This Appendix applies where the Informa Controller you are dealing with is in the EU or UK or where an Informa Controller outside the EU or UK provides services to you if you live in the EU or UK.
How and why we use personal information
Consent: where you have consented to our use of your information (you will have been presented with a consent form in relation to any such use and may withdraw your consent through the contacting the Divisional Database team via the details provided in the Marketing section.
Contract performance: where your information is necessary to enter into or perform our contract with you.
Legal obligation: where we need to use your information to comply with our legal obligations.
Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.
Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.
International transfer of personal information
Certain countries outside the European Economic Area (EEA) and UK have been approved by the European Commission as providing essentially equivalent protections to EEA and UK data protection laws and therefore no additional safeguards are required to export personal information to these jurisdictions. In countries which have not had these approvals, we will either ask for your consent to the transfer or transfer it subject to European Commission approved contractual terms that impose equivalent data protection obligations directly on the recipient, unless we are permitted under applicable data protection law to make such transfers without such formalities.
If you have any questions in relation to our use of your personal information, contact us. Under certain conditions, you may have the right to require us to:
- Provide you with further details on the use we make of your information
- Provide you with a copy of information that you have provided to us
- Update any inaccuracies in the personal information we hold
- Delete any personal information the we no longer have a lawful ground to use
- Where processing is based on consent, to withdraw your consent so that we stop that particular processing
- Cease direct marketing to you
- Where we undertake wholly automated decision making which results in the creation of a legal obligation or a similar significant impact, you may request that we provide information about the decision-making methodology and ask us to verify that the automated decision has been made correctly. We may reject the request, as permitted by applicable law, including when providing the information would result in a disclosure of a trade secret or would interfere with the prevention or detection of fraud or other crime. However, generally in these circumstances we will verify that the algorithm and source data are functioning as anticipated without error or bias or if required by law adjust the processing
- Object to any processing based on the legitimate interests ground unless our reasons for undertaking that processing outweigh any prejudice to your data protection rights
- Restrict how we use your information whilst a complaint is being investigated
Your exercise of these rights is subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights we will check your entitlement and respond in most cases within a month.
We hope to resolve any privacy concerns you may have. If you are not happy with our response, or you believe that your data protection or privacy rights have been infringed, you can complain to any supervisory authority or other public body with responsibility for enforcing privacy laws.
In the UK, the UK Information Commissioner’s Office regulates and enforces data protection law. Their procedures can be found at www.ico.org.uk.
In the Netherlands, the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) regulates and enforces data protection law. Their procedures can be found at www.autoriteitpersoonsgegevens.nl.