BIMR 2025 Registration Form Privacy Notice

Published 10/03/2025   |   Last Updated 13/03/2025

BIMR 2025 Registration Form - Privacy Policy (PDF)

 

Privacy Notice

BIMR Conference 2025, Cardiff

 

Our contact details

Any queries regarding our use of your information should be sent to the Data Protection Officer at:  

 

Data.Protection@senedd.wales

 

0300 200 6565  

 

How will your information be used?

The information we are collecting will be used to register you to attend the British Islands and Mediterranean Region (BIMR) Conference taking place from 17th June to the 20th June 2025, and for us to make any necessary accommodations for you. We may contact you using the contact information you provide for feedback on the event after it has concluded.

 

The Senedd Commission is the data controller of the information you provide and will ensure it is protected and used in line with the UK’s data protection legislation.

 

 

What information are we processing?

We will be processing the following information:

 

About the delegate:

 

  • Your name (first name and surname);
  • Title (e.g., Mrs, Miss, Ms, Mr, Dr, Hon, Lord, Baroness, etc.);
  • Parliamentary abbreviation (e.g., MS, MP, MLA, MLC, MSP, etc.);
  • Your contact telephone number (including international dialling code);
  • Your email address;
  • Your dietary and accessibility requirements;
  • Information about whether you are attending with a personal carer and your accommodation arrangements;
  • Confirmation of attendance at various events during the course of the Conference;
  • Biographical details (e.g., year of election/appointment, current position held in Parliament/Government, name of political party, career summary, participation in past CPA Conferences and Events, interests) (if applicable)
  • A portrait photo of yourself.

 

 

Why are we processing it?

The Senedd Commission is collecting this information to ensure the health and safety of delegates when attending the Conference, to ensure that the Conference is accessible to delegates, and to ensure that reasonable adjustments can be provisioned for delegates whilst  attending the Conference.

 

This information will also be used for Security purposes including providing delegates with Conference lanyards, and to ensure that delegates have all the information they require to participate fully in the Conference programme.

 

Who will have access to the information?

The information will be accessible to a small number of individuals from the Senedd Private Office, as well as a small number of individuals from relevant departments including Security, Catering, Events, and Reception.

 

Will the information be shared with any third parties, or publicised?

Relevant information will be shared with St. David’s Hotel as the designated Conference hotel to allow them to cater their rooms and conference facilities to the needs of delegates.

 

Any biographic information provided by delegates will be packaged within a conference booklet that will be shared with delegates before/during the Conference. Photographs and videos may be used by the Senedd social media accounts or published on the Senedd website. Information about how we process photos and videos can be found within our Communications and Engagement Privacy Notice.

 

We will also share photos and videos from the event with the CPA. Information about how they use personal data can be found here:

 

 

Storage, retention and deletion

The information will be stored securely on our ICT systems which includes third party cloud services provided by Microsoft. We may also use of Microsoft’s artificial intelligence tools to process your information. Any transfer of data by Microsoft outside of the EEA is covered by contractual clauses under which Microsoft ensure that personal data is treated in line with domestic legislation. To find out more about how Microsoft will use your information, you can read their privacy statement here.

 

Most of the information processed will be deleted securely within 7 days of the Conference ending. The Senedd Commission will then retain a list of delegates’ names and contact details for a period of 6 months for the purposes of Health and Safety, Security, and gathering feedback regarding the Conference itself.

 

Legal basis for processing Personal Data

Data protection law sets out various legal bases which allow us to collect, hold and use your personal information. For the purpose of processing the personal data you provide, we rely on the following legal bases:

 

Article 6(1)(e) Public Task – the processing is necessary for the performance of a task carried out in the public interest.

 

Schedule 2, Paragraph 5(1) of the Government of Wales Act 2006 states that “the [Senedd] Commission may promote public awareness of –

(b) the current or any pending system of devolved government in Wales.”

 

The hosting of the BIMR Conference in 2025 serves to promote both the Senedd and the government of Wales. The processing of personal data associated with registering delegates to attend the conference is necessary for the performance of this task.

 

Legal basis for processing Special Category Data

Article 9(1) GDPR defines special category personal data as including personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

 

Where any special category personal data is provided, the legal basis for processing will be that: It is necessary for reasons of substantial public interest (pursuant to Article 9(2)(g) UK GDPR read with paragraph 6(2)(b) of Schedule 1 to the DPA 2018).

 

Sharing data

In the event of a request for information being made under access to information legislation, it may be necessary to disclose all or part of the information that you provide. We will only do this if we are required to do so by law.  

 

 

Your rights

As a data subject, you have a number of rights. The rights which apply depend on the legal bases we are relying on to use your personal information. Those rights will not apply in all instances, and the Commission will confirm whether or not that is the case when you make a request.

The rights include the right to request access to your own personal information, sometimes called a ‘subject access request’.

Additionally, you have the right to request from us:

  • that any inaccurate information we hold about you is corrected (please note that you are required to keep us up to date with any changes to your personal information);
  • that information about you is deleted (in certain circumstances);
  • that we stop using your personal information for certain purposes or in certain circumstances; and
    that your information is provided to you or a third party in a portable format (again, in certain circumstances).

 

If you would like to engage any of the rights that you have under data protection legislation ask a question or make a complaint about how your information is used.

 

 

Making a complaint

You can complain to the Data Protection Officer if you are unhappy with how we have used your data. Contact details can be found above.

 

If, following a complaint, you remain dissatisfied with our response, you can also complain to the ICO.

 

The ICO’s address:   

Information Commissioner’s Office 

Wycliffe House 

Water Lane 

Wilmslow 

Cheshire 

SK9 5AF 

 

Helpline number: 0303 123 1113

Helpful Links

Related

No results were found