Privacy Policy

Effective Date: 03/07/2025

  1. Who We Are

This Privacy Policy explains how Millbrook Medical Conferences Ltd (“we”, “our”, “us”) collects, uses, and protects your personal data when you use our services, attend events, or interact with us online or by email.

Company Name: Millbrook Medical Conferences Ltd
Registered Address: 81 Burton Road, Derby, Derbyshire, United Kingdom, DE1 1TJ
Operational Address: 8 Midland Court, Central Park, Lutterworth, LE17 4PN
Email: enquiries@millbrookconferences.co.uk
Phone: +44 (0)1455 552559
Data Protection Officer: Sarah Legate – sarah@millbrookconferences.co.uk

We are the data controller for all personal data we process in the course of managing and delivering events and marketing communications. However, in certain cases, such as when we provide administrative services to a professional medical society, we act as a data processor, and the society is the data controller.

  1. How We Collect Your Information

We collect personal data through:

  • Event registrations via our website or Cvent platform
  • Direct communications with you (email, phone, in person)
  • Marketing opt-ins
  • Data sharing agreements with medical societies (for event delivery only)
  • Trusted third-party providers (where you’ve given consent for professional data to be shared)
  • Legacy data collected before May 2018 (GDPR), used only where a legitimate interest applies
  1. What Personal Data We Collect

Depending on the nature of the event or interaction, we may collect:

  • Full name
  • Job title, career stage, or experience level
  • Organisation/place of work
  • Work email and phone number
  • Personal email (where provided)
  • Supervisor details (name, email, job title)
  • Emergency contact information (name, relationship, phone number)
  • Membership number or verification status for affiliated societies (if required to attend an event)
  • Dietary or accessibility requirements (special category data)
  • Registration and attendance history
  • Website usage data (IP address, browser type, pages visited, referring site)
  1. How We Use Your Data

We process your data to:

  • Manage and deliver events, conferences, and webinars
  • Register you for events and communicate essential event details
  • Contact you with relevant updates, reminders, or logistical information
  • Verify your eligibility for specific events (e.g., through membership confirmation)
  • Notify a supervisor for approval or verification where required
  • Provide safeguarding during in-person events (emergency contact details)
  • Send relevant marketing communications (if you’ve opted in, or under legitimate interest where applicable)
  • Improve our services and analyse trends
  • Process dietary or accessibility needs for event participation
  • Issue CPD certificates or attendance documentation based on your career stage or job role

We never use emergency, supervisor, or society-supplied data for unrelated marketing.

  1. Lawful Bases for Processing

We rely on the following lawful bases under the UK GDPR:

  • Consent – for marketing communications where you have opted in
  • Contract – to manage your registration and attendance at events
  • Legal obligation – to comply with laws or regulatory requirements
  • Legitimate interest – for sending event information to healthcare professionals where:
    • Data was collected pre-GDPR
    • It is professionally relevant (e.g., work emails)
    • You have not objected or opted out
    • Communications are relevant and non-intrusive

We have conducted a Legitimate Interests Assessment (LIA) to ensure this basis is fair and balanced. You can request a summary by contacting us.

  1. Sharing Your Data

We may share your data only when necessary:

  • With our data processors, such as Cvent, used to manage registrations
  • With medical societies we partner with to run events (under Data Sharing Agreements)
  • With supervisors (if required by the event format)
  • With emergency responders if required during an in-person event
  • With service providers under strict data protection agreements
  • If legally required (e.g., regulatory authority or legal claim)

We do not sell or share data for third-party marketing purposes.

  1. Cookies and Website Tracking

Our website uses CookieScript to manage your cookie preferences. Cookies help us monitor website traffic and improve user experience.

  • Strictly necessary cookies – required for basic website functions
  • Performance cookies – used for analytics (do not identify individuals)
  • Targeting cookies – may be used by content or ad partners

You can manage or withdraw your consent to cookies via the banner or your browser settings.

  1. How We Store and Retain Your Data

We only keep your data for as long as necessary:

  • Event-related data is kept for up to 3 years
  • Dietary/accessibility data is deleted shortly after the event
  • Supervisor and emergency contact info is deleted shortly after the event unless required for verification
  • Membership verification data is retained only for the purpose of eligibility checking
  1. Your Data Protection Rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request erasure of your data where applicable
  • Restrict or object to processing under certain conditions
  • Withdraw consent (where consent is the lawful basis)
  • Lodge a complaint with the Information Commissioner’s Office (ICO) at https://ico.org.uk

To exercise your rights, contact: enquiries@millbrookconferences.co.uk

10. Email Marketing and Preferences

We send marketing emails:

  • To those who have explicitly opted in via our registration forms
  • To healthcare professionals under legitimate interest, where lawful, relevant, and proportionate

Every marketing email includes a clear unsubscribe link. If you unsubscribe, we will stop sending marketing to you across all campaigns.

We do not classify legitimate interest contacts as “opted in” unless explicit consent is given.

11. Data Received from Societies or Third Parties

When we run events on behalf of medical societies, we may receive member data under a formal data sharing agreement. This data is used strictly for event administration and will not be used by Millbrook for unrelated purposes.

We may also receive professional contact data from third-party suppliers who have your consent to share it. This is only used to send relevant professional event information, under legitimate interest.

12. When We Act as a Data Processor

In some cases, Millbrook Medical Conferences Ltd provides administrative services on behalf of medical societies. In these scenarios, we act as a data processor and do not control how or why the data is processed.

  • The society is the data controller
  • Communications are sent using the society’s systems
  • We process your data solely under their instructions and do not use it for our own purposes
  • For data subject rights or questions in these cases, please refer to the society’s privacy policy

13. Changes to This Policy

We may update this Privacy Policy from time to time. The most current version will always be posted on our website, with the effective date updated accordingly.

14. Contact Us

Millbrook Medical Conferences Ltd
Registered Office: 81 Burton Road, Derby, Derbyshire, DE1 1TJ
Operational Address: 8 Midland Court, Central Park, Lutterworth, LE17 4PN
enquiries@millbrookconferences.co.uk
+44 (0)1455 552559
DPO: Sarah Legate – sarah@millbrookconferences.co.uk