Privacy Policy

Last updated: 22nd June 2026

The Association of Defence General and Vascular Surgeons (ADGVS) is committed to protecting your personal data and respecting your privacy. This notice explains how we collect, use, store and share information when you interact with us — in particular when you register for the 33rd Multinational Military Medical Exchange (MMME), submit an abstract, or otherwise correspond with us.

This notice is issued under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

1. Who we are

The data controller is the

Ministry of Defence, Whitehall, LondonSW1A 2HB

For any questions about this notice or about how we handle your personal data, please contact: SG-DPA@mod.gov.uk

2. What we collect

When you register for a conference, submit material, or otherwise correspond with us, we may collect:

  • Identification details: title, name, professional credentials

  • Contact details: email address, postal address (where required), telephone number

  • Professional information: job title, organisation, rank or service (where applicable)

  • Conference-specific information: dietary requirements, accessibility requirements, attendance choices (e.g. workshop, gala dinner, sessions selected)

  • Payment information: handled by our payment processor — we do not store card details

  • Submitted content: abstracts, presentations, posters, and any supporting material submitted for review, display or publication

  • Correspondence between you and us

We collect this information directly from you, through the registration page on our website, through forms we send you, or through email correspondence.

Providing this data is a contractual requirement. Without it, we cannot process your registration, admit you to the conference, or fulfil related services such as catering and accessibility provision. Optional fields (for example, marketing preferences) are clearly identified and have no consequence for your attendance if left blank.

3. Why we collect it (lawful basis)

We process your personal data under the following lawful bases:

  • Performance of a contract (UK GDPR Article 6(1)(b)) — to administer your registration, deliver the conference, and provide associated services.

Where dietary, accessibility or health information is provided, we process this special category data under Article 9(2)(a) (explicit consent) for the purpose of meeting your stated requirements during the event.

4. How we use your information

We use your personal data to:

  • Process your registration and confirm attendance

  • Communicate with you about the conference (logistics, programme updates, joining instructions)

  • Manage abstract submissions, review, acceptance, and presentation

  • Cater for dietary, accessibility, and other stated needs

  • Issue certificates of attendance or CPD documentation

  • Maintain records for finance, audit, and accountability

  • With your separate consent: record presentations, photograph the event, and contact you about future activities

5. Who we share it with

We share personal data only where necessary to deliver the conference. Recipients may include:

  • The conference venue — for catering, accessibility and security

  • Our payment processor — for processing registration fees

  • Squarespace — our website host and registration platform

  • Google Workspace — our email and document platform

  • Partner organisations named in the programme (for example, journal partners receiving accepted abstracts for publication consideration) where this is integral to the conference offer

  • Speakers and chairs receiving delegate lists for context, where this is part of the academic programme

We will not sell, rent or trade your personal data.

International transfers. Some of our service providers (notably Squarespace and Google Workspace) are headquartered in the United States and may process data on infrastructure outside the UK. Where this happens, transfers are made under the UK Extension to the EU–US Data Privacy Framework, or under the UK International Data Transfer Agreement (IDTA) / UK Addendum to the Standard Contractual Clauses, as appropriate to the provider.

6. Speakers

If you have been invited to speak at the conference, additional information about you may be collected and processed in connection with your participation. This may include professional details, presentation materials, and any audio, visual or photographic content captured during the event.

Where applicable, this material may be shared with delegates, partner organisations named in the programme, and — where conference proceedings are published — with the wider public.

The lawful basis for this processing is your consent (UK GDPR Article 6(1)(a)). You may withdraw consent at any time. Where content has already been shared, published, or distributed, retrospective removal may not be possible in all cases.

7. How long we keep it

We retain personal data only for as long as is necessary for the purposes for which it was collected:

  • Registration and attendance records: up to 2 years after the conference

  • Financial records (invoices, receipts): 6 years, as required by HMRC

  • Abstract submissions and accepted presentations: retained indefinitely for academic record purposes

  • Marketing contact details (where consent given): until you withdraw consent or after 3 years of inactivity, whichever is sooner

After these periods, data is securely deleted or anonymised.

8. How we keep it secure

We apply appropriate technical and organisational measures to protect your data, including access controls, encrypted transmission, and the use of reputable hosted services. While no transmission over the internet can be guaranteed fully secure, we take all reasonable steps to safeguard the information you provide.

9. Automated decision-making and profiling

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects. All decisions affecting your registration, abstract acceptance, or participation are made by named members of the MMME Organising Committee or its scientific review panel.

10. Your rights

Under UK GDPR, you have the right to:

  • Access the personal data we hold about you

  • Rectification of inaccurate or incomplete data

  • Erasure of your data, where applicable

  • Restriction of, or objection to, our processing

  • Data portability

  • Withdraw consent where processing is based on consent

  • Lodge a complaint with the Information Commissioner's Office (ICO)

To exercise any of these rights, please contact [contact email to be confirmed]. We will respond within one calendar month.

If you are not satisfied with our response, you may complain to the Information Commissioner's Office:

Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF Tel: 0303 123 1113 www.ico.org.uk

11. Cookies and analytics

Our website (admst.org) uses cookies provided by Squarespace to operate the site, remember your preferences, and gather aggregated analytics. For full detail, see the cookie banner on our site or Squarespace's cookie policy.

12. Changes to this notice

We may update this notice from time to time. The "Last updated" date at the top will reflect the most recent revision. Material changes will be communicated via our website or by email where appropriate.

13. Contact

For any questions about this notice or how we handle your personal data:

People-DSS-Data-Protection@mod.gov.uk