We are the custodians of any data that you, the user of our website, provide us with via the forms on our website or via any other means of contacting us.
Our general aim is to ensure the maximum protection and minimal of sharing for any information you would regard as personal. There are, however, always cases where information must be shared such as due to legal obligations. These are all detailed in the privacy statement below.
Your relationship with us is managed online via the email address that you supply to us.
We offer two different types of service:
1. For the general public we provide information about events and information about the themes of the events. Where a member of the public explicitly provides us with personal information we will use the details in the manner that would reasonably be expected. For example it is reasonable for you to expect us to use your email address to send you email, your postal address to send you post, your phone number to phone you, etc. Other than that we do not share your details with anyone unless legally obliged to do so.
2. For event organisers we publish information to the general public about the organiser's events. We are the data controller for any personal information relating to the creation of and running of the event organisers account with us. With regard to the information that the event organiser publishes on our site we act as a data processor for the event organiser who is data controller for the information that they publish on our site.
We collect and use your data for the purpose we describe with each service we provide and in these cases we only collect the minimal information required to provide the service to you.
We collect statistical data about visits to our website. Some of this is personal data such as IP address that is logged for the purpose of crime prevention and detection.
We may use your personal data as necessary for the protection and assertion of our legitimate interests, our legal rights, your legal rights, the legal rights of others or to comply with a legal obligation.
We will ask you to provide your personal data directly to payment processors in order to complete payments to us.
As many companies must do we contract other companies to provide a part of our service in the capacity of a data processor. In these cases some of your personal information may be required to provide the specific part of the service we have contracted. It is only supplied on condition that the information is solely used to fulfil the service. We only use companies that we have checked are suitable. These are the situations where we use data processors:
We use cloud service providers for web hosting and for email
We process data that you give us for the purpose that we state at the time you give us your data.
We store information under the following legal bases:
a. by your consent which is explicitly given by your completion of a form on our website - this is generally for our newsletters
b. by contract where you ask for a specific service from us.
c. by legitimate interest. We collect information about visitors to our website which we use to prevent cyber attacks on our services and for this we collect and share details of suspected attackers.
The state of any processing we do with your data and consent you have given and contracts you are bound to are available at any time by entering your details on our form here.
Please contact us for anything related to data protection or the GDPR or if you wish to raise a complaint on how we have handled your personal data. Also if you are not satisfied with our response or believe we are processing your personal data not in accordance with the law you can complain to the Information Commissioner's Office https://ico.org.uk/
All our services are hosted solely on cloud platforms provided by our trusted suppliers. All web hosting services we provide are based in Europe with a cloud service provider who is compliant with ISO/IEC 27001:2013. Other servers reside in the UK, European Union, Canada and the USA. Canada is recognised by the EU as having privacy laws that are compatible with the GDPR and US companies that are Privacy Shield Certified are also recognised as having adequate legal protection. All USA companies we use are Privacy Shield certified, and all organisations in non-EU countries that we use are contracted to comply with GDPR legislation. All disks that hold customer or business information of any kind whether connected to servers or desktops are either in Enterprise-Grade secure facilities or encrypted at rest or both. Procedures are in place for ensuring the destruction of data on decommissioned equipment.
The only recipients of personal data for which we are the controller may be:
1) Postal services if we use them to deliver physical mail. The postal services use the recipient address information displayed on the packaging in order to deliver the package.
2) Any email service providers who form the pathway from our email servers to the recipients email address. Email delivery depends on the recipient email address contained in the message headers.
3) Our purpose is to publish contact information regarding events. This information is made publicly available. This information is controlled by the owner of the account who supplies this information to us.
Simply email us your name, account holder email address and phone number and we will email the account holder with details of how you can securely access the information we hold on you. You can excercise your right to redact using the details we send you with your subject access request.
If we provide you with a service we are required under UK tax law to keep your basic personal data (name, address, contact details) for a minimum of 6 years after which time it will be destroyed.
Your information we use for marketing purposes will be kept until you tell us that you no longer wish to receive marketing information.