Guidance

Privacy notice for Charity Commission outreach events

Updated 13 December 2022

Applies to England and Wales

© Crown copyright 2022

This publication is licensed under the terms of the Open Government Licence v3.0 except where otherwise stated. To view this licence, visit nationalarchives.gov.uk/doc/open-government-licence/version/3 or write to the Information Policy Team, The National Archives, Kew, London TW9 4DU, or email: psi@nationalarchives.gov.uk.

Where we have identified any third party copyright information you will need to obtain permission from the copyright holders concerned.

This publication is available at https://www.gov.uk/government/publications/privacy-notice-for-charity-commission-outreach-events/privacy-notice-for-charity-commission-outreach-events

As part of its responsibility to ensure that charities meet their legal requirements, the Charity Commission hosts a number of face-to-face and digital outreach events.

This privacy notice explains how the Charity Commission processes your personal data (which may include special category types of data) when you book onto or attend Charity Commission outreach events.

This notice is supplemented by our main privacy notice which provides further information on how the Charity Commission processes personal data in respect of our statutory functions, and sets out your rights in respect of the personal data we process. As controller of your personal data, and if you require further information, please contact our Data Protection Officer by emailing DPO@charitycommission.gov.uk.

1. Personal information we collect for outreach events

When you request to book onto or attend any Charity Commission outreach event we ask for:

  • your contact details
  • details of the charitable organisation you are involved with

For face-to-face outreach events, we also ask for:

  • dietary requirements, access requirements and faith-based requirements

During a live digital outreach event, we will also collect personal data from Microsoft (MS) Teams Live Events’ Attendee Engagement Report – the level of personal data included in this report will depend on whether you choose to sign into the event using an MS account or not. Specifically:

  • for all attendees, the time you arrived and left the event and your user agent (a string of data which can identify which browser is being used, what version, and on which operating system) will be collected
  • for those who choose to sign into their MS account for the event, the full name and email address associated with the MS account will also be collected

Any personal information you provide as part of the event’s Questions and Answers (Q&A) function will be collected, where you choose not to do this anonymously.

2. How we use your personal data during a digital outreach event

The Commission’s digital outreach events are delivered through Microsoft (MS) Teams Live Events.

When attending digital outreach events, you are only able to interact via the written Q&A window in MS Teams Live Events – you are not audible or visible to the Commission or other attendees in any other way. You can opt to submit questions to the Commission team anonymously or provide a name in the Q&A window.

The Commission may publish these questions and any accompanying names during the live digital outreach event. Any personal data you include here would then be visible to other attendees, the Commission and any guest presenters but will not be retained after event follow-up activities have been completed (please see Section 4 for more information).

The Commission may also record digital outreach events for distribution via its social media platforms. However, any personal data provided will be removed from these recordings prior to their publication.

You can access a digital outreach event anonymously or by signing into an MS account. Please note that if you sign into an MS account to access the event, MS Teams Live Events will collect additional personal data as part of its standard Attendee Engagement Report (please see Section 1 above). After the event, the Commission will process this report from MS Teams Live Events in order to assess the impact of its engagement activities. However, the Commission will only extract and retain non-personal information related to your charity name and charity number. The report, including any personal data, will then be deleted by the Commission. For further information on how MS use your data, please refer to their privacy policy.

On occasion, the Commission may offer participants the opportunity to participate in a live poll during the webinar using Slido. Use of Slido during a Commission webinar is voluntary and can be anonymous. The Commission will not ask participants to provide any personal data through Slido, though participants may voluntarily opt to create a Slido profile. By participating in any live poll, Slido will collect users’ technical data. For further information, please see Slido’s privacy notice.

3. Why we need this information and what happens if you do not provide it

We need your contact details and certain special category data so that we can:

  • contact you about the outreach event you have selected to attend, for example, in order to provide you with joining instructions
  • ensure any specific requirements are catered for at face-to-face events
  • provide you with an optional name badge at face-to-face events
  • send relevant follow-up information after the outreach event
  • assist with any regulatory or customer service issues that arise

If you do not provide your details:

  • we will be unable to contact you to provide you with necessary information to attend the event, for example, joining instructions
  • we may be unable to cater for any faith-based, dietary or access requirements you may have
  • we will be unable to send you follow-up information after the event

4. How we will process your personal data

Personal data you provide is entered securely via the UK GDPR-compliant third-party booking system or MS Teams Live Event hosting platform. During a digital outreach event, any personal data submitted via the Q&A window may be visible to other attendees, the Commission and any guest speakers (as advertised in advance of the event) but will not be retained after the event – as explained in Section 2 above. All other personal data you provide will only be accessible to Commission staff responsible for managing outreach events and any necessary event partners – as explained in Section 7 below. The relevant privacy notices will be publicised in the event invitation and joining instructions.

A record of your charity name and charity number as well as the date of the event you attended will be transferred into the Commission’s internal record system where it will be held securely. Any identifiable personal data will be removed from Commission systems after the event, including delegate name and email address.

Prior to this removal of personal data, two follow up emails from the Commission will be sent to the email provided when using the UK GDPR-compliant third-party booking platform, which may include the joining instructions, anonymous pre- and post-event feedback questionnaires and the PowerPoint slides after the event. After the removal of personal data (please see Section 6 for more information), the Commission may contact charities that are recorded as having previously attended an outreach event in order to gain sector feedback to inform its planning and approach. These communications will not identify which individual attended the outreach event on behalf of the charity and will be directed towards the charity’s main contact address.

The table sets out the legal basis on which we process the information received when you book onto or attend a Commission outreach event.

When we ask for faith-based, dietary or access requirements, we require your explicit consent in order to process this type of data.

If you do not provide your consent this means that we may be unable to cater to your specific requirements when you attend the event.

Where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. If you are unsure how to withdraw your consent, please contact the Data Protection Officer above. You do not have the right to withdraw consent if the Commission is not relying on your consent to process your data.

6. How long we will hold your personal data

All information is held in line with the Commission’s retention policy. All personal data held by the Commission will be deleted within six months of each event as described above. An anonymous attendance record containing only the charity’s name and registration number will be retained. This retention period is in line with the length of time we need to keep a record of your charity’s attendance of an outreach event for our internal reporting purposes.

Personal data provided as part of the MS Teams Live Events Q&A function will be deleted following completion of that event.

7. Sharing of personal data

We will share your personal data in the following circumstances:

  • with third party processors, event partners and service providers such as venue managers at event venues
  • where it is necessary in order to further our statutory objectives or functions as laid out in charity law

The Commission’s digital outreach events may include guest speakers. The guest speaker will be able to view any personal data that you choose to submit via the Q&A window but will not access any other personal data collected by MS Teams Live Events.

8. Your rights

You have a number of rights under the General Data Protection Regulation, including the right to access your data and the right to restrict or object to further processing and the right to complain to the Information Commissioner’s Office (ICO). You can find out more about your rights as a data subject, and details of how to contact the ICO, in our main privacy notice.

Back to top