We are the Embassy Group, comprising Embassy Network/Embassy Magazine/Embassy Events, divisions of Character Publishing Limited – referred to throughout this statement as Embassy Group
This privacy notice tells you how we, the Embassy Group, will collect and use your personal data for correspondence purposes and in relation to Embassy Network activities, including Embassy Magazine, Diplomatic Membership Clubs, Embassy Events and other diplomatic events, Publications and Journalistic Purposes.
- A definition of personal data, as defined under the General Data Protection Regulation (GDPR)
- The lawful basis we use for collecting your data
- Our policy of sharing data with third parties
- Where your data is processed
- How your data is processed
- Our policy relating to data retention
- Our policy on how we contact you
- Your rights to control over your data that we hold
Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:
Why does Embassy Group need to collect and store personal data?
In order for us to provide you with our services we need to collect personal data for correspondence purposes and/or detailed service provision. We are committed to ensuring that the information we collect and use is appropriate for this purpose, and does not constitute an invasion of your privacy.
For diplomats and locally employed staff at diplomatic missions
We process your data based on the consent you give us when subscribing to the Embassy Network to contact you with information about diplomatic events and/or news based on your preferences and the role you fulfil at your mission. There may also be a legitimate interest in contacting you for journalistic purposes in gathering information for Embassy Magazine or to invite you to Embassy Events (conferences and seminars based on your role at the mission or previous attendance). In terms of being contacted for marketing purposes The Embassy Group would contact you for additional consent.
For Diplomatic Suppliers
The Embassy Group confirms that the lawful basis for processing data is to process data to fulfil a contractual obligation, or prior to entering into a contractual obligation. The Embassy Group also confirms that there is a legitimate interest in processing data from previous attendees to their events. In terms of being contacted for marketing purposes Embassy would contact you for additional consent.
We will only pass your personal data on those third-party service providers and data processors contracted to the Embassy Group that are necessary for the purposes of us communicating with you (eg web-based email services such as Mail Chimp). Any third parties that we may share your data with are obliged to keep your details securely, and operate in accordance with the EU’s General Data Protection Regulations. This includes third party software providers including cloud-based solutions.
We will not share your data with third parties for the purposes of marketing without your explicit consent, nor will we pass on your personal data to other third parties without your explicit consent.
This policy sets out the basis on which any personal data we collect from you will be processed by us when you register online to attend an Embassy Event.
By registering for an Embassy Event, you consent to the collection retention and use of your personal information in accordance with the terms of this policy.
How we will use your information
- Prior to the event
The information you provide via the Embassy Events registration forms is processed and stored on our database hosted by MailChimp, a secure digital platform which complies with GDPR regulations. We will use this data to process your registration. We will also use it to contact you to prior to the event to provide you with important information pertaining specifically to the event.
- On the day
Delegates lists (including the name of the attendees and the organisation/mission they work for) will be distributed exclusively to attendees at the event. No contact details will be included. We will be taking photographs and posting about the event on social media and our website. By attending this event, you agree that Embassy Events/Embassy Magazine may use, reproduce, and/or publish in any way whatsoever (without any payment being due to you) any photographs and/or video/audio that may pertain to you (including your image, likeness and/or voice). Names will not be attributed to images. This material may be used (without limitation) in various publications, press releases, broadcast material, the Embassy Magazine website/s or for other related endeavours. This authorisation is continuous and may only be withdrawn with the prior written agreement of Embassy Events. If you do not wish for your photograph to be taken, please inform a member of the Embassy Events registration administrator email@example.com or inform the photographer on the day. If we wish to quote you, we will ask for your specific permission first.
We will contact those who attended the event to send them post-event information (such as presentations by speakers/panellists, where permission is given by the speaker/panellist). We will also contact event attendees to undertake post-event evaluation for the purpose of improving our events.
- Record retention
Registration lists and evaluation forms will be retained for five years for referral for future events and analysis purposes
We may transfer personal data to third party data processors in countries that are outside of the EEA, and have selected these data processors on their commitment to the appropriate international data protection agreements.
The Embassy Group will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary.
The Embassy Group is required to retain commercial data in accordance with UK law (7 years), such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Data retention – diplomats
The Embassy Group will retain the personal data of diplomats for five years or the duration of their diplomatic posting (whichever is shorter) at which point they will be contacted to enquire if they wish to remain on the London mailing list or be transferred to the Overseas List or deleted. Those on the Overseas List may continue to subscribe to Embassy Magazine indefinitely, should they choose to do so but can unsubscribe at any time. They will receive one additional communication annually to update their profile. Diplomats can unsubscribe from the list at any time.
Data retention – local staff
The Embassy Group will retain the personal data of locally employed staff who have subscribed to the Embassy Network for the duration of their employment at a diplomatic mission. They may unsubscribe from the list at any time. If employment at a diplomatic mission is terminated, the local member of staff will be removed from the list immediately.
Under what circumstances will the Embassy Group contact me?
Our aim is not to be intrusive. Embassy Magazine/Events will contact you based on your stated preferences at registration and according to the role you perform at your mission/international organisation. We undertake not to ask irrelevant or unnecessary questions or send you irrelevant information. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
How will Embassy Magazine use the personal data it collects about me?
Embassy Magazine will process (collect, store and use) the information you provide in a manner compatible with the EU’s General Data Protection Regulation (GDPR). We will endeavour to keep your information accurate and up to date, and not keep it for longer than is necessary. Embassy Magazine is required to retain information in accordance with the law, such as information needed for income tax and audit purposes. How long certain kinds of personal data should be kept may also be governed by specific business-sector requirements and agreed practices. Personal data may be held in addition to these periods depending on individual business needs.
Our aim is not to be intrusive, and we undertake not to ask irrelevant or unnecessary questions. Moreover, the information you provide will be subject to rigorous measures and procedures to minimise the risk of unauthorised access or disclosure.
The Embassy Group at your request, can confirm what information is held about you and how it is processed. You can request the following information:
- Identity and the contact details of the person or organisation that has determined how and why to process your data.
- The purpose of the processing as well as the legal basis for processing.
- If the processing is based on the legitimate interests of the Embassy Group or a third party, information about those interests.
- Recipient(s) or categories of recipients that the data is/will be disclosed to.
- If we intend to transfer the personal data to a third country or international organisation, information about how we ensure this is done securely.
- How long the data will be stored.
- Details of your rights to correct, erase, restrict or object to such processing.
- Information about your right to withdraw consent at any time.
- How to lodge a complaint with the supervisory authority.
- Whether the provision of personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract, as well as whether you are obliged to provide the personal data and the possible consequences of failing to provide such data.
- The source of personal data if it wasn’t collected directly from you.
- Any details and information of automated decision making, such as profiling, and any meaningful information about the logic involved, as well as the significance and expected consequences of such processing.
What forms of ID will I need to provide in order to access this?
The Embassy Group accepts the following forms of ID when information on your personal data is requested:
Passport, driving licence, birth certificate, utility bill (from last 3 months), etc.
Contact details of the GDPR Owner: