Purpose and lawful basis for processing
The Information Commissioner’s Office of the United Kingdom (hereafter “we”) currently acts as Chair and Secretariat for the International Conference of Information Commissioners (ICIC).
As part of its ICIC Secretariat work, we process the personal data of ICIC members, members of the Executive Committee, applicants and observers to the ICIC, conference speakers and members of the public who proactively engage with us via our communication channels.
Data is processed by us to further international cooperation amongst information commissioners as defined under the ICIC Charter and to fulfil our role as the ICIC Secretariat as set out in the ICIC Charter. This role includes data processing to handle member and observer applications, handle matters relating to the establishment of relevant ICIC Working Groups, facilitate ICIC events and communicate ICIC news and press releases to all interested parties (ICIC members and other stakeholders).
The lawful basis that we rely on to process this personal data is Article 6(1)(e) of the UK GDPR, which allows us to process personal data when this is necessary to perform our public tasks as a regulator.
Where the information processed is special category data, the lawful basis that we rely on to process this data is article 9(2)(g) of the UK GDPR, which also relates to our public task and the safeguarding of individuals’ fundamental rights and Schedule 1 part 2(6) of the UK Data Protection Act 2018, which relates to statutory and government purposes.
What personal data is processed
We process names and contact details to communicate with relevant individuals about the work of the ICIC and its events. We may also process photographs and biography information, or survey information received from members or individuals involved in ICIC activities or attending ICIC events, as well as health data relating to any dietary requirements or access needs.
What we do with it
We will use your name and contact details to correspond with you about the ICIC. This will include communicating with you about news and events and to distribute key messages from the ICIC Executive Committee.
Where we hold contact information for representatives of the media, we will use this to send you any press releases concerning the work of the ICIC.
Data will be shared with our data processors (see section on data processors below) when required to fulfil our role as ICIC Secretariat.
How long we keep it
We will retain this data for the duration of our tenure as Secretariat of the ICIC. This is currently scheduled to end in June 2021 at the next annual meeting of the ICIC. At that time, the next elected Chair and Secretariat will become the controller for this data.
What are your rights?
We process your personal data for our regulatory purposes, so you have the right to object to our processing of your personal data. There are legitimate reasons why we may refuse your objection, which will depend on why we are processing it.
We rely on your consent to process your contact details for the purpose of sending you ICIC news. This means you have the right to withdraw your consent, or to object to the processing of your personal data for this purpose at any time. If at any point you want to withdraw your consent to receive news updates or to our processing of your data more generally please email [email protected] or call us on (+44) 0303 123 1113 with your request. If you do that, we will update our records to reflect your wishes.
For more information on your rights, please see ‘Your data protection rights‘.
Do we use any data processors?
Yes – we use the following data processors:
- 1&1 Ionos (web host)
- Twitter (social media)
- Microsoft (email)
The website also uses an automated translation service which uses the third-party cookie (“googtrans”) which retains your preferred language for the duration of the session only.
Do we transfer data overseas?
Yes – we transfer data overseas from the United Kingdom, primarily to the members of the ICIC Executive Committee from Argentina, Bermuda, Brazil, Canada, Chile, Hungary, India, Kenya, Mexico, Nepal, Serbia, Sierra Leone, South Africa and Tunisia.
Controller’s contact details
The Information Commissioner’s Office (ICO) of the United Kingdom currently acts as the Secretariat and controller for the ICIC.
Our Data Protection Officer is Louise Byers. You can contact her at [email protected] or via the details given below.
There are many ways you can contact us, including by phone, email, live chat and post. More details can be seen here.
If you remain dissatisfied after having contacted our DPO, you can make a complaint about the way we process your personal information to the ICO as the UK supervisory authority. Complaints about us are handled in the same way as a complaint about any another organisation.