• PICCASO Awards – Data Protection Notice

    PICCASO is a not-for-profit organisation that recognises excellence in the fields of Privacy, Information Security, Compliance and AI.

    (Find out more here)

    Each year, PICCASO runs the PICCASO Awards for Europe.

    This notice explains how we collect and use personal data specifically in relation to the awards programme.

    Our contact details

    Name: PICCASO Limited

    Registered Address: Wright Vigor Chartered Accountants, 15 Newland, Lincoln, Lincolnshire, LN1 1XG

    E-mail: Hello@PICCASO.org

    Who are the Awards for?

    The PICCASO Awards aim to celebrate professionals who are making a difference in this industry.

    Nominees and participants include:

    • Data Protection Officers (DPOs)

    • Chief Privacy Officers (CPOs)

    • Chief Information Security Officers (CISOs)

    • General Counsels and legal professionals

    • Compliance and risk leaders

    • Regulators and strategists

    • Students and emerging professionals

    • Innovators in AI, governance, ethics, and digital responsibility

    If you are shaping how data is used responsibly across people, processes, technology, and society - the PICCASO Awards are for you.

    Personal Information We Collect

    We may collect and process the following personal data for awards-related purposes:

    • Name

    • Company Name

    • Job title

    • Headshot

    • Email address

    • Telephone Number

    • Nomination details

    • Event attendance details

    • Communication preferences (email, web, social)

    • Marketing communications (newsletters, updates, invitations to awards events)

    • Media and press references related to awards

    • Sponsor and partner engagement

    How We Collect Personal Data

    • Nomination process (directly or by someone else)

    • Registration to attend an awards event

    • Engagement with awards-related communications

    We may also receive personal data from:

    • Event registration platforms (e.g. Typeform, TicketTailor)

    • Sponsors and partners who share registration details for awards-related events

    • Publicly available sources (e.g. LinkedIn, professional directories)[

    How We Use Personal Data

    • Administration of awards nominations and attendance

    • Communications about awards events and updates

    • Sharing relevant opportunities from sponsors and partners

    • Maintain transparency and audit records for the awards programme[

    Who We May Share Personal Data With

    • Event sponsors and contracted partners, including:

    - Iron Mountain

    - Dentons LLP

    - GRC World Forum

    - Privado

    - Cognizant

    - Other confirmed sponsors relevant to the awards

    • Marketing and IT service providers (e.g. Mailchimp, Eventbrite)

    • Professional advisers (e.g. legal, accounting)

    • Event organisers (e.g. GRC)

    We do not share your data for third-party marketing without your consent.

    Lawful Bases for Processing

    Under UK GDPR, we rely on:

    • Consent – for marketing and sharing with sponsors

    • Contractual obligation – for awards registration and participation

    • Legitimate interests – for administration of the awards events and maintaining transparency

    Data Retention

    • Awards nominations and related data – retained for up to 36 months after the awards cycle

    • Marketing and consent records – retained until you withdraw consent or after 3 years of inactivity

    Your Data Protection Rights

    Under data protection law, you have the following rights in relation to your personal information:

    • Right of access – you can request copies of the personal information we hold about you.
    • Right to rectification – you can ask us to correct any information you believe is inaccurate, or to complete information you believe is incomplete.
    • Right to erasure – you can request that we erase your personal information in certain circumstances.
    • Right to restrict processing – you can ask us to restrict the processing of your personal information in certain circumstances.
    • Right to object to processing – you can object to the processing of your personal information in certain circumstances, including where we rely on legitimate interests.
    • Right to data portability – you can ask us to transfer the information you gave us to another organisation, or to you, in certain circumstances.
    • Right to withdraw consent – where we rely on your consent (for example, to send you marketing communications or share your details with sponsors), you can withdraw this consent at any time.

    You are not required to pay any fee for exercising your rights. We will respond to your request within one month.

    If you would like to exercise any of these rights, please contact us at:

    Email: Privacy@PICCASO.org

    We may update this notice periodically to reflect changes in our practices or legal obligations. The most recent version will always be published on our website

    How to Complain

    If you have any concerns about our use of your personal information, we encourage you to contact us first so that we can try to resolve the matter with you.

    You can contact us at:

    Email: Privacy@PICCASO.org

    Write to: PICCASO, Wright Vigor Chartered Accountants, 15 Newland, Lincoln, Lincolnshire, LN1 1XG

    If you are not satisfied with our response, or believe we are processing your personal data unlawfully, you can also complain to the UK’s independent regulator, the Information Commissioner’s Office (ICO):

    Address:

    Information Commissioner’s Office

    Wycliffe House

    Water Lane

    Wilmslow

    Cheshire

    SK9 5AF

    Helpline number: 0303 123 1113

    Website: www.ico.org.uk

    Cookie Use
    We use cookies to ensure a smooth browsing experience. By continuing we assume you accept the use of cookies.
    Learn More