Policy Prepared By: Steve Allan
Policy Operation From: 25/05/2018
Next Review Date: 24/05/2019
At Steve Allan Events we take your privacy seriously. We will only use your personal information to administer your account, provide you with quotations/estimates/rental agreements and invoices as well as offer you discounts/offers through our email marketing. We will never sell, share or use your personal information for anything else.
This policy sets out how we will use the information that you give us, how we store this information, what to do if you want to change/view your information and how to submit a complaint.
Who are we and how to contact us?
Steve Allan Events is a company registered in England. The data controller is: Steve Allan. You can get in touch with us in any of the following ways:
By email: email@example.com
Call: 01622 721353
By post: Unit 5 Gallants Business Park, Lower Road, East Farleigh, Maidstone, Kent ME15 0JS
How we operate
We operate in accordance with EU GDPR 2018 data protection guidelines and the Data Protection Act 1998. To comply with this your information must be collected fairly, stored securely and not unlawfully disclosed. The Data Protection Act and EU GDPR Guidelines are underpinned by eight important principles. These say that information must:
- Be processed fairly and lawfull
- Be obtained only for specific, lawful purpose
- Be adequate, relevant and not excessive
- Be accurate and up to date
- Not to be held for any longer than necessary
- Processed in accordance with the right of the data subjects
- Be protected in appropriate ways
- Not to be transferred outside the European Economic Area (EEA), unless that country/territory also
Who we collect informaion on and what:
This policy applies to all SA Events clients, suppliers and full time/casual staff. It relates to all information that the company holds relating to identifiable individuals, even if that information technically falls outside of the Data Protection Act 1998. This can include:
- Email addresses
- Telephone numbers
We do not collect any Sensitive Data about you. Sensitive data refers to data that includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data. For staffing we may occasionally request a Disclosure & Baring Service Check if our clients request this.
Scope of consent
Opting out at a later date
Once you have given your consent, you can amend or withdraw your consent at any time. We adhere to all user rights as defined in GDPR.
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
- Request access to your personal data
- Request correction of your personal data
- Request erasure of your personal data
- Object to processing of your personal data
- Request restriction of processing your personal data
- Request transfer of your personal data
- Right to withdraw consent
If you wish to exercise any of the rights set out above, please contact us.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request, to speed up our response.
If you have any comments or wish to complain, please email/call/write to us as detailed above.
How we store and process your data
- We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
- The only people able to access data covered by this policy should be those who need it for their work.
- Data will not be shared informally. When access to confidential information is required, SA Events staff can request if from the owner.
- SA Events will provide training and awareness to staff to help them understand their responsibilities when handling data.
- SA Events will keep all data secure by taking sensible precautions and following guidelines listed below.
- Personal data will not be disclosed to unauthorised people, either within the company or externally
- Data will be regularly reviews and updated if it found to be out of date.
- Data will not be stored for longer than required. By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after they cease being customers, for tax purposes. In some circumstances you can ask us to delete your data: see below for further information.
- Your account data will be collected, stored and processed within the UK only. Your data will be stored as described here or until you request removal of your personal data from our system. Please note that we will be unable to carry out your request to be removed if there are still any open transactions against your account.
We will only use your personal data when legally permitted. The most common uses of your personal data are:
- Where we need to perform the contract between us
- Where it is necessary for our legitimate interests (or those of a third party) and your interests, and fundamental rights do not override those interests
- Where we need to comply with a legal or regulatory obligation
We do not rely on consent as a legal ground for processing data, other than in relation to marketing. You have the right to withdraw from our marketing subscription at any time.
We will set out rules to describe how and where data should be safely stored.
When data is stored on paper it should be kept in a secure place where unauthorised people cannot see it. These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
- When not required, the paper on files should be kept in a locked, fire proofed drawer or filing cabinet
- SA Events staff should make sure paper and printouts are not left where unauthorised people could see them
When data is stored electronically, it must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
- Data should be protected by strong passwords that are changed regularly and never shared
- If data is stored on removable media, these should be kept locked away securely when not in use
- Data should only be stored on designation drivers and servers and should only be uploaded to an approved cloud computing service
- Servers containing personal data should be sited in a secure location away from general office space
- Data should be backed up frequently and those backups should be tested regularly in line with the company’s standard backup procedures
- Data should never be saved directly to laptops or other mobile devices
- All servers and computers containing data should be protected by approved security software and firewalls
All individuals who are the subject of personal data held by SA Events are entitled to:
- Ask what information the company holds about them and why
- Ask how to gain access to it
- Be informed how to keep it up to date
- Be informed how the company is meeting its data protection obligations
If an individual contact the company requesting this information, this is called a Subject Access Request. These requests should be made in writing or email to SA Events. SA Events will aim to provide the relevant data within 14 days.
SA Events must verify the identification of anyone making such a request before any information is made available.
You will receive marketing communications from us if you have:
- Requested information from us or purchased goods or services from us; or if you provided us with your details and ticked the box at the point of entry of your details for us to send
- You have not opted out of receiving that marketing.
You can ask us to stop sending you marketing messages at any time by emailing us. Where you opt out of receiving our marketing communications, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience or other transactions. All marketing we send will offer an opt out option enabling you to opt out instantly.
Your data is not shared with any third parties.
We may have to share your personal data with the parties set out below:
- Professional advisers including lawyers, bankers, auditors and insurers who provide consultancy, banking, legal, insurance and accounting services(leasing or finance options).
- HM Revenue & Customs, regulators and other authorities based in the United Kingdom and other relevant jurisdictions who require reporting your data to respect the security of your personal data and to treat it in accordance with the law. We only allow such third parties to process your personal data for specified purposes and in accordance with our instructions.
Under the Data Protection Act, we are also permitted to share some information with third parties who use such data for non-marketing purposes (including credit and risk assessment and management, identification and fraud prevention, debt collection and returning assets to you).
Contacting us, exercising your information rights and complaints