Event Attendee Privacy Notice

Our contact details CFS Events, Mindenhall Court, 17 High Street, Stevenage, Hertfordshire, SG1 3UN

Email: admin@cfsevents.co.uk

Tel: 01438 751 519

Thank you for registering to attend a CFS Events’ event. We aim to be as open and transparent as possible with the people we deal with, so that you are fully informed about how we use your information. This privacy notice is intended to let you know what we process, why it’s processed, what your legal rights are, and how to complain. If you think we’ve missed anything, or if anything is unclear – please let us know and we will take steps to remedy things.

This privacy notice applies to all attendees of our events. The information we will process about you will depend on the specific event.

Where we are the organisation making the decisions about how to use the data we collect, how long to keep it, who to share it with and more, we are the Controller.

We also act as a Processor for many of our clients who contract us to run events on their behalf. Those clients are the Controllers of that data, and if you have any questions regarding the data used by attending an event organised by one of our clients, please contact them directly.

CFS Events is registered with the ICO as a controller under registration Z8954434.

This Privacy Notice was last updated on 07/01/2025.

Contents in this notice

Contents

What are our obligations to you in relation to how we process your personal data? ……………….. 2

What information we process and why ……………………………………………………………………………….. 2

How we get the information ………………………………………………………………………………………………. 3

Summary of our lawful bases for processing your data …………………………………………………………. 3

Special Category Data ………………………………………………………………………………………………………… 3

Who do we share your information with? ……………………………………………………………………………. 4

How we store your information ………………………………………………………………………………………….. 5

Your data protection rights ………………………………………………………………………………………………… 5

How to complain ……………………………………………………………………………………………………………….. 5

What are our obligations to you in relation to how we process your personal

data?

We promise that we will always make sure that your information is:

Used lawfully, fairly and in a transparent way.
Kept to a minimum – we won’t process any data we don’t need.
As accurate as possible – though we will need you help us with this at times.
Relevant to the purposes we have told you about and limited only to those purposes.
Only kept for only as long as necessary for the purposes we have told you about.
Kept securely.
We are able to evidence the above and are always happy to be held accountable by regulators, and

you, our attendees.

What information we process and why

We currently collect and process the following information:

In order to maintain our contractual and legal obligations, and to manage our events, we need to process:

Basic Personal Identifiers:

Personal contact details, address, job title, telephone number etc.
We require your name and hospital/organisation in order to identify you during the event, including during on-site registration and for proof of UK & European CPD claims.

Your telephone number and email address will be used to contact you prior to an event, in relation to that specific registration where necessary; to update you on programme/logistical information relating to the event, and in order to send information from the sponsors of an event about the event itself.

We collect personal information and gather abstract submissions from people looking to present at our meetings

Economic and Financial Data:

We process this information for the payment of event fees.
The data we use for the above is – credit/debit card numbers, expiry date and CVS code.

Dietary preferences and accessibility information:

Your dietary and accessibility requirements will be used to ensure you are properly catered for at the event.

Official Documents:

Passport information
We will use passport information sent to us by you in order to inform the travel agent, in order to book travel for those attending our events.

We have a number of reasons where we have a legitimate interest to process your information:

Basic personal identifiers:

Sending information emails, reminders, evaluation emails and certificates relating to events, to those who have registered for that event.

We process basic personal identifiers when arranging for reviewers to review and mark abstract submissions, and in sending abstracts, and author details to industry publications in order to publish abstracts in the press.

Processing data in order to create table plans, and putting tent cards out on tables where needed

Sponsorship & Exhibition Sales:

Sending emails and making phonecalls to potential sponsors of our events

Identification data:

Collecting attendee information, including GMC number via sign-in sheets at events, for the purpose of taking a register for CPD accreditation

Speaker Liaison:

Using personal information in inviting speakers to speak at an event; The creation of an agenda for our events, with speaker details included

Adding the Programmes to our website in order to advertise the programme for the event, on our website, includes speaker details.

Delegate Apps:

Creating a delegate app, which delegates can use to search through other delegates at the event, and ‘match’ with them, in order to network and send them messages etc.

Photography Notice:

Please be aware that a photographer may be present at this event to capture moments for promotional and documentation purposes. If photography is planned, a sign will be displayed at the registration area to inform attendees. If you prefer not to be photographed, kindly notify us during registration, and we will take appropriate measures to respect your preferences. Your privacy is important to us, and we appreciate your cooperation.

We collect you consent in order to process your information for:

Event marketing:

Sending marketing emails to our databases to advertise our events.
We track opens and clicks for our email campaigns via SendGrid.
You are able to opt out of these marketing emails at any time, by emailing ‘Removal from database’ to admin@cfsevents.co.uk.

How we get the information

We get information about you from the following sources:

Directly from you

Summary of our lawful bases for processing your data

(a) We have a contractual obligation

(b) We have a legal obligation

(d) We have a legitimate interest

Special Category Data

We keep the amount of Special Category (also known as sensitive) Data we process about you to an absolute minimum. Where we do process it, it is to ensure you have any reasonable adjustments met, to ensure you are able to attend the event safely. We anonymise this information where possible, when we share it with venues etc.

Where the information we process is special category data, for example your health data, the legal exemptions for processing that we rely on are:

Article 9(2)(b) which relates to carrying out our obligations in the safeguarding of your fundamental rights. The supporting reference in the DPA2018 is Sch 1, Part 1 (1). This is for reasonable adjustments, sickness etc.

How long we keep your personal data

Personal data relating to your attendance at an event will be kept for a period of 3 years following the date of the event.

Financial information, including billing address will be kept for a period of 7 years, in line with financial practices.

Who do we share your information with?

We are legally obliged to share information in some circumstances such as the receipt of a court order.

In addition to our legally obligated data sharing, we share information with the following organisations:

a) Venues, Hotels and Conference Centres
b) Service providers acting as processors such as

EventsAir Privacy Notice