within one month of receiving the request and provide an explanation for the delay. If requests are considered manifestly unfounded or excessive, in particular because they are repetitive, we may choose to: charge a reasonable fee taking into account the administrative costs of providing the information; or refuse to respond.  The reasons for this will be formally notified to you and your rights to appeal to the appropriate Supervisory Authority, i.e. the UK Information Commissioner’s Office (ICO) will be highlighted.
      3. To protect your personal data we will seek to verify your identity before releasing any information, which will normally be in electronic format.
    1. Right of Rectification. 

You are entitled to have personal data rectified if it is inaccurate or incomplete.  We will respond within one month to your request.  In the unlikely event that we do not take action to the request for rectification, we will inform you of your rights to complain or seek judicial remedy.

    1. Right of Erasure.

You may request the deletion or removal of personal data where there is no compelling reason for its continued processing.  The Right to Erasure does not provide an absolute ‘right to be forgotten’.  However, you do have a right to have personal data erased and prevent processing in specific circumstances:

        1. Where the personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
        2. When you withdraw consent (where applicable)
        3. When you object to the processing and there is no overriding legitimate interest for continuing the processing
        4. The personal data was unlawfully processed
        5. The personal data has to be erased in order to comply with a legal obligation
    1. Right to Restrict Processing.

Under the GDPR you have the right to ‘block’ or suppress processing of personal data.  When processing is restricted, we are permitted to store the personal data, but not further process it.  In this event exactly what is held and why will be explained to you.

    1. Right to Data Portability. 
      1. You may request to obtain and reuse your personal data for your own purposes across different services.  This allows you to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.  The Right to Data Portability only applies:
        1. To personal data you have provided to us
        2. Where the processing is based on your consent or for the performance of a contract
        3. When processing is carried out by automated means
      2. In these circumstances, we will provide a copy of your data in CSV or PDF format free of charge, without undue delay and within one month.  If there is a delay to this, you will be informed.
    1. Right to Object.

You have the right to object to:

        1. Processing based on legitimate interests or the performance of a task in the public interest/excise of official authority (including profiling)
        2. Direct marketing (including profiling)
        3. Processing for purposes of scientific research/historical research and statistics.
  1. Automated decision making and profiling.  We do not employ any automated decision-making or conduct profiling of Data Subjects.
  1. Contact us.  Questions, comments and requests regarding our use of your personal data are welcomed and should be addressed to: Women of the Year, C/o Diane Coyne, Brewers’ Hall, Aldermanbury Square, London, EC2V 7HR.