Legal

Data Protection of Delegate Information

Effective: 27 May 2026

1. Introduction

At SEE Change Happen Ltd, we are committed to protecting the privacy, dignity and security of delegate information. This policy explains how we collect, use, store and protect personal data relating to delegates who attend our workshops, events, training sessions, consultations and digital learning activities.

This policy should be read alongside our wider Privacy Policy, our Reasonable Adjustments Policy, and our Inclusive Access Policy.

This policy is intended to support compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018 and other applicable data protection requirements.

2. Scope

This policy applies to personal data collected or received by SEE Change Happen Ltd in connection with the planning, delivery, administration and evaluation of workshops, events, training, consultancy sessions and related digital services.

This may include delegate information provided directly by delegates, by client organisations, by event organisers, by partner organisations, or by reseller or referral partners where SEE Change Happen Ltd is engaged to deliver services.

3. Types of Personal Data We May Collect

The personal data we collect will depend on the nature of the service being delivered. It may include:

  • name and contact details, such as email address and telephone number;
  • professional information, such as job title, organisation, department or sector;
  • attendance information, such as event registration, participation and completion records;
  • accessibility, dietary, communication or reasonable adjustment requirements;
  • feedback, survey responses, evaluation comments or learning reflections;
  • questions or comments submitted before, during or after a session;
  • technical information where digital platforms are used, such as login, attendance or webinar participation data.

4. Special Category Data

Some delegate information may include special category data under UK GDPR. This may include information relating to health, disability, neurodivergence, religious or philosophical belief, racial or ethnic origin, sexual orientation, sex life, gender identity or other sensitive personal circumstances where a delegate chooses to share this information.

We only request or process special category data where it is necessary and relevant, for example to arrange reasonable adjustments, support inclusive participation, meet access needs, respond appropriately to delegate disclosures, or deliver a safe and effective learning experience.

Where we process special category data, we do so with additional care and only where we have both a lawful basis under Article 6 of UK GDPR and a relevant condition under Article 9 of UK GDPR. This may include explicit consent, substantial public interest, employment and social protection obligations, or another applicable condition depending on the context.

Delegates should not provide sensitive personal information unless it is relevant to the service being delivered or to their participation, access, safety or wellbeing.

5. Purposes for Using Delegate Data

SEE Change Happen Ltd may use delegate data for the following purposes:

  • planning, managing and delivering workshops, events, training and consultancy activities;
  • communicating with delegates before, during and after a session;
  • supporting accessibility, inclusion, safeguarding, dignity and reasonable adjustments;
  • providing joining instructions, learning materials, follow-up resources or certificates where applicable;
  • responding to delegate questions, concerns, feedback or complaints;
  • evaluating and improving the quality, relevance and impact of our services;
  • maintaining appropriate business, contractual, financial and audit records;
  • meeting legal, regulatory, contractual or safeguarding obligations.

6. Lawful Bases for Processing

We rely on different lawful bases depending on the purpose for which personal data is processed. These may include:

  • Contract: where processing is necessary to deliver agreed services, manage attendance, provide materials or administer a workshop, event or consultation.
  • Legitimate interests: where processing is necessary for our legitimate business interests, such as service improvement, delegate communication, client reporting, quality assurance and maintaining appropriate records, provided those interests are not overridden by the rights and freedoms of delegates.
  • Consent: where a delegate has given clear consent for a specific purpose, such as optional feedback, testimonials, photographs, recordings, marketing updates or the sharing of particular sensitive information.
  • Legal obligation: where processing is necessary to comply with a legal or regulatory duty.
  • Substantial public interest or employment/social protection obligations: where applicable to the processing of certain special category data in specific workplace, inclusion, equality or safeguarding contexts.

We do not rely on consent where another lawful basis is more appropriate. Where we do rely on consent, delegates may withdraw that consent at any time, without affecting the lawfulness of processing carried out before consent was withdrawn.

7. Reseller, Partner and Client Relationships

Where SEE Change Happen Ltd delivers services through a reseller, referral partner, host organisation or client organisation, the organisation that collects delegate data directly from delegates will usually be responsible for explaining how it uses that data within its own privacy information.

Where delegate data is shared with SEE Change Happen Ltd for workshop or event delivery, we use that data only for agreed delivery, administration, access, communication, evaluation and follow-up purposes, unless otherwise agreed or required by law.

Depending on the arrangement, SEE Change Happen Ltd may act as an independent controller, joint controller or processor. This will depend on who determines the purposes and means of processing. Where a specific data processing agreement, controller-to-controller agreement, supplier onboarding requirement or client data protection schedule is required, this should be agreed separately in writing.

8. Promotional Communications

We may send delegates service-related communications connected to a workshop, event, booking, enquiry or consultation. These may include joining instructions, access information, learning resources, evaluation forms and relevant follow-up information.

We will only send direct marketing communications where we have an appropriate lawful basis to do so. Where consent is required, delegates will be able to opt in and may unsubscribe or withdraw consent at any time.

9. Data Sharing and Disclosure

We do not sell or rent delegate information to third parties.

We may share delegate data where necessary with trusted third parties who support the delivery, administration or evaluation of our services. These may include:

  • event hosts, client organisations, reseller partners or booking organisations;
  • online meeting and webinar platforms;
  • learning management systems or digital learning platforms;
  • email, calendar, survey, polling or communication tools;
  • cloud storage, document management or CRM systems;
  • accounting, legal, insurance, professional advisory or compliance providers;
  • accessibility providers, such as captioners, interpreters or alternative-format suppliers, where required.

Where third-party providers process personal data on our behalf, we expect them to apply appropriate security and confidentiality measures and to process personal data only for agreed purposes. Where third parties act as independent controllers, they are responsible for their own data protection compliance.

10. Recordings, Images and Testimonials

We will not use identifiable delegate images, recordings, quotes, testimonials or case studies for promotional purposes without appropriate permission.

Where sessions are recorded, delegates will be informed in advance wherever practicable. Recording arrangements, access restrictions and retention periods may vary depending on the client, event platform and agreed delivery model.

11. Data Security

We use appropriate technical and organisational measures to protect delegate data against unauthorised access, loss, misuse, alteration, disclosure or destruction. These measures may include:

  • restricted access to delegate information on a need-to-know basis;
  • secure storage of digital records;
  • password protection, access controls and appropriate platform security settings;
  • secure sharing methods where sensitive information is involved;
  • staff awareness and training on confidentiality and data protection;
  • periodic review of data protection and information security practices.

12. Data Retention

We retain delegate data only for as long as necessary for the purposes for which it was collected, including delivery, administration, follow-up, evaluation, legal, contractual, accounting and safeguarding purposes.

As a general guide:

  • delegate lists and attendance records may be retained for up to 12 months after delivery unless a longer period is required by contract or law;
  • accessibility, dietary and reasonable adjustment information is normally deleted as soon as it is no longer needed after the event or programme, unless retention is necessary for follow-up, safeguarding, complaint handling or legal reasons;
  • feedback and evaluation data may be retained for up to 24 months, and may be anonymised where practical;
  • contract, financial and business records may be retained for up to 6 years where required for accounting, tax, insurance or legal purposes;
  • marketing preferences may be retained for as long as necessary to manage consent, suppression lists and unsubscribe records.

When personal data is no longer required, it is securely deleted, anonymised or archived where appropriate.

13. Delegates' Rights

Delegates have rights under UK data protection law. Depending on the circumstances, these may include the right to:

  • access their personal data;
  • request correction of inaccurate or incomplete data;
  • request deletion of their personal data;
  • request restriction of processing;
  • object to processing based on legitimate interests or direct marketing;
  • request data portability where applicable;
  • withdraw consent where processing is based on consent;
  • complain to the Information Commissioner's Office if they are unhappy with how their personal data has been handled.

Some rights are subject to legal limits and may not apply in every situation.

14. International Transfers

Some of the digital platforms or service providers we use may process or store personal data outside the United Kingdom. Where this happens, we will take reasonable steps to ensure that appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, international data transfer agreements or other lawful transfer mechanisms.

15. Data Breaches

If we become aware of a personal data breach affecting delegate information, we will assess the nature and risk of the breach and take appropriate action. Where required, this may include notifying affected individuals, relevant client organisations and/or the Information Commissioner's Office within applicable timescales.

16. Policy Updates

This policy may be updated periodically to reflect changes in our services, working practices, technology, legal requirements or regulatory guidance. The latest version will be published on our website.

17. Contact Information

Questions, comments and requests regarding this Data Protection of Delegate Information Policy should be emailed to info@seechangehappen.co.uk.

You also have the right to raise concerns with the Information Commissioner's Office. Information is available at https://ico.org.uk/.

© 2023–2026 Joanne Lockwood, All Rights Reserved. Reg No: 13138905, Registered Address: 1 The Briars Waterberry Drive Waterlooville PO7 7YH.

On this page