1     Introduction

Welcome to the Clear Futures Supply Chain Webinar Privacy Notice (“Privacy Notice”).

Clear Futures is a partnership between Eastbourne and Lewes Councils and strategic delivery partners AECOM and Robertson.  When we refer to “we”, “our”, “us”, or “Robertson” in this Privacy Notice we are referring to the Robertson Group (“Robertson Group”).  The Robertson Group consists of two business groups with a range of companies as detailed on our website (https://www.robertson.co.uk/legal). 

This Privacy Notice provides information on how the Robertson Group collects, uses and processes your personal data in connection with your attendance at the Clear Futures Supply Chain Webinar (the “Webinar“), where you are attending as a guest, speaker, exhibitor or representative of an organisation (“you“).

This Privacy Notice does not form part of any contract.

The Robertson Group is the controller of your Personal Data when it is used in the ways outlined in this Privacy Notice and is responsible for handling it in accordance with Data Protection Legislation.

Please see Section 3 for an explanation of the capitalised terms used in this Privacy Notice.

It is important that you read and retain this Privacy Notice, together with any other privacy notice(s) we may provide on specific occasions when we are collecting or processing Personal Data about you, so that you are aware of how and why we are using such information and what your rights are under the Data Protection Legislation.

Our contact details

If you have any questions about this Privacy Notice or about how we handle your Personal Data, please contact our Data Protection Officer at: dpo@robertson.co.uk.

If you are unhappy with how we handle your Personal Data you can:

• submit a complaint to our Data Protection Officer; and or
• notify the Information Commissioner’s Office (ICO) by calling their helpline on 0303 123 1113.

We would appreciate the chance to deal with your concerns before you approach the ICO.

Changes to this Privacy Notice

The Robertson Group reserves the right to update or amend this Privacy Notice at any time, including where Robertson intends to further process your Personal Data for a purpose other than that for which the Personal Data was collected or where we intend to process new types of Personal Data.  We will issue you with a new privacy notice when we make significant updates or amendments. We may also notify you about the processing of your Personal Data in other ways.

2    Definitions

3.1        “Data Protection Legislation” means the Data Protection Act 2018 (DPA 2018); the UK GDPR as referred to in section 3(10) (as supplemented by section 205(4)) of the DPA 2018; the Data (Use and Access) Act 2025; and / or any other applicable data protection legislation applicable in any part of the United Kingdom.

3.2        “ICO” means the UK Information Commission’s Office, the UK supervisory authority for data protection issues.

3.3        “Personal Data” means, for the purpose of this Privacy Notice, any information identifying you as a specific individual. It can identify you directly from that information alone or indirectly in combination with other information we hold or can reasonably access.  As well as identifying you as a specific individual, to be Personal Data, the data must also relate to you.  Truly anonymous information is not Personal Data.

3    Lawful Basis

To process your Personal Data, we need to be able to rely on one of the following Lawful Basis:

• Consent: you have given your consent for us to process your Personal Data for that purpose.
• Contract: the use of your Personal Data is necessary for the performance of a contract we have with you, or because you have asked us to take specific steps before entering into a contract.
• Legal Obligation: the use of your Personal Data is necessary for us to comply with law.
• Vital Interests: the use of your Personal Data is necessary to protect your vital interests e.g. your life.
• Public Task: we need to process Personal Data (a) in the exercise of official authority (e.g. public functions and powers that are set out in law) or (b) to perform a specific task in the public interest that is set out in law.
• Legitimate Interests: the use of your Personal Data is necessary for legitimate interests pursued by us or a third party. Before we rely on this Lawful Basis we will balance your interests against the legitimate interests pursued by us. In particular, if you would not reasonably expect your Personal Data to be used in a certain way, or it would cause unwarranted harm, your interests are likely to override the legitimate interests. However, your interests do not always have to align with the legitimate interests.

4    What types of Personal Data do we collect about you

Robertson collects, processes, stores and uses, a range of Personal Data about you when you take part in the Webinar:

6.1       Contact Data including first name, last name, email address, job title, organisation and any other information you provide to us when signing up to attend and/or participate at the Webinar.

6.2       Identity data: a head shot or any other photograph(s) of you, video(s) (without audio) of you / video(s) (with audio) of you / audio recording(s) of you to be included in marketing materials regarding the Webinar and made available after the Webinar for other suppliers to view.

5    How do we collect your personal data

Robertson collect your Personal Data in connection with your attendance and/or participation at the Webinar. This may include:

• Email correspondence exchanged with you about your participation and/or attendance at the Webinar;
• Information obtained as part of the registration process either directly or via your nominated third-party agent;
• Email correspondence and any other form of discussion with you to confirm your requirements or to make necessary adjustments for you (e.g., for accessibility);
• Video(s) (with audio) of you / audio recording(s) of you of taken during the Webinar using Microsoft Teams; and
• Feedback you provide after the Webinar.

6    Why do we collect your Personal Data

We have set out below in the table all the ways we plan to use your Personal Data, and which of the Lawful Basis and, if applicable, any Additional Condition we rely on to do so. We have also identified what our Legitimate Interests are where appropriate.

We use the following definitions in the table:

A          Webinar Delivery

• To communicate with you about the Webinar
• To monitor the delivery of the Webinar

B          Service Improvement

• To understand how well the Webinar was managed
• To tailor our future events
• To understand whether anything needs to be changed for future events

C          Marketing

• To record the event by creating photograph(s) of you, video(s) (without audio) of you / video(s) (with audio) of you / audio recording(s) of you
• To share a recording of the event with those that attended.[OP1] 

Purpose	Data Types	Lawful Basis / Additional Condition
Webinar Delivery	Contact Information Role Information Identity data	Legitimate Interests – for administrating attendance and communicating with you about the Webinar.
Service Improvement	Feedback information	Legitimate Interests – provision of feedback is optional and processed only for evaluating and improving future events we may organise in the future.
Marketing	Photographs and Videos (Identity Data)         Recording of the webinar[OP2]	Consent – it is optional to show your video during the Webinar. We will seek your permission before using any photograph(s) and/or video(s) and/or audio(s) of you for internal or external publication. Consent – we will seek your permission to share a recording of the webinar.

7    Who do we share your Personal Data with?

Your Personal Data might be shared internally within Robertson Group business units or business functions, including with members of the Marketing Department, Procurement & Supply Chain department, Health & Safety and other Robertson Group functions and employees, if access to your Personal Data is necessary for the performance of their roles.

We may share your Personal Data with:

• Microsoft Teams, which is the platform used to deliver the webinar and is the primary data processor.
• Press agencies, journalists or on social media platforms (or similar online platforms) such as LinkedIn (Photographs and Videos only);
• Subsidiary or parent companies of the Robertson Group;
• Regulators, government departments, law enforcement authorities, tax authorities, professional advisors, financial institutions including but not limited to: Police Scotland, National Crime Agency, lenders, HMRC, UK Visas and Immigration department, the Health and Safety Executive or other tax authorities;
• In response to a court order;
• Persons in connections with any sale, merger, acquisition, disposal, re-organisation or similar change in the Robertson Group Business; and/or
• Any person authorised on your behalf.
• To registered attendees and other interested parties, we may share a recording of the webinar.

8    How does Robertson protect your Personal Data?

Robertson has procedures in place to deal with a suspected breach, and we will notify the Information Commissioner’s Office (or any other applicable supervisory authority or regulator) and you of a breach where we are legally required to do so.

9    How long does Robertson keep your Personal Data?

Robertson will only retain your Personal Data for as long as it is necessary to fulfil the purposes for which it was collected and processed, including for the purposes of complying with any legal, tax, health and safety, reporting or accounting requirements.  

All contact data will be deleted 1 year after the Webinar.

Webinar recordings and associated marketing materials will be retained for 1 year for future reference purposes.

To determine the appropriate retention period for Personal Data, we consider the amount, nature, and sensitivity of the Personal Data, the potential risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

In some circumstances you can ask us to delete Personal Data: please see section 11 below. 

In some circumstances we may anonymise your Personal Data so that you can no longer be identified. In this case, we may retain such information for a longer period without further notice to you.

10   Your rights in connection with your Personal Data

It is important that the Personal Data we hold about you is accurate and up to date.  Please keep us informed if your Personal Data changes, e.g. you change your home address, during your engagement with Robertson so that our records can be updated.  Robertson cannot be held responsible for any errors in your Personal Data in this regard unless you have notified Robertson of the relevant change.

As a data subject, you have a number of statutory rights. Subject to certain conditions, and in certain circumstances, you have the right to:

• Request access to your Personal Data – this is usually known as making a data subject access request and it enables you to receive a copy of the Personal Data we hold about you and to check that we are lawfully processing it.
• Request rectification of your Personal Data – this enables you to have any inaccurate or incomplete Personal Data we hold about you to be corrected, though we may need to verify the accuracy of the new data you provide to us.
• Request the erasure of your Personal Data (known as the right to be forgotten) – this enables you to ask us to delete or remove your Personal Data where there’s no compelling reason for its continued processing, e.g. it’s no longer necessary in relation to the purpose for which it was originally collected.  You also have the right to ask us to delete or remove your Personal Data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your Personal Data to comply with local law.  Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request.
• Restrict the processing of your Personal Data – this enables you to ask us to suspend the processing of your Personal Data, e.g. if you contest its accuracy and so want us to verify its accuracy.
• Object to the processing of your Personal Data – this enables you to ask us to stop processing your Personal Data where we are relying on the legitimate interests of the business as our basis for processing and there is something relating to your particular situation which makes you decide to object to processing on this ground.  You also have the right to object where we are processing your Personal Data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
• Data portability – this gives you the right to request the transfer of your Personal Data to another party so that you can reuse it across different services for your own purposes.
• Withdraw consent – you can withdraw your consentat any time where we are relying on consent to process your Personal Data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent.  If you withdraw your consent, we may not be able to provide certain benefits, products or services to you.  We will advise you if this is the case at the time you withdraw your consent.

You will not usually have to pay a fee to access your Personal Data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

We may need to request specific information from you to help us confirm your identity and ensure your right to access your Personal Data (or to exercise any of your other rights). This is a security measure to ensure that Personal Data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.

We may not always be able to comply with your request to exercise your rights for specific legal reasons which will be notified to you, if applicable, at the time of your request.

Further details about your rights can be found on the ICO’s website at https://ico.org.uk/. 

To exercise your rights, contact the DPO at dpo@robertson.co.uk. 

11   Automated Decision Making

Automated decision-making takes place when an electronic system uses Personal Data to make a decision without human intervention.

There is no automated decision making in any part of the process used for managing the delivery of the Webinar.  We will notify you in writing if this position changes.

12   International Transfers

The Personal Data we process about you will usually be held in the UK or the EEA.  Where we transfer data outside the UK or EEA we will ensure that the transfer is to a country covered by an adequacy regulation, or we put in place other appropriate safeguards such as an international data transfer agreement.

13   Consequences of not providing data

When we rely on the Lawful Basis of Legal Obligation and you fail to provide certain information when requested, we may be prevented from complying with our legal obligations. In each of these instances we may be required to prevent you from attending and/or participating at the Webinar.  We cannot be liable for any consequences of such action caused by your failure to provide required Personal data.

---