Santander UK | 2018 General Data Protection Regulation | Events

Introduction

Your personal data is data which by itself, or with other data available to us can be used to identify you. We are Santander UK Plc, the data controller. This data protection statement sets out how we’ll use your personal data. You can contact our Data Protection Officer (DPO) at 201 Grafton Gate East, Milton Keynes, MK9 1AN if you have any questions.

This statement relates to the use of personal data obtained in relation to registration for events organised and arranged by us as well as attendance at and participation in the events. It covers the processing of personal data in relation to that event. Such events may include conferences, “Meet Buyers”, virtual and physical trade missions, webinars, roundtables, dinners, and recognition events. Any references to ‘we’ or ‘us’ are references to Santander UK Plc.

Where the personal data of two or more people are collected as part of this registration process or in relation to participation in the event, this data protection statement applies to each person separately.

The types of personal data we collect and use

As part of your registration for and participation in the event we’ll use your personal data for the reasons set out below. The personal data we use may be about you as an individual or in a business capacity and may include:

  • Full name, personal and business details including contact information (e.g. business address, business email addresses, mobile telephone numbers);
  • Personal data about other named individuals, e.g. guests that may accompany you to the event. You must have their authority to provide their personal data to us and share this data protection statement with them beforehand together with details of what you’ve agreed on their behalf
  • Participants at the event may be given the opportunity to indicate individual requirements, e.g. those relating to diet or mobility. This information will be processed only to ensure that these requirements are taken into account and will not be used or stored beyond that single event;
  • Photographs/pictures, presentations, audio and video recording of speakers and participants and live web streaming of this event may be taken. They may be reproduced in various media including our publications, websites, social networks, TV channels and the press, in connection with the event, or for further promotional activities; and
  • If you wish that your image or voice is not recorded and published, for compelling and legitimate grounds relating to your particular situation, please contact the event organisers who will accommodate your needs, if possible.

We will process your data in accordance with Data Protection legislation.

Providing your personal data

Where the provision of personal data is optional you will be told this. In all other cases you will need to provide the information if you want to register for and take part in the event.

Using your personal data: the legal basis and purposes

We collect and process your personal information for the following purposes:

  • Maintaining clear contact information for the event, visit, booking and provision of services.  We will hold your name, address, email address, phone number and other relevant contact details you provide to us, and will use this information to maintain contact with you to provide your requested services and manage their delivery.  We retain relevant information in our events record for 7 years after the most recent visit or event you attend.
  • Providing you with necessary and preferred services.  Where relevant, we will also collect data for the provision of services, your reason(s) for attending the event or visiting our premises, and/or any service preferences you request specifically (e.g. dietary requirements) as well as photos and videos of the event.  This may include you providing sensitive personal information.  We will not retain this information for any longer than necessary for the provision of the specific event or visit, which might require you to provide it on successive occasions.
  • Providing you with details of future events organised by us.  While we retain your contact information, we will contact you about future events we believe may be of interest to you providing you have given us explicit consent to do so.  Consent may be withdrawn at any time.
  • The operation of CCTV on our sites for the safety of our staff and visitors and to assist with the prevention and detection of crime.  Further details can be found by calling the number displayed on the CCTV signs displayed on our premises. Where events are held in venues not controlled by Santander, the venue owners will be responsible for the operation of their CCTV systems. For more information, please contact the venue owner.

We’ll process your personal data:

  1. As necessary to perform our contract or agreement with you for the relevant event:
  1. To take steps at your request prior to entering into it;
  2. To decide whether to enter into it;
  3. To manage and perform that contract; and
  4. To update our records.
  1. As necessary for our own legitimate interests or those of other persons and organisations, e.g.:
  1. For good governance, accounting, and managing and auditing our business operations;
  2. To monitor emails, calls, other communications, and activities relating to our dealings with you; and
  3. To contact you to request your participation in future events;
  1. As necessary to comply with a legal obligation, e.g.:
  1. When you exercise your rights under data protection law and make requests;
  2. For compliance with legal and regulatory requirements and related disclosures
  3. For establishment and defence of legal rights; 
  4. For activities relating to the prevention, detection and investigation of crime;
  5. To verify your identity, make credit, fraud prevention and anti-money laundering checks; and
  6. To monitor emails, calls, other communications, and activities relating to your dealings with us.
  1. Based on your consent, e.g.:
  1. When you request us to disclose your personal data to other people or organisations such as a company organising an event on our behalf, or otherwise agree to disclosures and;
  2. To send you marketing communications where we’ve asked for your consent to do so.

I’m free at any time to change my mind and withdraw my consent. The consequence might be that you can’t do certain things for me.

Sharing of your personal data

Subject to applicable data protection law we may share your personal data with:

  • The Santander group of companies* and associated companies in which we have shareholdings;
  • Sub-contractors and other persons who help us provide our events, products and services;
  • Companies and other persons providing services to us (e.g. to manage the event);
  • Our legal and other professional advisors, including our auditors;
  • In an emergency or to otherwise protect your vital interests;
  • To protect the security or integrity of our business operations; and
  • Anyone else where we have your consent or as required by law.

Criteria used to determine retention periods

The following criteria are used to determine data retention periods for your personal data:

  • Retention in case of queries. We’ll retain your personal data as long as necessary to deal with your queries in relation to the event
  • Retention in case of claims. We’ll retain your personal data for as long as you might legally bring claims against us; and
  • Retention in accordance with legal and regulatory requirements. We’ll retain your personal data after the event has come to an end based on our legal and regulatory requirements.

Your rights under applicable data protection law

Your rights are as follows (noting that these rights don’t apply in all circumstances and that data portability is only relevant from May 2018):

  • The right to be informed about our processing of your personal data;
  • The right to have your personal data corrected if it’s inaccurate and to have incomplete personal data completed;
  • The right to object to processing of your personal data;
  • The right to restrict processing of your personal data;
  • The right to have your personal data erased (the “right to be forgotten”);
  • The right to request access to your personal data and information about how we process it;
  • The right to move, copy or transfer your personal data (“data portability”); and
  • Rights in relation to automated decision making including profiling.

You have the right to complain to the Information Commissioner’s Office. It has enforcement powers and can investigate compliance with data protection law: ico.org.uk.

For more details on all the above you can contact our DPO or request the ‘Using My Personal Data’ booklet by asking for a copy from the event co-ordinator or online at santander.co.uk.

Group companies

For more information on the Santander group companies, please see the ‘Using My Personal Data’ booklet.

 

Santander UK plc. Registered office: 2 Triton Square, Regent’s Place, London, NW1 3AN, United Kingdom. Registered Number 2294747. Registered in England and Wales. www.santander.co.uk. Telephone 0800 389 7000. Calls may be recorded or monitored. Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. Our Financial Services Register number is 106054. You can check this on the Financial Services Register by visiting the FCA’s website www.fca.org.uk/register. Santander and the flame logo are registered trademarks. UK residents aged 18 or over with a business registered in the UK. We provide dedicated banking services for small to medium sized businesses with straightforward banking needs and up to two directors, owners (shareholders) or partners. Santander is a registered trademark.