1.1 We may make video and/or audio recordings of the Event (including of any breach by you of Clause 1.3, which may be used by us in proceedings).
1.2 By attending the Event you have read and agreed to this Policy and any Event hosting platform (e.g. Zoom) terms and conditions and privacy policies.
1.3 During the Event you shall not:
(a) use any disparaging, derogatory, offensive, racist, sexist or discriminatory language; or
(b) make any audio or video recordings of the Event.
2. DATA PROTECTION AND DATA PROCESSING
2.1 We shall:
(a) comply with all applicable legislation and regulations for the time being in force in the UK or any part of it, pertaining to data protection, data privacy, data retention and/or data security (including the General Data Protection Regulation (Regulation 2016/679) (“GDPR”)) and the Privacy and Electronic Communications Directive (Directive 2002/58/EC) (as may be superseded by the Regulation concerning the respect for private life and the protection of personal data in electronic communications (Regulation on Privacy and Electronic Communications) 2017/0003 (COD) (“ePrivacy Regulation”) and all national legislation implementing, supplementing or replacing and converting into domestic law such legislation in the United Kingdom or any applicable member state of the European Union) and all associated codes of practice and other guidance issued by any applicable data protection authority. The terms “personal data”, “process”, “data controller” and “data processor” shall have the meanings given in the applicable Data Protection Legislation (“Data Protection Legislation”);
 The Addison Lee Group is formed of: Addison Lee Limited, Project Tristar Limited and its Affiliates. Affiliates means at any relevant time, in relation to any entity, an entity which, directly or indirectly through one or more intermediaries, controls, is controlled by, or is under common control with that entity, where “control” means holding, directly or indirectly, a majority of the voting rights in it, or the power to direct or cause the direction of its management, policies or operations (whether through holding of voting rights, by contract or otherwise).
(b) to the extent applicable under the Data Protection Legislation, obtain and maintain all appropriate registrations required in order to allow us to perform our obligations under this Policy; and
(c) notify you of an individual within our organisation authorised to respond from time to time to enquiries regarding personal data.
2.2 Subject to clause 1.7, we:
(a) acknowledge that, in respect of personal data provided from you to us in relation to the Event (“Processed Data”), as between the parties, we act as a processor; and
(b) shall ensure that all our personnel who have access to and/or processProcessed Data are obliged to keep the personal data confidential.
(a) shall only process Processed Data in accordance with this Policy and your instructions as set out in this Policy and as issued from time to time (“Processing Instructions“) (which you shall ensure are compliant with the Data Protection Legislation). For the avoidance of doubt, this Policy constitutes your instructions to us, and we are further instructed to collect your personal data from the following sources from you, when you:
(i) complete forms in relation to attending or participating in the Event;
(ii) attend and participate in the Event;
(iii) interact with us or one of our representatives during the Event;
(iv) complete our surveys and feedback forms; and
(v) opt-in to marketing unless your organisation has agreed otherwise with us.
(b) shall notify you if applicable law requires us to process Processed Data other than in accordance with the Processing Instructions, before processing the Processed Data (unless applicable law prohibits such information on important grounds of public interest);
(c) shall inform you if we become aware of a Processing Instruction that, in our opinion infringes Data Protection Legislation, provided that, this provision is without prejudice to clauses 1.1 in respect of you;
(d) shall provide reasonable cooperation and assistance to you in ensuring compliance with:
(i) your obligations to respond to any complaint or request from any applicable data protection authority seeking to exercise their rights under any Data Protection Legislation as they relate to this Policy;
(ii) your obligations set out under Articles 32 – 36 of the GDPR to:
(A) ensure the security of the processing;
(B) notify the relevant supervisory authority, where relevant, of any accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to any Processed Data (“Personal Data Breach”);
(C) carry out any data protection impact assessments (“DPIA“) on the impact of the processing on the protection of Processed Data; and
(D) consult the relevant supervisory authority prior to any processing where a DPIA indicates that the processing would result in a high risk in the absence of measures taken by you to mitigate the risk;
(e) notify you without undue delay on becoming aware of a Personal Data Breach in respect of Processed Data processed under this Policy;
(f) shall make available to you all information reasonably required by you to demonstrate our compliance with its obligations set out in this clause 1 and allow and co-operate with any data protection audits and inspections conducted by you or another auditor mandated by you, provided that reasonable prior notice is provided, and no more than one such audit or inspection is conducted during any 12-Month period unless mandated by a supervisory authority;
(g) taking into account the nature of and risks associated with the type of personal data collected or used in connection with the Event, shall have in place appropriate technical and organizational measures to ensure a level of security appropriate to the risks that are presented by the processing of personal data by or on behalf of us including where appropriate data protection by default and/or by design measures, and all other such measures as may be agreed between the parties; and
(h) at your written direction, delete or return Processed Data and copies thereof to you unless required by applicable law and/or permitted under applicable Data Protection Legislation to store the Processed Data.
2.4 The delivery of the Event may require the transfer of personal data to countries outside the EEA from time to time. Subject to clause 1.5, we and our sub-processors shall not, without your prior written consent, transfer any Processed Data to a country or territory outside the EEA unless adequate contractual or other assurances have first been put in place such as will enable each party to comply with the requirements of the Data Protection Legislation.
2.5 You hereby grant to us general authorisation for sub-processing, provided that:
(a) We and each sub-processor enter into a contract on terms substantially as protective as this clause 1;
(b) We shall keep you informed from time to time of any intended changes concerning the addition or replacement of any categories of sub-processors engaged in the delivery of the Event by updating https://www.addisonlee.com/subprocessors/ (the “Subprocessor Domain”), giving you the opportunity to object to such changes on reasonable grounds of non-compliance or material risk of non-compliance by you with Data Protection Legislation by notifying us of its objections in writing within 7 calendar days of the notification; and
(c) We shall remain fully liable to you for the performance of each sub-processor’s obligations.
2.6 The parties acknowledge that the types of personal data processed pursuant to this Policy (i.e. Processed Data) (including the subject matter, duration and nature and purpose of the processing) are as described in Annex 1.
2.7 If and to the extent, we are the data controller in relation to personal data collected from the Event, we shall comply with the applicable provisions of the Data Protection Legislation.
3. PUBLICITY AND PROMOTION
3.1 You shall provide us with and allow us to use and reproduce your name, approved likeness and approved biographical material in connection with promoting the Event. All material supplied to us by you shall be deemed to be approved for these purposes unless you have informed us to the contrary in writing in advance. You consent to appearing in one or more images, film or recording of the same of the Event to be used by us on our social media, website and internally for all time consideration and hereby assign any and all right, title and interest in and to such Event images, film or recording of the same to us. You agree to waive and agree not to assert any and all moral and like rights in relation to such Event images, film or recording of the same.
ANNEX 1 – PROCESSED DATA
We set out below a description of the Processed Data being processed from the Event and further detail required pursuant to the GDPR.
Types of personal data
Name, business name, business email address, your image, audio and likeness (as captured on a webinar or on recordings we make of the Event).
Duration of processing
Until the latest of (a) the date upon which processing is no longer necessary for the purposes of us performing our obligations or (b) processing for the purpose of compliance with applicable law and/or regulatory requirements.
Nature of processing
Collection, storage, duplication, transfer, electronic viewing, deletion and destruction.
Purpose of processing
The delivery of the Event, to communicate directly with you for the purpose of providing and promoting the Event, to process personal data to communicate directly to you for the purpose of promoting the Event, and to process personal data to communicate directly with you for the purpose of requesting that you participate in surveys to improve customer experience.