2. The controller of your personal data
3.Personal data we collect
The type of personal data collected and used by us varies depending upon whether you browse our website; book tickets for an event; avail of complimentary other Business Post Group services; request to receive marketing communications or attend an event. Typically, we collect and process the following kinds of personal data
- Identity Data: first name; last name; company name (not compulsory); job title/position.
- Contact Data: billing address; delivery address; eircode (not compulsory); email address and telephone numbers.
- Transaction Data: details about payments from you and other details of products and services you have purchased from us; purchase order number (not compulsory).
- Technical Data: Internet Protocol (IP) address you use to access our website.
- Marketing and Communications Data: your preferences in receiving marketing from us and from third parties; your communication preferences; marketing insights such as where you heard about a particular event we are promoting.
- Image Data: consisting of your personal image contained in photographs and videos taken by our representatives at events you attend.
We also collect, use and share aggregated data such as statistical or demographic data for various purposes. Aggregated data may be derived from your personal data but is not considered personal data in law as this data does not directly or indirectly reveal your identity. Where we need to collect personal data by law, or under the terms of a contract we have with you, and you do not provide that personal data when requested, we may not be able to perform the contract we have or are trying to enter into with you. In this case, we may not be able to provide all or part of the relevant service.
4.How we collect your personal data
- Direct Interactions: You may provide us with your personal data when contacting us through our website features; when you purchase or request any of our services, and when you attend any of our events. You may also provide us with your personal data when corresponding with us by post, phone, email or otherwise.
We will inform you at the time of collecting personal data from you whether you must provide the personal data to use the website or any of our services, and whether the provision of personal data requested by us is optional. We will inform you at the time of collection whether your personal data will be accessible to third parties, so that you can decide whether to provide it. Please note we will receive Technical Data and Usage Data when you browse the website. This is further explained below.
5.How do we use your personal data
We will only use your personal data when the law allows us to. We have set out below a description of the ways we will use your personal data, and the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
|Purpose / activity||Type of personal data||Lawful basis for processing personal data|
|To allow you to request tickets for an event.||Identity Data Contact Data||Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract.|
|To allow you to avail of complimentary access to other Business Post Group products and services where offered.||Identity Data Contact Data||Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract.|
|To process and manage your order including: (i) to manage payments and charges; and (ii) to collect money owed to us.||Identity Data Contact Data Transaction Data||Necessary for the performance of a contract with you or in order to take steps at your request prior to entering into a contract. Necessary for our legitimate interests (to collect money owed to us).|
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||Identity Data Contact Data Technical Data||Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud) Necessary to comply with a legal obligation|
|To use data analytics to improve our website, our services, marketing strategy and output, customer interactions, relationships and experiences.||Technical Data Usage Data||Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy).|
|To make suggestions and recommendations to you about goods or services that may be of interest to you.||Identity Data Contact Data Technical Data Usage Data Marketing and Communications Data||Necessary for our legitimate interests (to develop our products/services, direct market and grow our business).|
|To film events by audio, visual, audio-visual or electronic means; to take photographs at events, in each case which may include the capture of images of one or more attendees; to include such images on our website, social media and other publicity media.||Image Data||Necessary for our legitimate interests (to develop our products/services and grow our business).|
|To share details of event delegates with other delegates and with the sponsor(s) of an event.||Identity Data Contact Data||Necessary for our legitimate interests or that of a third party (i.e. a sponsor) (to offer delegates meaningful networking opportunities, to attract sponsorship which in turn allows us to develop our products/services and grow our business).|
Marketing: We endeavour to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We have established the following personal data control mechanisms:
- Promotional offers from us: We may use your Identity, Contact, Technical and Usage Data to form a view on what we think may be of interest to you. This is how we decide which products, services and offers may be relevant for you for marketing. You will receive marketing communications from us if you have requested information from us.
- Third-party marketing: We will obtain your express opt-in before we share your personal data with any third party for marketing purposes. In this regard, you may be asked when purchasing one or more of our services (e.g. making an online purchase of tickets for one of our events) whether you would like to receive the latest news, offers and upcoming events from the sponsor(s) of the event you intend to attend. This is completely optional. If you agree to receive this third-party marketing, you can opt-out at any time. The sponsor’s processing of your personal data, and its direct marketing practices, will be in accordance with the sponsor’s own privacy notice, which it must make available to you.
- Opting out: You can ask us or third parties to stop sending you marketing messages at any time. Where you opt out of receiving these marketing messages, this will not apply to informational communications we send to you regarding your attendance at a specific event or any other product availed of within the Business Post Group.
6.Disclosure of your personal data
- Internal third parties: Companies (i.e. a parent company, a subsidiary company and/or a parent of another subsidiary company) for (i) the provision of and administration of the website, and (ii) the provision of services in respect of the arrangement, promotion and running of our events.
- External service providers: Companies that provide products and services to us such as professional advisors, IT systems suppliers and support, data storage solutions, IT developers, insurance providers, analytics companies, website hosting providers and other service providers, including:
Amazon S3 (customer details, media storage and email delivery)
Piano.io (customer details)
- External event sponsors: We disclose to the sponsors of the event you attend your name, job title and the organisation you work with. If you agree, we will also share your email address with the sponsor of the event you are attending so that the sponsor may send you marketing communications regarding its own goods and/or services.
- Other attendees: The names, job titles and organisations (without contact details) of all registered delegates will be placed on the delegate list for the event. This list will be provided to all delegates via an online attendee directory and at the event. You can opt out of your information being included in the published delegate list by contacting us prior to the event taking place using the following email address [email protected]
Each third party service provider will only have access to such personal data as is necessary to perform their services to BPG. Please note that some of the above categories of third party recipients may not be applicable for the service(s) that you purchase or request from us.
7.Sharing your personal data in other countries
- Where the country has been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- We may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe. For further details, see European Commission: Model contracts for the transfer of personal data to third countries.
- Where service providers are based in the US, we may transfer data to them if they are part of the EU-U.S. Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield. In this regard, we use the services of Mailchimp, located in the United States, which is currently certified under the EU-U.S. and Swiss-U.S. Privacy Shield Framework.
8.The length of time we retain your personal data
We retain your personal data for as long as is required to provide the services requested by you and any subsequent legal or accounting requirements. If you cease receiving a service we will retain your personal data for a total of 12 months for legal and accounting reasons. After this period we will either automatically delete the personal data completely or anonymise your personal data so it no longer personally identifies you.
It is sometimes necessary for us to keep your personal data for longer periods of time, for example:
- If there is a statutory requirement to retain it.
- If we require the information for legal reasons or there is a legitimate business need for us to retain it.
- To ensure we do not contact you if you have asked us not to.
9. Data security
We are committed to maintaining the security of your personal data which we process. We maintain appropriate physical, procedural, organisational and technical security measures intended to prevent loss, misuse, unauthorised access, disclosure, or modification of personal data under our control. However, you recognise that no entity can keep personal data 100% secure. If you have reason to believe that any of your personal data is no longer secure, please notify us immediately using the contact information supplied below.
10. Third party websites
11. Your legal rights
Under certain circumstances, by law you may have the right to:
- Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate personal data we hold about you corrected.
- Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have exercised your right to object to processing (see below), where we may have processed your personal data unlawfully or where we are required to erase your personal data to comply with local law. We may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
- Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your personal data which override your rights and freedoms.
- Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the personal data is unlawful but you do not want us to erase it; (c) where you need us to hold the personal data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your personal data but we need to verify whether we have overriding legitimate grounds to use it.
- Request the transfer of your personal data to you or to a third party. This enables you to ask us to provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the personal data to perform a contract with you.
- Right to withdraw consent: In the limited circumstances where you may have provided your consent to the processing of your personal data for a specific purpose, you have the right to withdraw your consent for that specific processing at any time. To withdraw your consent, please contact us in writing using the details set out in the Contact Us section 15 below. Once we have received notification that you have withdrawn your consent, we will no longer process your personal data for the purpose or purposes you originally agreed to, unless we have another legitimate basis for doing so in law.
12. Exercising your rights
To exercise one or more of your rights in respect of your personal data, please contact us in writing using the contact details below. You will not have to pay a fee to access your personal data (or to exercise any of the other personal data legal rights). However, we may charge a reasonable fee if your request is clearly unfounded or excessive. Alternatively, we may refuse to comply with the request in such circumstances.
13. Contacting the data protection supervisory authority
You have the right to make a complaint at any time to the relevant data protection supervisory authority. We would, however, appreciate the chance to deal with your concerns before you contact the relevant supervisory authority so please contact us in the first instance.
15. Contact us
Business Post Group Limited
2ND FLOOR BLOCK B, THE MERRION CENTRE, MERRION ROAD DUBLIN 4, D04W8W2
+353 (1) 241 1520
Email: [email protected]