Article 6(1)(f) of the GDPR says that we can process your data where it “is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data.”
You have the right to object to us processing your personal data on this basis.

To ensure that we provide you with the best service possible, we store your personal data and/or the personal data of individual contacts at your organisation as well as keeping records of our conversations, meetings, registered jobs and placements. We may also ask you to undertake a post mandate feedback survey to gain valuable insight into our key performance indicators as a business.
We think this is reasonable use of your data for our legitimate interests as an organisation providing various recruitment services to you.
NOTE – We will never share your details with any 3rd parties, without your permission.

SUPPLIER DATA:
We use and store the personal data of individuals within your organisation in order to facilitate the receipt of services from you as one of our Suppliers. We also hold your financial details, so that we can pay you for your services. We deem all such activities to be necessary within the range of our legitimate interests as a recipient of your services.

In certain circumstances, we are required to obtain your consent to the processing of your personal data in relation to certain activities. Depending on exactly what we are doing with your information, this consent will be opt-in consent.

Article 4(11) of the GDPR states that (opt-in) consent is “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.” This means that:

• you have to give us your consent freely, without us putting you under any type of pressure;
• you have to know what you are consenting to – so we’ll make sure we give you enough information;
• you should have control over which processing activities you consent to and which you don’t. We provide these finer controls within our privacy preference centre; and
• you need to take positive and affirmative action in giving us your consent.

We will keep records of the consents that you have given in this way. We will be able to rely on soft opt-in consent to market products or services to you which are related to the recruitment services we provide as long as you do not actively opt-out from these communications. You have the right to withdraw your consent to these activities. You can do so at any time, by sending an email with your details to mydataprivacy@icef.com.

Sometimes it may be necessary for us to process personal data and, where appropriate and in accordance with local laws and requirements, sensitive personal data in connection with exercising or defending legal claims. Article 9(2)(f) of the GDPR allows this where the processing “is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity”.
This may arise for example where we need to take legal advice in relation to legal proceedings or are required by law to preserve or disclose certain information as part of the legal process.

In order to propose and provide the best possible service to our customers and prospects, ICEF asks for details about the people that represent these companies and also for data about the companies themselves. We only ask for personal data that will genuinely help us to help you.

There are three main ways in which we collect your personal data:

• Directly from you via forms on our website or paper forms;
• Cookies and IP addresses and other data that is captured from website visits;
• From third parties (event participant lists) and other limited sources (e.g. online and offline research).

We may collect some or all of the information listed below to enable us to provide you, in the context of the services that we provide to your company or institution, with the best possible service:

• Name;
• Gender;
• Photograph;
• Contact details;
• In the case of visa support, birthdate and passport number
• IP address;
• The dates, times and frequency with which you access our services;
• Information relating to emails sent and opened and links clicked

This data is used so that we can communicate with you, either to propose our services or to deliver those services that your company has already contracted.

The main reason for using your personal data is to help us communicate with you as a prospective or current customer of ICEF either to propose relevant services or to deliver services that your company or institution has contracted.

In the context of ICEF Events, business to business networking events, we share your information with other participants of that event and other ICEF events. You give us your specific consent for this when you sign in to our scheduling platform.

All participants of our events attend for the specific purpose of building business relationships and as such, all our participants have a legitimate interest justification for continuing to contact each other after the events.

Otherwise, we do not share your personal data without your specific consent, except with third parties service providers that ICEF has contractually engaged to assist us in providing our service or; where we are legally obliged to do so. The full list of 3rd parties (Data Processors) is listed below.

ICEF does not store any personal data relating to people under 16.

We don’t collect much data about Suppliers – we simply need to make sure that our relationship runs smoothly. We’ll collect the details for our contacts within your organisation, such as names, telephone numbers and email addresses. We’ll also collect bank details, so that we can pay you. We may also hold extra information that someone in your organisation has chosen to tell us.

The main reasons for using your personal data are to ensure that the contractual arrangements between us can properly be implemented so that the relationship can run smoothly, and to comply with legal requirements.

We realise that you’re probably busy, and don’t want us to be contacting you about all sorts of things. To find the right balance, we will only use your information:

• To store (and update when necessary) your details on our database, so that we can contact you in relation to our agreements;
• To offer services to you or to obtain support and services from you;
• To perform certain legal obligations;
• In more unusual circumstances, to help us to establish, exercise or defend legal claims.

We may use your personal data for these purposes if we deem this to be necessary for our legitimate interests.

We share your information with associated third parties such as our service providers such as Salesforce and FinancialForce in order that we can manage our supply chain and pay our invoices on time.

We are committed to taking all reasonable and appropriate steps to protect the personal information that we hold from misuse, loss, or unauthorised access. We do this by having in place a range of appropriate technical and organisational measures. These include measures to deal with any suspected data breach.
If you suspect any misuse or loss of or unauthorised access to your personal information please let us know immediately by sending an email to mydataprivacy@icef.com.

We will delete your personal data from our systems if we have not had any meaningful contact with you for some time as it is likely your data will no longer be relevant for the purposes for which it was collected.

When we refer to “meaningful contact”, we mean, for example, communication between us (either verbal or written), or where you are actively engaging with our online services. We will also consider it meaningful contact if you communicate with us, either by verbal or written communication or click through from any of our marketing communications. Your receipt, opening or reading of an email or other digital message from us will count as meaningful contact.

One of the GDPR’s main objectives is to protect and clarify the rights of EU citizens and individuals in the EU with regards to data privacy. This means that you retain various rights in respect to your data, even once you have given it to us.

To get in touch about these rights, please contact us at mydataprivacy@icef.com. We will seek to process with your request without undue delay, and in any event within 30 days (subject to any extensions to which we are lawfully entitled). Please note that we may keep a record of your communications to help us resolve any issues which you raise.

This right enables you to object to us processing your personal data where we do so for one of the following four reasons:

• our legitimate interests;
• to enable us to perform a task in the public interest or exercise official authority;
• to send you direct marketing materials; and
• for scientific, historical, research, or statistical purposes.

The “legitimate interests” and “direct marketing” categories above are the ones most likely to apply to our website users, customers and suppliers. If your objection relates to us processing your personal data because we deem it necessary for our legitimate interests, we must act on your objection by ceasing the activity in question unless we can show that we have compelling legitimate grounds for processing which overrides your interests; or we are processing your data for the establishment, exercise or defence of a legal claim.

If your objection relates to direct marketing, we must act on your objection by ceasing this activity.

Where we have obtained your consent to process your personal data for certain activities (for example, for our marketing), you may withdraw this consent at any time and we will cease to carry out the particular activity that you previously consented to unless we consider that there is an alternative reason to justify our continued processing of your data for this purpose in which case we will inform you of this condition.

You may ask us to confirm what information we hold about you at any time, and request us to modify, update or delete such information. We may ask you to verify your identity and for more information about your request. If we provide you with access to the information we hold about you, we will not charge you for this unless your request is “manifestly unfounded or excessive”. If you request further copies of this information from us, we may charge you a reasonable administrative cost where legally permissible. Where we are legally permitted to do so, we may refuse your request. If we refuse your request we will always tell you the reasons for doing so.

You have the right to request that we erase your personal data in certain circumstances. Normally, the information must meet one of the following criteria:

• the data is no longer necessary for the purpose for which we originally collected and/or processed it;
• where previously given, you have withdrawn your consent to us processing your data, and there is no other valid reason for us to continue processing;
• the data has been processed unlawfully (i.e. in a manner which does not comply with the GDPR);
• it is necessary for the data to be erased in order for us to comply with our legal obligations as a data controller; or
• if we process the data because we believe it necessary to do so for our legitimate interests, you object to the processing and we are unable to demonstrate overriding legitimate grounds for our continued processing.

We would only be entitled to refuse to comply with your request for one of the following reasons:

• to exercise the right of freedom of expression and information;
• to comply with legal obligations or for the performance of a public interest task or exercise of official authority;
• for public health reasons in the public interest;
• for archival, research or statistical purposes; or
• to exercise or defend a legal claim.

When complying with a valid request for the erasure of data we will take all reasonably practicable steps to delete the relevant data.

You have the right to request that we restrict our processing of your personal data in certain circumstances. This means that we can only continue to store your data and will not be able to carry out any further processing activities with it until either:

One of the circumstances listed below is resolved;

• you consent; or
• further processing is necessary for either the establishment, exercise or defence of legal claims, the protection of the rights of another individual, or reasons of important EU or Member State public interest.

The circumstances in which you are entitled to request that we restrict the processing of your personal data are:

• where you dispute the accuracy of the personal data that we are processing about you. In this case, our processing of your personal data will be restricted for the period during which the accuracy of the data is verified;
• where you object to our processing of your personal data for our legitimate interests. Here, you can request that the data be restricted while we verify our grounds for processing your personal data;
• where our processing of your data is unlawful, but you would prefer us to restrict our processing of it rather than erasing it; and
• where we have no further need to process your personal data but you require the data to establish, exercise, or defend legal claims.

If we have shared your personal data with third parties, we will notify them about the restricted processing unless this is impossible or involves disproportionate effort. We will, of course, notify you before lifting any restriction on processing your personal data.

You also have the right to request that we rectify any inaccurate or incomplete personal data that we hold about you. If we have shared this personal data with third parties, we will notify them about the rectification unless this is impossible or involves disproportionate effort. Where appropriate, we will also tell you which third parties we have disclosed the inaccurate or incomplete personal data to. Where we think that it is reasonable for us not to comply with your request, we will explain our reasons for this decision.

You also have the right to lodge a complaint with your local supervisory authority. If you would like to exercise any of these rights, or withdraw your consent to the processing of your personal data (where consent is our legal basis for processing your personal data), please contact us by email at mydataprivacy@icef.com.

You may withdraw your consent to receive marketing communications only or all consent to receiving any communication from ICEF. Please note that we may keep a record of your communications to help us resolve any issues which you raise.

It is important that the personal information we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold your data.