GDPR Assessment

BiCon 2023 will process the personal data of attendees. This personal data falls under the UK GDPR for UK citizens and the EU GDPR for EU citizens; the two GDPRs are currently aligned.

BiCon 2023 is a Data Controller with respect to this data. The collection and processing of this data is entirely under its control, and any decisions made about the processing of the data are made by BiCon 2023 itself, and are not directed by any third parties.

The general basis of processing personal data by BiCon 2023 will be the explicit consent of the attendees, which we will collect as part of registration. It is therefore important that the BiCon 2023 registration links clearly to our privacy policy which gives an overview of the processing that will be carried out on the data, and that we restrict processing to the purposes set out there.

As part of our core processing of the data, we will need to pass information on to some third parties. These include Nottingham Trent University for attendees requiring accommodation and future BiCon teams for reporting code of conduct breaches that are serious enough to warrant passing on.

The personal data processed by BiCon 2023 is in part special category data as defined by Article 9 under GDPR – i.e. it is ‘data concerning a natural person’s sex life or sexual orientation’. Although not everyone at BiCon identifies as bisexual, the nature of the event meens that attendees are a lot more likely to be bisexual than in the general population, and thus inferences about an attendees likely sexuality could be drawn if the person’s attendance at BiCon were known. This is enough to regard the personal data as special category data.

Special category data carries its own safeguards and there are extra rules concerning who may process it. BiCon 2023 will be processing it jointly on the basis that explicit permission has been sought to do so, and that we are a not-for-profit body processing the data solely in connection with its purposes.