CEME Conference Centre Privacy Notice
At CEME we are committed to protecting your privacy under the GDPR
The CEME DPO/ GDPR Owner ensures that this notice is made available to data subjects prior to collecting/processing their personal data. All Employees of CEME Conference Centre who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject’s attention and their consent to the processing of their data is secured.
This Notice may change over time and we advise our customers to check back and review the current Privacy Notice.
Last Updated : 17/05/2018
Who we are: CEME Conference Centre
CEME Conference Centre is a purpose-built events and conference venue located in East London, on the CEME Campus.
Our DPO/ GDPR Owner and data protection representatives can be contacted directly here: DPO@ceme.co.uk
The personal data we would like to collect from/process on you is: Personal data type
You the individual, data source companies to whom you have given consent, your company who have provided consent for you to be contacted
The personal data we collect will be used for the following purposes: Processing of agreements, contracts, proposals, provision of relevant information, marketing and promotion, charging purposes.
Our legal basis for processing for the personal data: You are a client or potential client of CEME Conference Centre; you have expressed interest in receiving information from CEME in respect of conference, meetings and events or venue hire; you have subscribed to our third party data partners for the supply to you of information relevant to the Meetings, Incentive, Conference & Events (MICE) industry; you have contacted us requesting information relevant to our products, services and facilities.
Any legitimate interests pursued by us, or third parties we use, are as follows: The marketing and promotion of CEME Conference Centre.
By consenting to this privacy notice you are giving us permission to process your personal data specifically for the purposes identified.
Consent is required for CEME Conference Centre to process personal data, but it must be explicitly given.
When we need consent to process your personal data we will ensure that we obtain it in an unambiguous way.
Where we are asking you for personal data we will always tell you why and how the information will be used.
If we need to process data which is special category of PII then we will do so only with explicit consent.
You may withdraw consent at any time by notifying CEME in writing via email to DSAR@ceme.co.uk, stating in the title ‘UNSUBSCRIBE’ and providing your name and email address or by clicking ‘UNSUBSCRIBE’ or ‘OPT-OUT’ in any correspondence received from CEME Conference Centre in line with our Withdrawal of Consent Procedure.
CEME Conference Centre will not pass on/share your personal data to third parties without first obtaining your consent
Your data will always remain confidential
Safeguards in place to protect your personal data from loss, misuse or alteration.
These measures include:
We lock doors and file cabinets, control access to our facilities, implement a clean desk policy, and apply secure destruction to media containing your Personal Data.
We use network and information security technologies such as anti-virus and endpoint protection software, encryption, intrusion detection and data loss prevention, and we monitor our systems and data center.
Personal Data Breaches
CEME takes every reasonable measure to prevent Personal Data breaches. If these do occur, we have a process in place to take swift action within our responsibilities. These actions will be consistent with the role we have in relation to the products, services or processes affected by the breach. In all cases, we will work together with affected parties to minimize effects, to make all notifications and disclosures that are required by applicable law or otherwise warranted, and to take action to prevent future breaches.
Storage of Your Personal Data
The data we collect from you may be stored, with risk-appropriate technical and organizational security measures applied to it, on in-house as well as third-party servers in the EU.
Links to Other Websites
Our websites may contain links to other websites, which are owned or operated by other companies. If you choose to visit any linked websites, we encourage you to review their privacy statements carefully, as they may differ from ours. We are not responsible for the content or privacy practices of websites that are owned by companies that are not within CEME.
We will process personal data within 6 months and will store the personal data for no more than 6 months after the usage date unless you are a client of CEME Conference Centre, in which case, your data will be retained until such time as you are no longer a client of CEME Conference Centre i.e. not having used CEME Conference centre within the previous 2 years. Verification of opt-in for data retention for all our clients will be sent to our clients annually. However, CEME are required to retain information in accordance with the law, such as information needed for income tax and audit purposes under which case, data will be retained in compliance with English Law for the stipulated period.
Your rights as a data subject
At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:
Right of access – you have the right to request a copy of the information that we hold about you.
Right of rectification – you have a right to correct data that we hold about you that is inaccurate or incomplete.
Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
Right to restriction of processing – where certain conditions apply to have a right to restrict the processing.
Right of portability – you have the right to have the data we hold about you transferred to another organisation.
Right to object – you have the right to object to certain types of processing such as direct marketing.
Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
Right to judicial review
in the event that CEME Conference Centre refuses your request under rights of access, CEME will provide you with a reason as to why. You have the right to complain as outlined below.
In the event that you wish to make a complaint about how your personal data is being processed by CEME or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and our DPO/ GDPR Owner.
The details for each of these contacts are:
Phone: +44 303 123 1113
Live chat: https://ico.org.uk/global/contact-us/live-chat/
Post: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.
This privacy notice tells you how CEME collect and use your personal data.
Why do we need to collect and store personal data?
1. You are a client or potential client of CEME Conference Centre therefore we need to obtain and hold your data for business and charging purposes
2. You have expressed interest in receiving information from CEME in respect of conference, meetings and events or venue hire or you have contacted us requesting information relevant to our products, services and facilities, therefore, we will send you the relevant information that you have requested
3. You have subscribed to our third party data partners for the supply to you of information relevant to the Meetings, Incentive, Conference & Events (MICE) industry. As a client of those data companies, we have the right to use that data to which you have opted in, providing in each and every correspondence sent to you, the option to ‘UNSUBSCRIBE’ or ‘OPT-OUT’ is clearly included in the correspondence
CEME Conference Centre are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy. The above conditions of consent include using your data for relevant marketing and promotional purposes, which CEME believe, are of interest to you as our client or as a potential MICE client
Will CEME Conference Centre share personal data with anyone else?
We will never pass your personal data on to third-party service providers or anyone else in the course of dealing with you.
How CEME use the personal data it collects
CEME will process the information you provide in compliance with the EU’s General Data Protection Regulation (GDPR). CEME will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. CEME are required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Under what circumstances we contact you
CEME’s aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
How can you find out about the personal data that CEME Conference Centre holds about you
At your request, CEME can confirm what information we hold about you and how it is processed. If we hold any personal data about you, you can request the following information:
Identity and the contact details of the person or organisation that has determined how and why to process your data. In some cases, this will be a representative in the EU.
Contact details of the data protection officer, DPO@ceme.co.uk
The purpose of the processing as well as the legal basis for processing.
If the processing is based on the legitimate interests of CEME Conference Centre, information about those interests.
The categories of personal data collected, stored and processed.
Recipient(s) or categories of recipients that the data is/will be disclosed to.
CEME will never transfer personal data to a third country or international organisation.
How long the data will be stored.
Details of your rights to correct, erase, restrict or object to such processing.
Information about your right to withdraw consent at any time.
How to lodge a complaint with the supervisory authority.
Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
The source of personal data if it wasn’t collected directly from you.
Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID you need to provide in order to access this?
We accept the following forms of ID when information on your personal data is requested:
1 Form of Photo ID, & 1 Utility Bill (from within the last 3 montths)
These will be destroyed after your Complaint has been concluded.
Contact details of the data protection officer DPO@ceme.co.uk
DPO, CEME Ltd, CEME Campus, Marsh Way, Rainham, Essex, RM13 8EU.
The fact that any communications with you relating to processing will be “in a concise, transparent, intelligible and easily accessible form, using clear and plain language”.
CEME are clear about how we use your data and the consequences/risks to you of consenting for us to process your data.
The legal basis for holding your data is contractual, business obligations as a client of CEME Conference Centre.
Wherever possible CEME will never request or hold any of the following information under ‘Special categories’ of personal data GDPR compliance which is classified under the Regulation:
* Ethnic origin
* Political opinions
* Religious beliefs
* Philosophical beliefs
* Trade union membership
* Genetic data
* Biometric data
* Health data
* Data concerning a natural person’s sex life
* Sexual orientation
Our Policy Documents: