PICCASO Awards – Data Protection Notice

PICCASO is a not-for-profit organisation that recognises excellence in privacy, AI, compliance, and cybersecurity. (Find out more here)

Each year, PICCASO runs the PICCASO Awards for Europe.

This notice explains how we collect and use personal data specifically in relation to the awards programme.

Our contact details

Name: PICCASO Limited

Registered Address: Wright Vigor Chartered Accountants, 15 Newland, Lincoln, Lincolnshire, LN1 1XG

E-mail: Privacy@PICCASO.org

Who Is It For?

The PICCASO Awards aim to celebrate excellence across privacy, AI, compliance, and cybersecurity. They are designed for professionals who are driving innovation, ethical leadership, and impact in these fields.

Nominees and participants include:

• Data Protection Officers (DPOs)

• Chief Privacy Officers (CPOs)

• Chief Information Security Officers (CISOs)

• General Counsels and legal professionals

• Compliance and risk leaders

• Regulators and strategists

• Students and emerging professionals

• Innovators in AI, governance, ethics, and digital responsibility

If you are shaping how data is used responsibly across people, processes, technology, and society - the PICCASO Awards are for you.

PICCASO recognises these individuals and organisations through its awards programme, elevating industry standards and celebrating those who lead with integrity and excellence.

Personal Information We Collect

We collect and process the following personal data for awards-related purposes:

• Name

• Company Name

• Email address

• Telephone Number

• Nomination details

• Event attendance details

• Communication preferences (email, web, social)

• Marketing communications (newsletters, updates, invitations to awards events)

• Media and press references related to awards

• Sponsor and partner engagement

How We Collect Your Information

We receive personal data directly from you when you:

• Submit a nomination

• Register to attend an awards event

• Engage with awards-related communications

• Are referred or nominated by a community member, sponsor, or partner

• Are publicly recognised in media or press in connection with the awards

We may also receive data from:

• Event registration platforms (e.g. Eventbrite, Zoom)

• Sponsors and partners who share registration details for awards-related events

• Publicly available sources (e.g. LinkedIn, professional directories)

How We Use Your Information

We use your data to:

• Administer awards nominations and attendance

• Communicate with you about awards events and updates

• Share relevant opportunities from sponsors and partners

• Maintain transparency and audit records for the awards programme

Who We Share Your Information With

We may share your data with:

• Event sponsors and partners, including:

• Iron Mountain
• Dentons LLP
• GRC World Forum
• Privado
• Cognizant
• Other confirmed sponsors relevant to the awards

• Marketing and IT service providers (e.g. Mailchimp, Eventbrite)

• Professional advisers (e.g. legal, accounting)

• Event organisers (e.g. GRC)

We do not share your data for third-party marketing without your consent.

Lawful Bases for Processing

Under UK GDPR, we rely on:

• Consent – for marketing and sharing with sponsors

• Contractual obligation – for awards registration and participation

• Legitimate interests – for operating the awards programme and maintaining transparency

Data Retention

• Awards nominations and related data – retained for up to 36 months after the awards cycle

• Marketing and consent records – retained until you withdraw consent or after 3 years of inactivity

Your Data Protection Rights

Under data protection law, you have the following rights in relation to your personal information:

• Right of access – you can request copies of the personal information we hold about you.
• Right to rectification – you can ask us to correct any information you believe is inaccurate, or to complete information you believe is incomplete.
• Right to erasure – you can request that we erase your personal information in certain circumstances.
• Right to restrict processing – you can ask us to restrict the processing of your personal information in certain circumstances.
• Right to object to processing – you can object to the processing of your personal information in certain circumstances, including where we rely on legitimate interests.
• Right to data portability – you can ask us to transfer the information you gave us to another organisation, or to you, in certain circumstances.
• Right to withdraw consent – where we rely on your consent (for example, to send you marketing communications or share your details with sponsors), you can withdraw this consent at any time.

You are not required to pay any fee for exercising your rights. We will respond to your request within one month.

If you would like to exercise any of these rights, please contact us at:

Email: Privacy@PICCASO.org

We may update this notice periodically to reflect changes in our practices or legal obligations. The most recent version will always be published on our website

How to Complain

If you have any concerns about our use of your personal information, we encourage you to contact us first so that we can try to resolve the matter with you.

You can contact us at:

Email: Privacy@PICCASO.org

Write to: PICCASO, Wright Vigor Chartered Accountants, 15 Newland, Lincoln, Lincolnshire, LN1 1XG

If you are not satisfied with our response, or believe we are processing your personal data unlawfully, you can also complain to the UK’s independent regulator, the Information Commissioner’s Office (ICO):

Address:

Information Commissioner’s Office

Wycliffe House

Water Lane

Wilmslow

Cheshire

SK9 5AF

Helpline number: 0303 123 1113

Website: www.ico.org.uk