This Privacy Notice explains how we at Onyx Events use the personal information which we collect about you when you deal with us.
What information do we collect about you?
We collect and hold personal information about you, including your name, email address(es) and telephone number(s) when:
- you or your firm makes an enquiry with us, or asks us to provide a quotation for event management services; and/or
- your firm becomes a Onyx Events client; and/or
- you are a delegate at one of the events that we have been appointed to arrange.
As well as collecting personal information from you directly, we may also obtain it from the firm which employs you, has invited you to the event or from publicly available data sources.
Please note that if you do give us certain personal information, or ask us to delete any of the personal information which we already hold, we may not be able to continue supplying you with some or all of our services.
How will we use the information about you?
We will only use the personal information we collect to provide the service(s) which we have been appointed to arrange or to quote for.
Will we share your information with anybody else?
We may share your personal data with other parties in order to provide service(s) to you, in particular providers of IT and system-administration services, subcontractors and our professional advisers. However, these parties are only permitted to use your personal data for the purposes we specify. We also require them to respect the security of your personal data and to treat it in accordance with the law.
On what legal bases do we process your information?
In the vast majority of cases, the processing we undertake is necessary to fulfil the contract your firm or the firm who has invited you has taken out with us, or a contract your firm (or they) are contemplating taking out with us.
In some instances, the processing will be necessary for us to pursue a legitimate interest, in particular where we wish to provide you with information that may interest you, or to give you details of other services which may be of benefit to you.
In a small number of instances, it will be necessary for us to obtain your prior consent before we process your data for a specific purpose.
Special Category (Sensitive Data)
We may need to collect the following sensitive data about event delegates in order to deliver our services and to ensure their/your safety or to arrange any adjustments on their/your behalf.
Health data including the following:
Details of any relevant health conditions which may affect your safety at any of the events you attend.
We require your explicit consent for processing sensitive data and we will request your signature for this consent at the time that you provide us with any such information.
If you do not wish to receive information or details of our other services, you can ask us to remove your name from the appropriate mailing list by using the ‘How to contact us’ details below, or by using the ‘unsubscribe’ feature in our email communications.
We do not use any automated decision-making processes when providing any of our services.
Transferring your data outside Europe
As part of our service provision, some of the data which you give to us may be transferred to countries outside the European Economic Area (EEA).
Whenever we transfer your personal data to countries outside the EEA, we will ensure that at least one of the following safeguards is implemented:
- We will only transfer your personal data to countries which have been deemed by the European Commission to provide an adequate level of protection for personal data; or
- Where we use certain service providers, we may use specific codes of conduct, contracts or certification mechanisms approved by the European Commission which give personal data the same protection it has in Europe; or
- Where we use providers based in the United States of America (US), we may transfer data to them if they are part of the EU-US Privacy Shield, which requires them to provide similar protection to personal data shared between the European Union (EU) and US.
Please contact us using the ‘How to contact us’ details below if you would like further information on the specific safeguard we use when transferring your personal data outside the EEA.
Your legal rights
You may have certain rights under data protection law in relation to your personal data under certain circumstances. These are the right to:
- Request access to the personal data we hold
- Request correction of the personal data we hold
- Request deletion of the personal data we hold
- Object to processing of the personal data we hold
- Request restriction of processing the personal data we hold
- Request transfer of the personal data we hold to another organisation
- Right to withdraw consent (where we rely on consent for processing)
Should you wish to exercise any of these rights, please contact us as shown below in the ‘How to contact us’ section of this document. We will endeavour to respond to requests within one month but if you have a particularly complex request, or make a number of requests, it may take us longer. If this is the case, we will let you know how long we think it will take and keep you updated.
We do not make a charge for responding to any request which results from you exercising your legal rights.
We will only keep your personal data for as long as it is necessary to fulfil the purpose(s) for which we collected it or because we have a legal obligation to do so . Our retention periods are determined by the nature and sensitivity of the personal data held, the potential for harm caused by its unauthorised use or disclosure and whether it is possible for us to achieve our objectives in another way.
Unless we tell you other otherwise, we will keep records of your personal data for no more than:
- Six years from the date that your contract with us comes to an end (applicable to clients who instruct us).
- One year from the date we provide you with a quotation for consultancy services which you do not take up.
If you would like to see a copy of our data retention policy please contact us as shown below in the ‘How to contact us’ section of this document.
Changes to Privacy Notices
We keep our Privacy Notices under regular review and we will always place any updated versions on our website. This Privacy Notice was last updated on 24 May 2018.
You have a right to lodge a complaint about the way we handle, or have handled, your personal information with the Information Commissioner’s Office (ICO), the UK’s data protection supervisory authority. The ICO can be contacted in a number of ways:
- By telephone on 0303 123 1113 (local rate) or 01625 545 745 if you prefer to use a national rate number
- By live chat https://ico.org.uk/global/contact-us/live-chat
- By email firstname.lastname@example.org
- By post to Wycliffe House, Water Lane, Wilmslow SK9 5AF
How to contact us
Please contact us if you have any questions about our Privacy Notice, the information we hold about you or any other data protection issue:
- By email: Hello@onyxevents.co.uk
- Or write to The HR Director,
Onyx Events, Unit 4a, Dell Buildings, Milford Road, Lymington, Hampshire SO41 0ED.