GDPR for Sponsors
Our GDPR Policies and Compliance Notices
The GDPR (General Data Protection Regulation) is a new set of European privacy laws that came into force in May 2018 and protects the personally identifiable information of EU data subjects (typically EU residents). You can learn more about how we abide by these laws on this page.
Please note that this page only describes our GDPR compliance and policies in relation to our sponsors.
What is “personally identifiable information”?
Personally identifiable information is any information which can be directly correlated to you as an individual. For example, this could include:
- Your name;
- Email address - including named corporate B2B addresses;
- Personal affiliations;
- IP addresses used.
What personally identifiable information do we hold?
The information we store and process about sponsors is as follows:
- Email address;
- Employer name;
- City and country (sometimes).
What is the “right to access”?
If we hold personally identifiable information about you and you are a resident of the European Union, you are able to request that we provide you with a machine-readable copy of that information. In our case, that would typically be your email address and potentially other information we may have collected such as your company name.
You can email us at email@example.com to request access to this data. Please note that it is necessary for us to verify your identity for data protection reasons, although if you are requesting data assigned to the same email address from which you make the request, we will consider this “reasonable means” of verification.
What is the “right to erasure”?
You are able to request that we erase all information we store about you that is personally identifiable and which we are not required, by law, to keep (for example, we may need to keep customer information for tax purposes, but GDPR allows this).
If you email firstname.lastname@example.org we will process your request. We can either erase all of your personally identifiable information (in which case you will also be removed from our contact lists for future listings) or erase part of your information, such as if we hold your name, company name, and similar details on file.
The basis on which we handle your personally identifiable information:
We have determined that for some uses of personal data, the “Legitimate Interest” basis is appropriate. Handling of personal data to send emails to sponsors passes the three relevant tests:
- Purpose test. Is there a legitimate interest behind the processing? It is in both the interest of us and our sponsors for us to be able to send emails with the latest service information that they have previously requested and we store the information required to be able to do this (their email address).
- Necessity test. It is necessary for us to store sponsors' email addresses in order to be able to send them information about our services that they have specifically and directly requested.
- Balancing test. This test requires we take into account the impact on individuals of our data processing practices. Our audience are principally adults representing businesses and who have explicitly requested information about our services. We use their personal information principally to send them the information requested. Use of their personally identifiable information for other purposes would require a further basis, though no such processing is currently undertaken, and we use our sponsors’ data in only ways that they would reasonably expect us to.
For the remainder of the uses of personal data with our sponsors, in particular, the contractual basis comes into play. That is, it is necessary for us to hold your name, email, address, employer information, and related information in order for us to participate in the contracts formed between us and you and your company.
How we share information with third parties:
It is a necessity of business that we share personally identifiable information with third parties under certain situations. We have tried to enumerate each opportunity this occurs below:
- We use Airtable as our database management system - including planning sales;
- Our internal booking system (managed and hosted by us);
- Close.io is the CRM we use to store sponsor details including personal information - names, emails and business addresses;
- Conversations between team members in Slack;
- If we bill customers or other users, the information associated with these orders may come via PayPal or Stripe and then may be shared with our accountants, bookkeepers, and Xero, our online accounting platform providers;
- Information may be shared with authorities in the United Kingdom and/or the customers' country when legally required (e.g. for tax auditing purposes).
All of the third parties listed above either have a presence in the EU and are subject to the GDPR themselves, or have asserted they comply to the EU-US Privacy Shield policy.