This privacy notice explains what personal information the University process for the purposes of processing bookings on events managed in the Event Booking system. It explains why we hold this information, what we do with it, how long we keep it for and if we share it with third parties. What information do we hold and why? When you book on an event we process: Information about who you are (from University records) Information you provide on adjustments that may need to be made to enable you attend events Dietary requirements for catered events Additional information you provide for some events as part of the booking process The information you provide will be used by the University to manage attendance at events booked through event booking, and provide feedback if applicable. We are using information about you because it is necessary for the performance of contract with us for this event. Use of your information Information about you will be shared with the event organiser for the purpose of administration of the event and recording attendance. Some events may produce delegate lists to share with event attendees. Please contact the event organiser if you have any queries about this. We will hold the personal data you provided us for a period of 7 years so we can maintain a record of the courses you have booked on. We do not use profiling or automated decision-making processes. This means that a human decision maker will be involved in every decision made about you. General information about the University’s approach to data protection and to your rights can be found here. Data controller and contact details If you have any questions, please contact the Enterprise Data Services Team Manager Susan Cooke Enterprise Data Services Team Manager Contact details Work: 0131 651 4450 Email: susan.cooke@ed.ac.uk For data collected under this privacy notice, the University of Edinburgh (the “University”) is the Data Controller (as that term is defined in the EU General Data Protection Regulation (Regulation (EU) 2016/679), registered with the Information Commissioner’s Office, Registration Number Z6426984. The University's Data Protection Officer can be contacted at: Data Protection Officer Contact details Email: dpo@ed.ac.uk Our data protection policy is on our website. University data protection policy Data sharing In addition to the primary purposes, we are also legally obliged to share certain data with other public bodies such as HMRC and will do so where the law requires this; we will also generally comply with requests for specific information from other regulatory and law enforcement bodies where this is necessary and proportionate. Transfers outside the European Economic Area The University will only transfer data to countries outside the EEA when satisfied that both the party which handles the data and the country it is processing it in provide adequate safeguards for personal privacy. Details of such transfers and safeguards are on our website. Your rights You have the right to request access to, copies of and rectification or (in some cases) erasure of personal data held by the University and can request that we restrict processing or object to processing as well as (in some cases) the right to data portability (i.e. the right to ask us to put your data into a format that it can be transferred easily to a different organisation). If you wish to make use of one of these rights, please email your local contact. If we have asked for your consent in order to process your personal data you can withdraw this consent in whole or part at any time. To withdraw consent, please email your local contact, who will explain the consequences of doing so in any particular case and initiate proceedings for withdrawing consent. Complaints If you are unhappy with the way we have processed your personal data you have the right to complain to the Information Commissioner’s Office (ICO), but we ask that you raise the issue with our Data Protection Officer first. For information about reporting a concern to the ICO see their website: ICO guidance on reporting a data protection concern This article was published on 2024-10-08