Public Events Data Use Notice
The Open Society Foundations (“Open Society”, “we”, “us”, “our”) are committed to upholding data protection laws and providing you with transparent information about how we deal with your data.
This data use notice (“Notice”) provides information about the data we collect from you when you attend a public event (“Public Event”), what we do with it, the legal basis for this, and the rights that may be available to you under relevant data protection laws.
If further personal data processing is required in connection with a Public Event, further notice will be provided to you at the time that data is collected.
Open Society has offices located throughout the world. You can learn more about where we are located on our Offices and Foundations page.
Our Communications team based in our New York office operates the website and manages the administration of Public Events. It does this in conjunction with the staff who organize each Public Event. For example, staff in our London, Berlin, or Washington, D.C., office might organize a Public Event and will work with the Communications team to publicize it and manage RSVPs through the website.
The data controller for each Public Event will therefore be the office(s) where organizing staff are based, with the Communications team in the United States acting as a joint controller. For information about the specific offices involved in Public Events you choose to attend, contact us by email to firstname.lastname@example.org.
All data sharing between our offices is supported by agreements that ensure data is kept secure and confidential, including protections for international transfers of data in compliance with applicable data protection laws.
Data We Process and the Purpose and Legal Basis
When you choose to attend a Public Event, we process your name and email address, as well your organizational affiliation and job title (if applicable) in order to manage RSVPs, attendance and send you relevant information about the Public Event. We do this on the basis of our legitimate interests in organizing Public Events. To facilitate your attendance and participation in a Public Event, we may also process any accessibility and/or dietary requirements you may have on the basis of your consent.
On the basis of our legitimate interest in raising awareness and distributing information about a Public Event, a recording of it may be made, which could be used within our newsletters or published on our website and social media channels. If a Public Event is going to be recorded, this will be announced in advance. For online Public Events, a recording indicator will be displayed in the video conferencing app in addition to the announcement.
When attending an online Public Event, in some circumstances you may choose to share your name, video, and audio by enabling your camera and microphone. If you do not wish to share your name, be visible, or recorded in an online event, please redact your name and/or turn your camera and microphone off when you join. If you are attending an in-person Public Event, any recording may capture video of audience members who are in the camera’s field of view. For both online and in-person Events, audio and video of anyone who speaks during the Event may be captured.
By attending a Public Event, you are accepting that you may be included in an audiovisual recording as described above, and, in the case of online events, may be visible to all other participants in the video conferencing application. We do not publish or publicly share Public Event attendee lists.
Data Sharing and Subprocessors
Sharing within the Open Society Foundations Network
Our Communications team, based in our New York office, administrates our Public Events, and your personal data will be shared with that office for this purpose. Depending on which office(s) is organizing the Public Event you attend, your data may also be shared with that office(s) on the basis of our legitimate interests in organizing, administrating, and facilitating Public Events. Some of these offices are based outside of the European Union (EU) or European Economic Area (EEA), where local laws may provide a lower standard of protection for personal data, but where an adequate level of protection is ensured by the use of data sharing agreements incorporating standard contractual clauses or other appropriate safeguards.
We work with certain carefully selected third-party service providers who perform data processing tasks on the basis of our legitimate interests in administrating Public Events. These include our email service and cloud computing providers that allow us to send emails related to attendance, manage RSVP lists, and present online Public Events. When attending an in-person Public Event, your name will be provided to the building front desk for security reasons to allow for entry to the premises. These third parties are engaged by us on terms which ensure confidentiality and compliance with data protection laws. A list of the subprocessors we engage is available upon request.
International transfers of data
Where applicable, international transfer safeguards are in place to ensure your data is protected, for example the Standard Contractual Clauses issued by the European Commission.
Sometimes, we partner with other, third-party organizations to deliver Public Events. In these situations, we may share your personal data with those organizations for the purpose of organizing the Public Event. Any personal data sharing will be subject to agreements between us and the third-party organization to ensure an adequate level of protection.
We are in the process of reviewing our retention periods and will publish those, once available, on our website. In general, we retain personal data only for as long as required to carry out the purpose it was collected for—in this case running a Public Event.
In some circumstances you may have certain rights in relation to your personal data under UK and EU data protection laws, including the right to request access to, rectification or erasure of your data, the right to object to processing, withdraw your consent, and to limit processing of your data.
These rights are generally only available if you are based in the United Kingdom or European Union and/or when our office(s) dealing with your personal data are in the United Kingdom or EU. If you would like to enquire about this Notice, how these rights may apply to you or to exercise these rights, contact us by email to email@example.com.