Document Information

Version Control

Table of Contents

1. Policy Statement…………………………………. 4
2. Responsibilities…………………………………… 4
3. Personal Data……………………………………… 4
4. Privacy Statement……………………………….. 4
5. Consent……………………………………………… 5
6. Recording of Digital Events…………………… 5
7. Digital Marketing Service Providers……….. 6
8. Your Rights as a Data Subject……………….. 6
9. Opt-In & Out Procedures……………………… 6
10. Retention Period……………………………… 7
11. Complaints……………………………………… 7
12. Contact details of the Data Protection Officer…………………………………………….. 7
13. Document Owner and Approval………… 7

1.      Policy Statement

Winmark is committed to protect the privacy and information security of the people who they work with. All data subjects whose personal data is collected are stored and handled in line with the requirements of the General Data Protection Regulation (GDPR).

Your information will be held by Winmark Limited, the owner of all Winmark C-Suite Networks and the C-Suite Academies and C-Suite Research businesses.

2.      Responsibilities

The Data Protection Officer is responsible for ensuring that this notice is made available to data subjects prior to Winmark collecting/processing their personal data.

All employees of Winmark who interact with data subjects are responsible for ensuring that this notice is drawn to the data subject`s attention and their consent to the processing of their data is secured.

3.      Personal Data

Under the EU’s General Data Protection Regulation (GDPR) personal data is defined as:

“any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

4.      Privacy Statement

We may share your personal information with Winmark entities and our service providers, insurers and regulators. This may involve transferring your information cross border, such as from the EEA to jurisdictions outside the EEA where the law may provide less protection for personal information.

When we share personal information with such parties we typically require or disclose such personal information in a manner consistent with the use and disclosure provisions of this Privacy Policy that they only use.

Further, your personal information may be disclosed:

• as permitted or required by applicable law or regulatory In such a case, we will endeavour to not disclose more personal information than is required under the circumstances;
• to comply with valid legal processes such as search warrants, subpoenas or court orders;
• as part of Winmark regular reporting activities;
• to protect the rights and property of Winmark;
• during emergency situations or where necessary to protect the safety of a person or group of persons;
• where the personal information is publicly available; or
• with your consent where such consent is required by law

• to respond to your requests;
• to create value specific to your needs;
• to make connections;
• to conduct research;
• to conduct training;
• for administrative and management purposes;
• to assist Winmark communicating with you and;
• for other legitimate business interests with regard all its business, charitable and ethical activities and legal obligations.

5.      Consent

By providing us with your information you are consenting to this privacy notice and you are giving us permission to process your personal data specifically for the purposes identified. You may be asked to share personal information, preferences and needs.

You may withdraw consent at any time in writing by contacting the Data Protection Officer.

6.      Recording of Digital Events

We sometimes record our digital events and make the recording available to members of our network. Winmark is the Data Controller responsible for the personal information that you may provide. Our approved Data Processors providing video conferencing technology are listed below, you should familiarise yourself with their privacy policies:

• Zoom: https://zoom.us/privacy
• Microsoft (MS Teams): https://privacy.microsoft.com/en-gb/privacystatement
• Google: https://cloud.google.com/security/privacy
• GoToMeeting: https://www.logmeininc.com/legal/privacy
• Cisco Webex: https://www.cisco.com/c/en/us/about/legal/privacy-full.html

If the meeting is being recorded, we will inform attendees in advance, the status of recording is also displayed in the app. Depending on the event this may include the recording of audio or video of the attendees. Parts of the recording could count as personal data according to data protection laws. Personal data in recordings would include images of you (i.e. webcam images of you and your surroundings), opinions that you contribute and anything that you say about yourself during the event. Depending on how you have set up your account information such as your name and email address may me visible to other attendees.

The lawful basis for processing this personal data is legitimate interests. This applies when the data processing is not required by law but is of a clear benefit to the organisation or the individual, there is limited privacy impact on you as the individual and we think you would reasonably expect us to use the personal data in the way that we wish to. If you do not want to be recorded you may mute your microphone, turn off your webcam or choose not to contribute.

7.      Digital Marketing Service Providers

We periodically appoint digital marketing agents to conduct marketing activity on our behalf, such activity may result in the compliant processing of personal information. Our appointed data processors include:

• Prospect Global Ltd (trading as Sopro) UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io

8.      Your Rights as a Data Subject

At any point while we are in possession of or processing your personal data, you, the data subject, have the following rights:

• Right of access – you have the right to request a copy of the information that we hold about
• Right of rectification – you have a right to correct data that we hold about you that is inaccurate or
• Right to be forgotten – in certain circumstances you can ask for the data we hold about you to be erased from our records.
• Right to restriction of processing – where certain conditions apply to have a right to restrict the
• Right of portability – you have the right to have the data we hold about you transferred to another
• Right to object – you have the right to object to certain types of processing such as direct
• Right to object to automated processing, including profiling – you also have the right to be subject to the legal effects of automated processing or profiling.
• Right to judicial review: in the event that Organisation Name refuses your request under rights of access, we will provide you with a reason as to why. You have the right to complain.

9.      Opt-In & Out Procedures

As you have a right to access your information and you would like to request a copy of the information or correct any data that we hold about you, please contact us at dpo@winmarkglobal.com. You may always opt-out of Winmark holding your data. To remove any personal information from our database or not to receive future communications from Winmark, send an e-mail to dpo@winmarkglobal.com along with stating your name and selecting one of the below options:

• Remove from Marketing Communications
• Remove from Account Communications
• Remove from All Communications (right to be forgotten)

If at a later date you would like to further opt-in, please contact any member of staff at Winmark or email dpo@winmarkglobal.com.

10. Retention Period

Except as otherwise permitted or required by applicable law or regulatory requirements, Winmark endeavours to retain your personal information only for as long as it believes is necessary to fulfil the purposes for which the personal information was collected (including for the purpose of meeting any legal, accounting or other reporting requirements or obligations). The length of time Winmark holds this data is aligned precisely to the Winmark Data Retention Policy which may be requested at any time.

11. Complaints

In the event that you wish to make a complaint about how your personal data is being processed by Winmark, or how your complaint has been handled, you have the right to lodge a complaint directly with the supervisory authority and Winmark data Protection Officer.

12. Contact details of the Data Protection Officer

13. Document Owner and Approval

The Data Protection Officer is the owner of this document and is responsible for ensuring that this record is reviewed in line with the review requirements of the GDPR.

John Jeffcock Chief Executive