Privacy policy

1.  About This Privacy Notice

The Marketing Society (“we”, “us”, “our”) is committed to protecting your personal information and being transparent about how we use it.

This Notice explains:

  •  what personal information we collect
  • why we collect it and the legal basis for doing so
  • how we use and share it
  • how long we keep it
  • how we protect it
  • your rights, including how to exercise them

It applies whenever you interact with us as a Member, event attendee, Awards entrant, subscriber, or visitor to our website or app.

We are the data controller. Our contact details are:

Organisation: The Marketing Society

Data Protection Officer: [email protected]

Address: 167–169 Great Portland Street, Fifth Floor, London W1W 5PF,   United Kingdom

ICO Registration:    ZC105004

If you have any questions about this Notice or how we handle your data, please contact our Data Protection Officer at: [email protected]

2.  Personal Information We Collect

Depending on how you interact with us, we may collect:

  • Identity: name, title .
  • Contact: email address, phone number and postal address.
  • Professional: job title, employer, career stage and LinkedIn profile URL.
  • Payment: billing name and address;  payment card details (we do not store full card numbers).
  • Technical: IP address, device and browser type, app usage data and cookie identifiers.
  • Interaction: emails opened or clicked, event attendance, content downloads and app engagement.
  • Demographic: gender, ethnicity and career stage — collected on a strictly voluntary, opt-in basis through surveys only.
  • Media: photographs, video and audio recordings taken at events or Awards ceremonies.
  • Photography, video and audio recording may take place at all events for promotional purposes. By attending, you acknowledge and consent to such recording and use. If you do not wish to be recorded, you must notify us in writing in advance of the event
  • Feedback: survey responses, event ratings, on an anonymised basis and testimonials by named individuals.
  • Referral: names and email addresses provided by Members when recommending contacts.
  • Dietary and accessibility: dietary requirements and accessibility needs provided for event management purposes.

A note on sensitive information. Dietary and accessibility data is treated as sensitive. We collect it only to manage your participation at events and delete it once the event has taken place. Demographic data is used only in aggregated, anonymised form for diversity research and is never used to identify individuals.

3.  How We Use Personal Information

We process your personal information only where we have a lawful basis to do so. We rely on four bases:

  • Performance of contract - to manage your Membership, process event registrations and handle payments.
  • Legal obligation - to meet statutory requirements such as financial record-keeping.
  • Legitimate interest - for Member communications, networking features, analytics and media use at events, where our interests are balanced proportionately against your rights.
  • Consent - for marketing newsletters, optional demographic surveys, cookies and partner benefit opt-ins. You may withdraw consent at any time.

Typical uses include: running your Membership account; delivering and following up on events; sending newsletters and Member updates; operating the Member directory and app; producing anonymised diversity reports; using event photographs, video and audio for promotional purposes; and maintaining financial records.

A note on engagement tracking. We track interactions such as email opens and clicks, event attendance and app engagement to understand how our communications and services are used and to improve them. This constitutes light profiling for service improvement purposes. We do not use this data to make automated decisions that produce legal or similarly significant effects on you.

Retention. We keep data only as long as necessary. Financial records are held for seven years (statutory requirement). Active Membership data is held during your Membership and for up to five years after lapse. Event media (including photography, video and audio recordings) may be retained for as long as necessary for the Society’s legitimate business purposes, including marketing, promotional and archival use.. Analytics data is retained for a limited period, typically between 12 and 24 months, unless a longer period is required for legitimate business purposes.. Dietary requirements and accessibility information may be retained for the duration of your Membership to support your attendance at future events and improve your experience. You may update or request deletion of this information at any time .Full retention details are available on request.

4.  Sharing Personal Information

We do not sell your personal information. We share it only where necessary, with organisations that are contractually bound to handle it securely and only for the purposes we specify.

4.1  Sub-Processors and Service Providers

Our key technology and service providers are:

  • Salesforce - CRM and Membership management
  • Salesforce Pardot - email marketing
  • Stripe - payment processing
  • Drupal - content management system
  • Certinia (FinancialForce) - finance and accounting
  • The Dots - mobile app platform
  • Cvent - event management
  • Zellus / Awards Force / Evessio - Awards entry management
  • LinkedIn - Live event management
  • Google Workspace
  • Google Analytics - website analytics
  • Microsoft 365 / SharePoint - productivity and document management
  • Zoom - online events and meetings
  • Eventbrite - event ticketing (in some circumstances)
  • We also use Microsoft Clarity for web analytics
  • Fathom Analytics
  • Make for integrations to pass information between Salesforce and Drupal

A full list of active processors is available on request and is reviewed every six months.

4.2  Event Venues

Attendee names may be shared with venues for security, health and safety or access management.

4.3  Partners

We do not routinely share delegate lists with partners. Your contact details are shared with partners only where you have opted in. For smaller events, we ask for explicit consent before making any introductions.

4.4  Awards Submissions

Awards entries may be licensed to third parties. This is stated explicitly on the entry form and communicated to you before submission.

4.5  AI and Productivity Tools

We may use AI-assisted tools such as Chat GPT, Claude, Gemini in our work. We take care to avoid entering personal data into these tools unnecessarily and maintain data processing agreements where required.

4.6  Legal Disclosures and Business Transfers

We may disclose personal information where required by law, court order or regulatory authority, or where reasonably necessary to protect our legal rights. In the event of a business reorganisation or acquisition, personal data may be transferred to the relevant successor organisation under appropriate confidentiality terms.

5.  International Transfers and Applicable Law

We are registered with the UK Information Commissioner’s Office (ICO, Registration No. ZC105004). Our primary compliance framework is UK GDPR and the Data Protection Act 2018.

Several of our service providers are based outside the UK and EEA. Where we transfer personal information internationally, we rely on Standard Contractual Clauses (SCCs), the UK International Data Transfer Agreement (IDTA), adequacy decisions, or other lawful mechanisms to ensure an equivalent level of protection.

Our Members are based across multiple jurisdictions. Where we process personal information of individuals in other countries, we comply with the applicable local data protection law in addition to our UK obligations. We aim to apply the higher standard where requirements differ.                  

Territory   Applicable Law  Supervisory Authority
United Kingdom UK GDPR; Data Protection Act 2018 Information Commissioner’s Office
European Union EU GDPR (Regulation 2016/679)   Lead supervisory authority in your EU Member State
USA State privacy laws and applicable federal law

Federal Trade Commission and relevant state regulators
Hong Kong  Personal Data (Privacy) Ordinance (PDPO), Cap. 522

 Privacy Commissioner for Personal Data
Singapore  Personal Data Protection Act 2012 Personal Data Protection Commission - pdpc.gov.sg
GCC / UAE  UAE Federal Decree-Law No. 45/2021; DIFC Data Protection Law 2020 where applicable  UAE Data Office; DIFC Commissioner of Data Protection

 

 

 

 

 

 

 

 

For further information about the safeguards we apply to international transfers, or to exercise rights under a specific jurisdiction’s law, please contact [email protected]

6.  Our Digital Services

Website and Cookies

When you visit our website, we use cookies to ensure it functions correctly and to understand how it is used. Cookie types include:

  • Strictly necessary: essential for login, session management and security. These cannot be disabled.
  • Analytics: help us understand visitor behaviour (e.g. Google Analytics). Require your consent.
  • Social media: enable social sharing features. Require your consent.
  • Marketing: used to deliver relevant content and measure campaigns. Require your consent.

You can manage your cookie preferences at any time via the cookie banner on our website or through your browser settings.

Mobile App

Our mobile app, provided by The Dots, allows Members to network, access content, message each other and manage their profiles. The app collects profile information, in-app messages, engagement data, push notification preferences and device type for technical support. Your profile is visible to other Members by default; you can adjust your privacy settings within the app at any time.

You can opt out of push notifications through your device settings or the app. To request deletion of your app account and profile, contact [email protected]

7.  Security

We implement appropriate technical and organisational measures to protect your personal information, including encryption of data in transit, access controls, regular review of third-party security practices and staff training on data protection.

No internet transmission is entirely risk-free. If you believe your interaction with us has been compromised, please contact [email protected]  immediately. In the event of a data breach likely to affect your rights, we will notify the relevant supervisory authority within 72 hours and, where required, inform you directly.

8.  Third-Party Links

Our website, app and communications may link to third-party sites and services. This Notice does not cover those services. We encourage you to read the privacy notices of any external site before sharing personal information with it.

9.  Your Rights

Depending on your jurisdiction, you have some or all of the following rights in relation to your personal information:

  • Access - request a copy of the personal information we hold about you.
  • Correction - ask us to correct inaccurate or incomplete data.
  • Deletion - request that we erase your data where there is no compelling reason for us to keep it.
  • Restriction - ask us to pause processing in certain circumstances.
  • Portability - receive certain data in a structured, machine-readable format.
  • Objection - object to processing based on legitimate interest or for direct marketing.
  • Withdrawal of consent - withdraw consent at any time where processing is consent-based, without affecting prior processing.
  • Non-sale - we do not sell your personal information. No opt-out of sale is required.

To exercise any right, contact [email protected]. We will respond within the timeframe required by the applicable law in your jurisdiction (typically one month for UK/EU; 30 days for Singapore; 40 days for Hong Kong).

To unsubscribe from marketing emails, click the ‘unsubscribe’ link in any email or contact [email protected] . Unsubscribing does not affect your Membership or access to our services, but it impacts on your ability to learn events and content.

Complaints. If you are not satisfied with our response, you may complain to the supervisory authority in your jurisdiction (see the table in Section 5). We welcome the opportunity to resolve concerns directly first.

10.  Children

Our services are intended for individuals aged 18 and over. We do not knowingly collect personal information from anyone under 18. If you believe we hold data relating to a child, please contact [email protected] and we will delete it promptly.

11.  Changes to This Notice

We review this Notice at least every six months and whenever our data practices change materially. The current version is always available at www.marketingsociety.com/privacy-policy and within our app. Where changes are significant, we will notify you by email or prominent notice before they take effect.

12.  Contact

For all privacy queries, subject access requests or data deletion requests:

Data Protection Officer: [email protected]

Post: The Marketing Society, 167–169 Great Portland Street, Fifth Floor, London W1W 5PF, United Kingdom

We aim to respond to all queries within five working days.