Our clients are at the heart of what We do at Tomasz Drybala Ltd and when it comes to privacy the same applies. We appreciate and understand that your privacy is yours to be private and as such take the matter seriously and treat all personal information with respect and care.
We fully comply with the Data Protection Act 1998, the Privacy and Electronic Communications (EC Directive) Regulations 2003. This will include the processing of personal data as governed by the General Data Protection Regulation (GDPR).
1. INDEX OF TERMS FOR INTERPRETATION
In this policy the following terms are to have this meaning:
“Cookie” - means a small text file placed on your computer or device by Our Site when you visit certain parts of Our Site and/or when you use certain features of Our Site. Details of the Cookies used by Our Site are set out in section 13, below
“Cookie Law” - means the relevant parts of the Privacy and Electronic Communications (EC Directive) Regulations 2003;
“Personal data” - means any and all data that relates to an identifiable person who can be directly or indirectly identified from that data. In this case, it means personal data that you give to us via our Site. This definition shall, where applicable, incorporate the definitions provided in the EU Regulation 2016/679 – the General Data Protection Regulation (“GDPR”); and
“We/Us/Our” - refer to Tomasz Drybala Ltd, 160 Kemp House, City Road, London EC1V 2NX.
Registered company number: 11352974
2. WHAT THIS POLICY COVERS
3. WHY DO WE COLLECT DATA
We collect the personal information you share with us to:
4. WHAT DATA DO WE COLLECT
We collect information about you which is essential for us to deliver our services and those that help us to improve the website and services we provide. The majority of which are set out on the booking form and may include:
Personal: name, address, email, telephone numbers, dietary preferences, medical notes, emergency contact.
Payment: credit card and bank details are not retained and are processed by an online payment platform (such as Stripe or PayPal).
Feedback: post-event questionnaires and complaints.
Marketing: interaction with our website, social media pages, enquiries, previous events. This helps us create a picture of what is and isn’t functioning the way we would like on Our website.
Where you have provided additional information for someone else, for example, emergency contact or fellow guest, we will not contact those persons unless required.
5. HOW DO WE PROCESS THE DATA YOU PROVIDE
We comply with our GDPR obligations and store all personal information securely on the cloud and for the minimum period necessary in light of the reason(s) for which it was first collected. For more details on security see section 7, below
The basis of Our use of personal data will always be lawful, either because consent (subscribing to emails etc) has been provided or it’s strictly necessary for Our obligations to customers in fulfilling booking contracts or because it is in Our legitimate interests.
Data may be used for:
With your permission and/or where permitted by law, We may also use your data for marketing purposes which may include contacting you by email or post with information, news and offers on Our events and services. We will not, however, send you any unsolicited marketing or spam and will take all reasonable steps to ensure that We fully protect your rights and comply with Our obligations under the GDPR and the Privacy and Electronic Communications (EC Directive) Regulations 2003
You have the right to withdraw your consent to Us using your personal data at any time and to request that We delete it
We do not keep your personal data for any longer than is necessary in light of the reason(s) for which it was first collected
6. HOW DO WE STORE YOUR DATA
Data provided to us is transferred and securely stored on the cloud. It is possible from time to time this will be processed by staff outside of the EEA or by a partner in the country you have selected. This among other things is to fulfil your booking and support services associated.
Information will only be held for a period of time deemed reasonably necessary to fulfil and administer the contracted services unless required to extend this for legal or taxation reasons. The timeframe set is typically 5 years from the last communication after which all data shall be destroyed securely.
7. DO WE SHARE YOUR DATA
We will only share your personal information where:
We only work with trusted suppliers who have agreed to the terms of our Data Processor Agreement to treat your information as respectfully as we do and in accordance with the requirements of the Data Protection Act 1998.
8. WHAT HAPPENS IF WE SELL OUR BUSINESS
9. HOW CAN YOU CONTROL YOUR DATA
In addition to your rights under the GDPR, set out in section 4, when you submit personal data via Our Site, you may be given options to restrict Our use of your data. In particular, We aim to give you strong controls on Our use of your data for direct marketing purposes (including the ability to opt-out of receiving emails from Us which you may do by unsubscribing using the links provided in Our emails and at the point of providing your details).
You may also wish to sign up for one or more of the preference services operating in the UK: The Telephone Preference Service (“the TPS”), the Corporate Telephone Preference Service (“the CTPS”), and the Mailing Preference Service (“the MPS”). These may help to prevent you from receiving unsolicited marketing. Please note, however, that these services will not prevent you from receiving marketing communications that you have consented to receive.
10. YOUR RIGHTS AND ACCESS TO DATA
Under the GDPR, your rights include the below, this Policy is set out to comply with these rights.
13. HOW TO CONTACT US
If you have any questions about this policy, Our website or have a request for personal information please contact Us via email at firstname.lastname@example.org