DATA PROTECTION & PRIVACY POLICY

DH Event Services Ltd takes data protection seriously and it is important to us that you know that your personal information and privacy are well protected. Personal Information is information that identifies you as an individual, such as your name, surname, date of birth, email address and residential address.

We ask that you read this Data Protection and Privacy Policy carefully as it contains important information about i) how and why we collect, store, use and share your Personal Information, ii) your rights in relation to your Personal Information and iii) how to contact us and supervisory authorities in the event you have a complaint relating to your Personal Information. When we collect, store, use and share your Personal Information we are regulated under the General Data Protection Regulation (GDPR) and The Data Protection Act 2018 and we are responsible as ‘controller’ of that personal information for the purposes of those laws.

How do we collect Personal Information from you?

We collect and use your Personal Information in accordance with this Policy.

Personal Information which you give to us:

The majority of the Personal Information which we collect and use is provided by you, when you give us information by filling in forms on our website, asking us for a quote or when you purchase services from us. The provision of this Personal Information is required from you to enable us to fulfil our obligations to you. We may also collect personal information from you about someone else, for example your emergency contact and/or your next of kin. If you provide us with personal information about someone else, you must ensure that you are authorised to disclose that information and that, we may collect, use and disclose such information for the purposes described in this Policy.

Personal Information which we collect about you

How we use personal data about you?

We collect, process and store personal data about you so that we can:

• identify you and manage any accounts you hold with us.

• carry out any contractual obligations between you and us; and

• improve our services.

We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training and compliance.

What Personal Information do we collect?

Personal Information we collect about you can include the following: your name, email address, your home/business address, your billing address, your telephone number, your occupational data, the data of your next of kin/emergency contact, financial information, such as direct debit mandates and credit/debit card information.

How do we use your Information?

We use your Information for some or all of the following:

• communicate with you as part of our business.

• identify you and manage any accounts you hold with us.

• carry out our contractual obligations.

• send you important information regarding changes to our services, policies and other administrative information;

• conduct research,

• manage our infrastructure and business operations, and comply with internal policies and procedures, including those relating to auditing; finance and accounting; billing and collections; IT systems; data and website hosting; business continuity; and records, document and print management;

• resolve complaints and handle requests for data access or correction;

• comply with applicable laws and regulatory obligations (including laws outside your country of residence), such as those relating to anti-money laundering and anti-terrorism; comply with legal process; and respond to requests from public and governmental authorities (including those outside your country of residence); and

• provide improved quality, training and security and manage other commercial risks.

We may monitor and record communications with you (such as telephone conversations and emails) for the purpose of quality assurance, training and compliance.

Who do we share your Information with?

We may share your Information with:

• our external service providers (and their subcontractors) that assist us in carrying out business activities. We only share your information with external service providers who have provided us with appropriate assurances that they will keep your Information safe and protect your privacy; and

• we may also need to share your Information with fraud prevention agencies and law enforcement or other authorities if required by applicable law.

How long will we keep your Information for?

Whenever we collect your Personal Information, we will only keep it for as long as is necessary for the purpose for which it was collected and we will retain in accordance with any applicable laws and regulations regarding data retention. At the end of that retention period, your Personal Information will either be deleted completely or anonymised.

What lawful basis do we rely on to process your Personal Information?

Contract

In most instances, we rely on contract as the lawful basis on which we collect and use your Personal Information. This is because we need to:

• fulfil our contractual obligations to you; or

• because you have asked us to do something before entering into a contract (e.g. provide a quote).

Legal compliance

We may be required to process your Personal Information to comply with our legal and regulatory obligations. For example, preventing, investigating and detecting crime, fraud or anti-social behavior.

Legitimate interests

In specific situations, we may require your Personal Information to pursue our legitimate interests in a way which might reasonably be expected as part of running our business and which does not materially impact your rights, freedom or interests. For example, ensuring the security and integrity of our services, selling and supplying services to our customers, improving existing services, developing new services and fulfilling our duties to our customers.

Your rights

Under the General Data Protection Regulation you have a number of important rights. In summary, those include rights to:

• fair processing of information and transparency over how we use your use personal information;

• access to your personal information and to certain other supplementary information that this Privacy Policy is already designed to address;

• require us to correct any mistakes in your information which we hold

• require the erasure of personal information concerning you in certain situations;

• receive the personal information concerning you which you have provided to us, in a structured, commonly used and machine-readable format and have the right to transmit those data to a third party in certain situations;

• object at any time to processing of personal information concerning you for direct marketing;

• object to decisions being taken by automated means which produce legal effects concerning you or similarly significantly affect you;

• object in certain other situations to our continued processing of your personal information;

• otherwise restrict our processing of your personal information in certain circumstances.

For further information on each of those rights, including the circumstances in which they apply, see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals rights under the General Data Protection Regulation. If you would like to exercise any of those rights, please email us at office@dhevents.co.uk.

Security of your Personal Information

We have appropriate security measures in place to prevent your Personal Information from being accidentally lost, used or accessed in an unauthorised way. Our security measures include:

• limiting access to your Personal Information to those who have a genuine business need to know it;

• those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality;

• limiting access to our business premises;

• having access controls to our IT environment;

• regularly monitoring our systems for vulnerabilities;

• using computer safeguards such as firewalls and data encryption;

We also have procedures in place to deal with any suspected data security breach. If we discover that there has been a breach of personal data that poses a risk to the rights and freedoms of individuals, we will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.  If the breach is likely to result in a high risk to an individuals rights and freedoms, we will tell affected individuals that there has been a breach and provide them with more information about its likely consequences and the mitigation measures taken.

How to complain

We hope that we can resolve any query or concern you raise about our use of your Personal Information. If you wish to contact us, please send an email to office@dhevents.co.uk. The General Data Protection Regulation also gives you the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns/ or telephone: 0303 123 1113.

Changes to this Policy

We may amend or update this Policy from time to time. If we believe that the changes are material, we will provide you with additional notice (such as by sending you an email notification). We encourage you to regularly review our Privacy Policy which will always be published on our website. This will keep you informed about our information practices and the ways you can help protect your privacy.

Contact us

We welcome any questions you have about this Policy or the information we hold about you. You can email us at office@dhevents.co.uk