Under the definitions in the General Data Protection Regulation ((EU) 2016/679) (“GDPR”), The Crown Estate is the Data Controller for information we process from you to engage with you as a stakeholder. Should you decide to engage in one of our webinars, you will need to sign up to the Zoom service, and for your use of their service, Zoom will be the data controller. You can find the Zoom privacy information here: https://zoom.us/legal
Information we may collect from you
We may collect and process the following data about you:
- Information that you provide by filling in forms or providing information online to register an interest or to request further information;
- If you contact us by telephone, email, web form or letter, information that forms a record of that correspondence and your contact details;
- If you visit our premises in person, information to book you into the building and CCTV images we collect for health and safety and security purposes and to help us understand how our customers use our facility. We will also collect information in order to provide you with wi-fi services and for customer analysis at our site.
- Information you provide by responding to feedback requests, questionnaires, surveys and competitions and attending events.
We treat all such data as Personal Data for the purposes of GDPR.
If you decide to participate in one of our webinars, we may record the webinar and any contribution you make to it. For this recorded information, we remain the data controller and by making a contribution in a webinar you are giving us your consent to record that contribution and to use it for any purpose in relation to the subject of the wenbinar.
Where We Store Your Personal Data
The data we collect is stored on information technology systems owned and run by or on behalf of The Crown Estate or on systems run by those businesses processing it on our behalf, which are held entirely in the UK. All information you provide to us is stored on secure servers. Unfortunately, the transmission of information via the internet is not completely secure and although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted over the Internet to our site; any transmission is at your own risk. Once we have received your information, we will use all necessary procedures and security measures to try to prevent unauthorised access, loss, disclosure or amendment.
If you decide to participate in one of our webinars, you will need to sign up to the Zoom service, and to their terms and conditions. You should be aware that Zoom process your information in the US.
How Your Personal Data Will Be Processed
We use information about you in the following ways:
- To provide you with information on proposed developments, ideas and events in which you have expressed an interest;
- To notify you about news and progress of the developments, ideas and events in which you have expressed an interest;
- To gather and analyse your views and feedback through surveys, events and webinars;
- To ensure that your visit to our site is safe and secure.
We may give your personal data to third parties where:
- It is necessary for them to provide you with services on our behalf, including Zoom as our webinar provider;
- They provide profiling of our stakeholder base so we can understand our stakeholders better;
- We sell or buy any business or assets, in which case we may disclose your personal data to the prospective buyer or seller of such business or assets insofar as they relate to them;
- We are under a duty to disclose or share your personal data in order to comply with any legal obligation or in order to enforce agreements or contracts or to protect our rights, our property, or the safety of our customers or others. This includes exchanging information with other companies and organisations for the purposes of fraud prevention and credit risk reduction.
We will not share your personal data with any other third party or for the purposes of direct marketing.
You have the right of access to your information. This includes a description of the data being processed, the purposes of processing and any recipients to whom the data is disclosed. To exercise this right, you must make a Subject Access Request in writing to the Data Protection Officer at The Crown Estate, 1 St James’s Market, London SW1Y 4AH or firstname.lastname@example.org stating the information you require. We do not charge a fee. We may contact you to verify your identity or to clarify the precise information you require before processing your request, and will answer your request within one month.
You have the right to ask us not to process your personal data for direct marketing purposes. You can withdraw your consent to receive stakeholder marketing material at any time by contacting us on the address above or by ‘unsubscribing’ on any emails you receive from us.
You have the right to rectify your personal data at any time.
You have the right to have your personal data erased under certain conditions.
You have a right to restrict or object to some forms of data processing.
You have the right to prevent any unwarranted processing likely to cause damage or distress.
If you feel that a situation has arisen or may arise and you wish to learn more about these rights or to exercise those rights, please contact us on the address above. Please note that this will not include processing where it is necessary to fulfil a contract or where a legal obligation for us to process the information exists.