Privacy Policy

1. Overview

Outsourced Events Limited is committed to protecting and respecting your privacy. This policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure. We will always ensure that collection and use of personal data is carried out in accordance with applicable data protection laws. The main laws governing data protection are the General Data Protection Regulation known as the “GDPR”, as it is now adopted in the UK following Brexit, and the Data Protection Act 2018. We comply with current requirements to notify our data processing activities to the Information Commissioner’s Office and are registered under number Z9329102.

We are the controller of all personal data used in our business for our own commercial purposes. Sometimes though, we will process personal data on behalf of another data controller, such as where we arrange events for a client – and when this is the case, we will do so only in accordance with the instructions of that data controller and otherwise in accordance with the GDPR. If we are processing on behalf of another data controller, that data controller will provide relevant information to you about how your data is being shared.

We may change this policy from time to time and we will notify you of any significant changes, but please check this page whenever you wish, and ensure you agree with the privacy policy current at that time.

2. When do we collect your personal data?

When you visit our website
When you engage with us on social media
When you contact us by any means with enquiries, proposals etc.
When you sign up to our mailing list
When we, or our representatives, collect your details at an event or via a referral
If we verify your identification using any public registers

3. What type of personal data do we collect?

Personal data, or personal information, is anything that could identify a living individual. The personal information we collect might include your name, address, job title, email address, phone number, IP address and information regarding what pages are accessed and when. If you attend our events we may also collect data relating to any special requirements you may have.

It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us. You should also bring this Privacy Policy to the attention of anyone else whose data you supply to us.

“Special category data” means personal data relating to racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetics, health, sex life or sexual orientation, and biometric data used for the purpose of identifying someone. We may process special category data where you advise us of access needs or dietary requirements.

4. The legal basis of our data processing

The law on data protection sets out several different reasons for which a company may collect and process your personal data, including:

Contractual Obligations: in some circumstances we need your personal data to comply with our contractual obligations.

Legitimate Interests: in specific situations we require your data to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights.

Consent: we can collect and process your data with your consent, and we will make sure any consent:

is specific to one or more purposes; and

is given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of your agreement to the relevant use of your data.

For example, you evidence consent when you tick a box and opt in to receiving email newsletters.

Legal Compliance: we will need to collect your data if the law requires us to.

We will only collect personal data to the extent that it is required for the specific purpose notified to individuals about whom we are collecting it and/or as instructed by any data controller on whose behalf we are acting - and we will keep it only as long as is necessary.

5. How and why do we use your personal data?

We may use your information to:

Processing Activity	Types of Personal Data	Basis for Processing
To provide you with information, products or services that you request from us	Name, contact details	Legitimate interest of providing good customer service; contractual obligation
To carry out our obligations arising from any contracts we enter into with you	Contact details, payment information	Contractual obligation
To ensure that content from our website is presented in the most effective manner for you and for your device	Online identifiers, location data and other technical information	Legitimate interest of delivering useful content
To provide you with information, products or services that we feel may interest you (where you have consented to be contacted for such purposes to the extent consent is required by law)	Contact details and any information relating to personalisation preferences	Legitimate interest of promoting business services; consent where applicable
To retain basic transaction details for the purpose of tax reporting	Contact details and transaction history
To use non-essential cookies on our website (see Cookie Policy for further information)	Online identifiers, location data and other technical information	Consent
To ensure health and safety and to provide appropriate adjustments you might require to access our premises or other locations we arrange	Information about your physical health or disability status	Legal obligations relating to health and safety; consent

Specific sensitive personal data we process and why we are allowed to do this:

Where you have given explicit consent and/or manifestly made the information public:

· We will process information about an individual’s physical or mental health, or disability status, to ensure health and safety and to provide appropriate adjustments the individual might require to access our events.

· We will use information about an individual’s medical needs or religious beliefs to ensure appropriate catering is available at our events.

Where we need to collect personal data by law, or under the terms of a contract we have with you, and you fail to provide that data when requested, we may not be able to perform the contract. In such circumstances we may have to cancel any services you have requested.

Please note that we may process your personal data without your knowledge or consent where required or permitted by law.

We do not envisage that any decisions will be taken about you using automated means.

6. How we protect your data

We take appropriate technical and organisational measures to protect your data. Access to your personal data is password-protected. We regularly monitor our systems for vulnerabilities and attacks and use appropriate cyber security measures. We have put in place internal procedures to deal with any suspected data security breach and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

Please note that-parties may use cookies on our website, or you may follow links from our website to sites operated by third parties. These third parties have their own privacy policies and we do not accept any responsibility or liability for such third-party processing or the security of these websites.

7. How long will we keep your personal data?

Whenever we collect or process your personal data, we will only keep it for as long as is necessary for the purpose for which it was collected, considering the sensitivity of the data and risk of harm. When it is no longer needed for this purpose, your data will either be deleted completely or anonymised (or, where we are processing on behalf of another data controller, return their information to them).

8. Who do we share your personal data with?

We sometimes share your data with trusted third parties, for example IT companies who support our website and agencies who may perform marketing activity for us. When that happens, we provide only the information they need to perform their specific services and we work closely with them to ensure your privacy is respected and protected at all times. If we stop using them, any of your data they hold will either be deleted or rendered anonymous.

We may also disclose personal data we hold to third parties, for their own use, if we are under a duty to share it in order to comply with any legal obligation, or in order to enforce or apply any contract with that individual, or to protect our rights, property, or safety of our employees, customers or others. This includes exchanging personal data with professional advisers and with organisations for the purposes of fraud protection and credit risk reduction.

9. Where your personal data may be processed

Our website is hosted on servers within the European Economic Area (EEA), as are most of the services we provide. Sometimes we need to share your personal data with third parties and suppliers outside the EEA, in countries such as the USA. If we do this, our contracts stipulate that your data receives the same protection as if it were being processed inside the EEA. If we use tools or third-party applications that are hosted outside of the EEA, we ensure they provide sufficient guarantees on the safeguarding of your personal data, before we engage with them.

10. Your personal data rights

You have the right to request:

Access to the personal data we hold about you, free of charge in most cases
The correction of your personal data when incorrect, out of date or incomplete
Deletion or restriction of your personal data, subject to certain circumstances in which we are permitted to retain data
That we transfer a digital copy of your data to a third-party, in certain circumstances only
That we stop any consent-based processing of your personal data after you withdraw that consent
Review any decision based solely on automatic processing of your data (i.e. where no human has yet reviewed the outcome and criteria for the decision)

You can contact us to request these rights at any time – see contact details of the bottom of this policy.

If we choose not to action your request, we will explain to you the reasons for our refusal.

Whenever you have given us your consent to use your personal data, you have the right to change your mind at any time and withdraw that consent.

In cases where we are processing your personal data based on our legitimate interest, you can ask us to stop for reasons connected to your individual situation. We must then do so unless we believe we have a legitimate overriding reason to continue processing your personal data.

We aim to respond to all legitimate requests within one month (and if we are only processing the data in question on behalf of another party, the response may actually come from that other party as the relevant data controller). Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. We may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive.

11. Direct marketing

You have the right to stop the use of your personal data for direct marketing activity through all channels, or selected channels. We must always comply with your request.

12. Checking your identity

To protect the confidentiality of your information, we will ask you to verify your identity before proceeding with any request you make under this Privacy Policy.

If you have authorised a third-party to submit a request on your behalf, we will ask them to prove they have your permission to act.

13. Contacting the Regulator

If you feel that your data has not been handled correctly, or that you are unhappy with our response to any requests you have made regarding your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office.

You can contact the ICO on +44 (0)303 123 1113 or go online at www.ico.org.uk/concerns.

If you are based outside the UK, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

14. Comments, questions and contact details

If you have any comments or questions, please contact our data team who will be pleased to help you. Email Outsourced Events or write to: Data Team, Outsourced Events Limited, One Lyric Square, London W6 0NB