Event Branding UK – Data Protection Policy (Updated 1st August 2023)
Introduction
This Data Protection Policy outlines how Event Branding UK manages the personal data we hold in accordance with the United Kingdom General Data Protection Regulation (UK GDPR). This policy applies to all data that the company holds relating to identifiable individuals, in particular in relation to customer email data and other personal customer data.
Data Protection Principles
In accordance with UK GDPR, Event Branding UK will ensure that personal data will:
i. Be processed lawfully, fairly, and transparently.
ii. Be collected for specified, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
iii. Be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
iv. Be accurate and, where necessary, kept up to date.
v. Be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
vi. Be processed in a manner that ensures appropriate security of the personal data.
Lawful Basis for Processing
We only collect and use personal data when we have a lawful basis for doing so. Lawful bases include consent, contract, legal obligation, vital interests, public task, and legitimate interests.
Consent
In situations where we are not relying on another lawful basis, we will obtain explicit consent before collecting and using personal data. Data subjects have the right to withdraw their consent at any time.
Data Minimisation
We will only collect minimal data required for the intended purpose. This applies specifically to customer email data and other related personal customer data.
Accuracy
We will ensure the accuracy of any personal data held. Where necessary, we will take steps to rectify or delete any inaccurate data.
Data Storage and Security
Event Branding UK employs high standard security measures to ensure that personal data is protected against unauthorised access, alteration, disclosure, or destruction. We also have protocols in place to manage any suspected data breach.
Data Retention and Disposal
Personal data will not be kept longer than necessary for its given purpose. Once data is no longer required, it will be securely deleted in accordance with specific data disposal protocols.
Data Subject Rights
Under the UK GDPR, individuals have the right to access, rectify, erase, limit processing of, or port their personal data. Any requests from data subjects to exercise their rights will be handled promptly within one month of receipt.
Data Protection Officer
We have appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and its implementation to ensure compliance with GDPR requirements.
Changes to This Policy
Event Branding UK reserves the right to modify this Data Protection Policy at any time. Any changes we may make will be posted on this page, and where appropriate, notified to you by email. This policy is effective and updated from August 1, 2023.