Client's Platform Privacy Notice - Guidance & Process
We have made the process regarding privacy notices simpler and easier to use. Rather than requesting a CrowdComms support resource to up date the privacy notice, this can now be done directly via the CMS.
CrowdComms’ clients are data controllers of the personal data collected from individuals who attend or speak at events hosted on the CrowdComms platform. We call these individuals “Attendees”.
If the CrowdComms client is data processor (e.g. an event management company) then their end client is the data controller.
CrowdComms is a data processor of this personal data – we process this data on our platform on behalf of our clients.
Under UK data protection laws, data controllers must notify data subjects (in this case, the Attendees) of who they are, what they do with data subjects’ personal data and data subjects’ rights, for example, to request erasure of their personal data. Data controllers must provide this notification to data subjects at the time their personal data is collected from them.
We call the notice that data controllers must provide to data subjects a “Privacy Notice”.
To help our clients fulfil their notification obligations to Attendees we arrange for a pop-up box to appear when Attendees log into the event platform. This pop-up box contains wording about privacy and a link to a Privacy Notice.
All clients should have their own Privacy Notice which we can link to. However, we have created a Privacy Notice that our clients can use (a “Client’s Privacy Notice”) if they do not have a Privacy Notice of their own or if they would rather use our version.
Please note: clients use our Client’s Privacy Notice at their own risk. CrowdComms makes no representations, warranties or guarantees that the Client’s Privacy Notice is fit for purpose or that it complies with relevant data protection laws and, to the maximum extent permitted by law, CrowdComms disclaims and excludes any liability in respect of its contents. Clients should consider the contents of the Client’s Privacy Notice carefully to ensure that it is appropriate for them, make any necessary changes and take legal advice on its contents.
Process
At the start of the project, ensure that the client is aware that they should be providing a privacy notice that is relevant to how they will be processing data for the eventWithin the CMS (Settings > Terms and Conditions) you can overwrite the generic privacy notice with the one provided by the clientEnsure the Synopsis (pop-up text) is edited to ensure it is relevant to how the client will be processing the dataIf the client does not have a privacy notice and would like to use the generic one provided, they must ensure that they process the data as documented (or edit the generic version to maintain relevance)The client must state their name (section 2. Controller) and enter all contact details in the "Contact details" section along the date it was updated (Section 2, Changes to the privacy notice and your duty to inform us of any changes).Once completed the task can be checked off in Wrike as "Complete"The process above will also be incorporated into the final QC process
Please raise any questions with your manager.