PRIVACY POLICY

Who we are 

We are The Department, a London-based brand experience agency that designs and delivers live events, experiential activations, product launches, showcases, hospitality, and immersive innovation projects for brands.

This notice explains how we process personal data relating to website visitors, clients and prospective clients, event participants and guests, and suppliers, freelancers, and partners.

For filming/photography and interactive technologies used at events, please also read our Events Privacy Notice. 

Throughout this notice, “Data Protection Legislation” means the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR), and, where applicable, the EU GDPR.

Registered company name: The Department UK Ltd

Company number: 08534899

Registered office: 2 Leathermarket St, London, SE1 3HN

ICO registration number: ZB458726

For all privacy enquiries, contact our Data Protection Officer (DPO):

Email: hello@the-department.co.uk

Postal: 2 Leathermarket St, London, SE1 3HN

What personal data we collect

  • Identity & contact data: name, job title, organisation, business email, business phone.
  • Professional profile: sector, role, interests/preferences relevant to B2B engagement.
  • Enquiry & correspondence data: briefs, proposals, statements of work, emails and messages.
  • Event & hospitality data: RSVPs, accreditation needs, access requirements, and dietary/allergy information (special category data processed with your consent).
  • Media assets: photography, video and audio captured at events (see Events Privacy Notice).
  • Technical/usage data: IP address, device/browser details, pages viewed and interactions on our website via cookies/analytics.
  • Immersive/interactive data: limited interaction or device signals where XR/AR installations or participation apps are used; activation-specific notices may apply.
  • Supplier/finance data (B2B): banking or invoicing details for supplier or partner payments and client billing (B2B context).

How we collect your data

  • Directly from you (website forms, emails, calls, meetings, event registrations, onsite checkins).
  • From your organisation or agency partners (where you are nominated as a contact/attendee).
  • From event platforms and production partners for accreditation, security, or logistics purposes.
  • From publicly available sources (official company sites, professional directories) in a B2B context.
  • By automated means via cookies/analytics when you browse our website.

Why we use your data (purposes)

  • Respond to enquiries and provide proposals or statements of work.
  • Plan and deliver events/activations, including accreditation, access control, health & safety, security, and guest services.
  • Manage suppliers and partners, including bookings, scheduling, and performance oversight.
  • Communicate operational updates, changes, or emergency notices for live experiences.
  • Capture and produce event media for documentation, brand storytelling, and promotional use consistent with reasonable expectations at live events (with notices and additional consents where required).
  • Improve our website and services via analytics and service diagnostics.
  • Maintain business records, comply with laws, and manage legal claims or rights.

Using your personal data: lawful bases and purposes

We rely on the following lawful bases under the UK GDPR, depending on activity:

Contract: to take steps at your request and perform agreed-upon works (e.g., handling briefs, delivering events, managing suppliers).

Legitimate interests: to operate and grow a creative agency; plan and secure events; communicate necessary updates; maintain internal records; create event documentation and promotional captures consistent with attendee expectations; and analyse website performance. We balance these interests against your rights.

Consent: for marketing communications (where required), dietary/access needs (special category data), participation in interviews/testimonials, or specific interactive tech where an additional prompt is appropriate. You can withdraw consent at any time.

Legal obligation: for health & safety, incident reporting, tax/accounting, or responding to lawful requests.

Marketing communications

We may send B2B updates about our work, events, or insights. We rely on consent or, where appropriate, the soft opt-in for similar services to existing relationships. All messages include an unsubscribe option, and you can change preferences at any time

Photography, filming & immersive technology at events

Filming and photography are common in live brand experiences; we provide clear on-site notices and do not single you out without your consent (e.g., for posed interviews). Q&A or livestream participation may display your name/comment if you choose to contribute. XR/AR/interactive activations may process limited interaction data; where relevant, an activation-specific notice or consent step is provided. See our Events Privacy Notice for details.

Social media buttons

We use plugins on our website from social media networks such as Facebook, LinkedIn, and Twitter. You can recognise these plugins by their logos. Our plugins will not collect personal data about you unless you click on these logos. If you click on them, these plugins are activated and automatically transmit data to the plugin provider.

We do not have any influence over which data these providers collect from you. If you would like more information about their data processing, this can be found in the respective privacy policies on the websites of these providers.

Cookies

We use cookies and similar techniques, such as tags/beacons and JavaScript’s, which are small text files stored on your device. Using cookies is a way for us to make sure that our website is continuously improved, meets your needs and can be used as a tool to optimise our marketing strategy. For us to do this, we place functional cookies to make the website function as well as marketing cookies, which help us target the right people and show them advertisements. Some of these cookies track your use of our website and visits to other websites and allow us to show you advertisements when you browse other websites.

Sharing of your personal data

We do not sell personal data.

  • Event clients (where necessary for accreditation, operations, or legitimate reporting).
  • Production and logistics partners (venues, staging/AV, security, accreditation, transport, guest management, technology providers).
  • Catering providers (limited to dietary needs strictly for service delivery).
  • Creative/media partners supporting photography/filming/editing and content delivery.
  • Professional advisers (legal, insurance, finance) and authorities, where required by law.
  • We require appropriate contracts and safeguards; partners only use data to deliver the agreed services.

Where we store your data and international transfers

Your personal data is primarily stored in the UK/EEA. Where suppliers or systems are located outside these areas, we use recognised safeguards (e.g., UK/EU adequacy decisions or Standard Contractual Clauses with supplementary measures as needed). Details are available on request.

How long we keep your data

We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

By law we must keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for seven years after they cease being customers for tax purposes.

In some circumstances we may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes in which case we may use this information indefinitely without further policy to you.

The Right to be Informed about our collection and use of personal data

You have the right to be informed about the collection and use of your personal data. We ensure we do this with our internal data protection policies and through our external privacy notices. These are regularly reviewed and updated to ensure they are accurate and reflect our data processing activities.

Right to Access Your Personal Information

You have the right to access the personal information that we hold about you in many circumstances, by making a request. This is sometimes termed ‘Subject Access Request’. If we agree that we are obliged to provide personal information to you (or someone else on your behalf), we will provide it to you or them free of charge and aim to do so within 1 month from when your identity has been confirmed.

We would ask for proof of identity and sufficient information about your interactions with us so that we can locate your personal information.

Right to Correction of Your Personal Information

If any of the personal information we hold about you is inaccurate, incomplete, or out of date, you may ask us to correct it.

Right to Stop or Limit Our Processing of Your Data

You have the right to object to us processing your personal information for particular purposes, to have your information deleted if we are keeping it too long or to have its processing restricted in certain circumstances.

You can ask us to restrict processing of your data, for example, where:

  • You’re contesting the accuracy of your personal data
  • We no longer need to process your personal data, but you want us to keep it for use in legal claims
  • You’ve objected to the processing by asking us to stop using your data, but you’re waiting for us to tell you if we have overriding grounds, which means we’re allowed to keep on using it

Right to Erasure

You have the right to have personal data erased. This is also known as the ‘right to be forgotten’. The right is not absolute and only applies in certain circumstances. Where the right doesn’t apply, we’ll let you know why we can’t action your request.

This right may be applied where:

  • personal data is no longer necessary in relation to the purpose for which it was originally collected/processed
  • the processing was based on your consent, which you withdraw (and there are no other legal grounds for processing that data)
  • You exercise your right to object and there are no overriding legitimate grounds for the processing
  • There is no lawful reason to retain personal data or if the personal data must be erased to comply with a legal obligation

Right to Portability

The right to portability gives you the right to receive personal data you have provided to a controller in a structured, commonly used, and machine-readable format. It also gives you the right to request that a controller transmit this data directly to another controller.

For more information about your privacy rights

The Information Commissioner’s Office (ICO) regulates data protection and privacy matters in the UK. They make a lot of information accessible to consumers on their website, and they ensure that the registered details of all data controllers, such as The Department, are available publicly.

You can make a complaint to the ICO at any time about the way we use your information. However, we hope that you will consider raising any issue or complaint you have made with us first. Your satisfaction is extremely important to us, and we will always do our very best to solve any problems you may have.

Security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. Platforms, systems, and facilities in which personal data are processed are protected by secure network architectures that contain firewalls, access control and authentication protocols.

In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Find Us

The Department
Studio 1, 2 Leathermarket St,
London SE1 3HN,
United Kingdom

Contact us
Email us

Call: +44 203 305 5878

Useful links
Terms & Conditions
Privacy Policy
Newsletter sign up

    *Mandatory Field

    Copyright © THE DEPARTMENT 2023