Bell Events Data Privacy Policy
Effective 25 May 2018
At Bell Events we are committed to protecting and using personal data responsibly, ethically and lawfully. For this reason, we collect and use personal data only as it might be needed for us to deliver to you our professional service.
Our Privacy Policy is intended to describe how and what data we collect, and how and why we use your personal data. It also indicates options we provide for you to access, update or otherwise take control of your personal data that we process.
We aim to write our policy documents and agreements in simple, plain English for maximum openness and clarity.
We collect, store and process the personal data of our clients in a fair and ethical manner.
We ensure all of our staff, partner companies, associates and suppliers are made aware of GDPR legislation and take all possible precautions to protect client’s data.
If at any time you have questions about our practices or any of your rights, we will be happy to help.
Please contact us by email at info@bell-events.co.uk or call 01260 274 608
We collect information so that we can provide the best possible experience when you utilise our services. Much of what you likely consider personal data is collected from you via several channels including:
* Requesting of our service whether in writing or verbally
* Providing a business card with personal details with a request to contact you and consent to receive information.
* Completing contact forms, requesting to enter our competitions, requesting to attend an event or requesting other information from us.
* Participating in events or participating in activities we promote and/or organise that might require information about you.
However, we may also collect additional information when delivering our services to you to ensure necessary and optimal performance. These methods of collection may not be obvious, so we have highlighted below more about what these might be (as they vary from time to time) and how they work.
Some data is automatically collected when you use and interact with our mailings. This information includes specific data about your interactions with the content and links (including those of third-parties, such as social media channels) contained within the mailing, and the date and time of the interaction. Some of the data collected may be capable of indicating your location.
If you believe that anyone has wrongly provided us with your personal information and you would like to request that it be removed from our database, please contact us at info@bell-events.co.uk
If we collect information from you in connection with a co-branded promotion, service or event, it will be made clear at the point of collection who will have access to the information and whose privacy policy (or policies) applies.
At all times, data we collect is used solely to provide products and services that may be professionally relevant and of legitimate interest to you.
Purpose Specification, Retention and Restriction of Records
We collect and process personal information for the specific purpose of rendering our advertised services. This may include retaining a minimum amount of personal information that enables us to interact with clients in the future.
We retain personal information only for as long as it is reasonably required to do so for the purpose for which it was obtained, or as prescribed by law.
We restrict access to personal information if:
* Its accuracy is contested by the person to whom it relates, until the accuracy issue can be resolved.
* The purpose for retaining such information has expired, but we are required to retain the records for purposes of proof.
* The processing of the information was unlawful, but the person to whom it relates has requested us to restrict access instead of destroying it.
Processing Limitation
We collect and process personal information:
* Only for a legitimate purpose
* Only to the extent that such information is relevant, adequate and not excessive in relation to our services
* Only when, and for as long as, we have the proper consent and authorisation to do so
* Directly from the individual to which it relates, unless they have authorised an intermediary to share such information with us
We always use people’s data in ways they would reasonably expect and which have a minimal privacy impact, or where there is a compelling justification for the processing.
We strongly believe in both minimising the data we collect and limiting its use and purpose to only that (i) for which we have been given permission, (ii) as necessary to deliver the services you requested, purchased or interacted with, or (iii) as we might be required or permitted for legal compliance or other lawful purposes. These uses include:
* Delivering, improving, updating and enhancing the services we provide to you.
* Understanding and analysing how you use our services and what products and services are most relevant to you.
We process data under two conditions: (i) consent and (ii) legitimate interest.
Sharing Data with Trusted Third Parties / External Suppliers in the Events Industry
We may share your personal data with affiliated companies within our partnerships, with third parties with whom we have partnered to allow you to utilise their services within your own services, and with trusted third party service providers as necessary for them to perform services on our behalf, such as: processing payments, developing proposals, communicating with you by way of email or service delivery, client relationship and services management.
We only share your personal data as necessary for any third party to provide the services as requested or as needed on our behalf. These third parties (and any subcontractors) are subject to strict data processing terms and conditions and are prohibited from utilising, sharing or retaining your personal data for any purpose, other than as they have been specifically contracted for (or without your consent).
When we work with third party operators, such as venues, our partner destination management companies, sub-contractors, etc we ensure that personal information in our possession is provided to them only with our knowledge and subject to legally binding agreements requiring them to keep such information confidential and secure.
Data Breach
In the event of a data breach, we will inform the relevant authorities and the person to which the compromised information relates as soon as reasonably possible after the discovery of the compromise, taking into account the legitimate needs of law enforcement or any measures reasonably necessary to determine the scope of the compromise and to restore the integrity of our information system.
Information Quality
We are reliant on the individuals to whom personal information processed by us relates, to guarantee the accuracy of the information that they provide to us, as this is impossible for us to verify independently in most cases. However, we do take active steps to verify such information with such individuals if we encounter a patent error or suspected inaccuracy.
Transfer of Personal Data Outside of the UK / EU If you utilise our services, your communications with us may result in transferring your personal data across international borders. Also, when you contact us we may provide you with support from one of our global providers outside your country of origin. In these cases, your personal data is handled according to this Privacy Policy.
Communicating with You
We may contact you directly or through a third party service provider regarding products or services you have commissioned through us, such as necessary to deliver transactional or service related communications. We may also contact you with offers for additional services and events we think you’ll find valuable if you give us consent, or where allowed based upon legitimate interests. These contacts may include email and telephone calls.
Email Marketing Specific offers, invitations or interest-based promotions may be presented to you based on your activities and products in which you have expressed an interest. These email campaigns are always targeted, purposeful and never random. Any marketing mailing sent is specifically compared against a master unsubscribe list to ensure that none of our mailings ever reach an email address which has previously been unsubscribed.
Unsubscribing from our mailing lists is made very easy by a single click on any mail-shot from us and instant confirmation of removal is given.
Our emails are sent under the following conditions – direct consent and/or legitimate interest in accordance with regulation 22 of The Privacy and Electronic Communications (EC Directive) Regulations 2003.
Email Marketing
We only send marketing mails to:
a) Our own database of businesses with legitimate interest.
b) Individuals who have specifically requested to be included on our mailing lists.
c) Organisations & businesses who’s contact details can be found in the public domain on the internet
We do not sell mailing lists and we will never do so.
We are an ethical company who are always pleased to receive comments and feedback and improve our processes, standards and customer service wherever possible. Please do not hesitate to email us if you are unhappy with our email marketing and/or would like to raise an issue with us. You can be assured that your email will receive personal attention and you will receive a personal reply from a member of our team.
Third-Party Websites
Our website and our emails may contain links to third-party websites. We are not responsible for the privacy practices or the content of third-party sites. Please read the privacy policy of any website you visit.
Scope of GDPR Compliance GDPR compliance is required for all organisations operating from within the EU, and for all organisations involved in processing personal data of EU citizens. The latter is the GDPR’s principle of “extraterritoriality”; meaning, the GDPR will apply to any organisation processing personal data of EU citizens - regardless of where it is established, and regardless of where its processing activities take place.
On-going we re-affirm with all of our service providers both nationally and internationally the requirement for them to comply to GDPR. Whilst our supplier companies outside the EU are not bound by GDPR, they do adhere to the data protection regulations effective in their own countries. However, because many of these organisations will be processing the personal data of EU-based individuals, they will also be required to comply with the GDPR.
Therefore many of our international providers have elected to voluntarily comply with the provisions of GDPR. In doing so, both Bell Events and our external providers are committed to the core principles of accountability, processing limitation, purpose specification, restriction of records, openness and security.
Should you wish to examine the data policy of any of our external service providers, please contact us with your specific request.
Compliance with Legal, Regulatory and Law Enforcement Requests.
We cooperate with government and law enforcement officials and private parties to enforce and comply with the law. We will disclose any information about you to government or law enforcement officials or private parties as we, in our sole discretion, believe necessary or appropriate to respond to claims and legal process, to protect our property and rights or the property and rights of a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal or unethical.
To the extent we are legally permitted to do so, we will take reasonable steps to notify you in the event if we are required to provide your personal information to third parties as part of legal process.
We endeavour to secure the integrity and confidentiality of personal information in our
possession or under our control by taking all reasonable, appropriate, technical and organisational measures by having due regard to generally accepted information security practices and procedures. In practice we do this by restricting access to our physical records to trusted individuals, such as our employees, and by voluntarily implementing, to the best of our ability, security in all areas.
We follow generally accepted processes to store and protect the personal data we collect, both during transmission and once received and stored, including utilisation of encryption where appropriate. All our machines and devices utilise password protection.
Email Advertising Database
Our client mailing database is held with MailChimp. MailChimp is certified to the E.U - U.S Privacy Shield Framework and the Swiss - U.S Privacy Shield Framework which ensures its operations are all GDPR compliant.
All emails will always include the option for recipients to update their personal information held and also the option to exercise their right to unsubscribe at any time.
Anyone wishing to opt out of receiving email advertising, newsletters, destination updates, etc may do so at any time by using the links provided on every email.
We retain personal data only for as long as necessary to provide the services you have requested and thereafter for a variety of legitimate legal or business purposes. These might include retention periods:
* Mandated by law, contract or similar obligations applicable to our business operations;
* For preserving, resolving, defending or enforcing our legal/contractual rights; or
* Needed to maintain adequate and accurate business and financial records.
If requested, we will provide confirmation to any person, free of charge, whether or not we hold personal information relating to them. We will also, on request, provide copies or a description of the actual records held by us.
Any person whose personal information we hold may request that we:
* Correct or delete any such information that is inaccurate, irrelevant, excessive, out of date, incomplete, misleading or obtained unlawfully.
* Destroy or delete any such information that the we are no longer authorised to retain.
If you have any questions about the security or retention of your personal data, you can contact us at info@bell-events.co.uk
Changes in our Privacy Policy
We reserve the right to modify this Privacy Policy at any time. If we make material changes to this Privacy Policy, we will notify you by email, or by means of a notice on our website home page, at least thirty (30) days prior to the implementation of the changes.
Complete GDPR information can be accessed at https://ico.org.uk