Privacy Policy
Introduction
Welcome to White Event Production Ltd.’s Privacy Policy.
Here at White Event Production Ltd, (“White Event Production”, “we”, “our”, “us”) we respect your privacy and are committed to protecting your personal data to keep it safe and secure, complying with both UK and EU data protection regulations.
Our privacy policy will tell you how we look after your personal data. It sets out the basis on which any personal data we collect from you, or that you provide to us, will be processed by us together with your rights. Our privacy policy applies to all personal data collected via verbal, electronic, paper or other methods.
Who we are
White Event Production Ltd., (“White Event Production”, “we”, “our” or “us”) is the data controller responsible for collecting the personal data required in the running of the operations of our business.
You can get in touch with us in any of the ways outlined below in the ‘Contact Us’ section.
How we operate
We operate our business in line with the EU General Data Protection Regulations (GDPR) guidelines. We’re committed to protecting and safeguarding your personal data whilst maintaining your personal rights and allowing all data subjects to change or withdraw their opt-in options at any time. We will also advise you on how to complain to the relevant authorities, namely the Information Commissioner’s Office, if you feel that we have not dealt with your request in the correct manner.
Who this Privacy Policy applies to
This Privacy Policy relates to White Event Production Ltd. and all trading names and associated companies of White Event Production Ltd.
Processing of your data is required in order to offer you the services that we provide. This privacy policy applies to individuals who interact with us either as a Client, Customer, Prospective Client and Customer, Supplier, Prospective Supplier, Sole Trader Sub-contractor, Employee, Visitor, Job Applicant, Apprentice, Experience worker, website visitor or in any other capacity.
Information we may collect about you
Personal data, or personal information, means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We have grouped together the different types of data and summarised these below:
- Identity Data – This includes your first name, middle name(s), surname, date of birth, NI number, driving licence and/or passport information.
- Contact Data – This is the data we use to contact you; billing address, delivery address, email address, telephone number, fax number, mobile number, social media username, title
- Financial Data – This is the data that we use to process your payments to/from you; bank account details, credit or debit card details
- Transaction Data – These are the details about transactions you have made with us for products and services, including quotations and proposals, meetings and the details of your communications and interactions with us (face-to-face, phone, voicemail, text, email or other), payments to and from you.
- Technical Data – This is information about the device(s) you use to access our websites; this includes your IP address, browser type, browser version, location, operating system and platform and other technology on the device(s) that you use to access this website; which may in some cases be personal data.
- Profile Data – This is information for your user profile; username, password and any other log-in data required for accounts/access security, your interests, preferences, feedback and survey responses.
- Usage Data – This is information about how you use our websites, products and services; this includes your browsing patterns and information such as how long you might spend on one of our webpages and what you look at and search for on our websites, page response times and page interaction information such as scrolling, clicks, mouseovers, downloads and uploads.
- Marketing Data – This is information we store about your preferences in receiving marketing from us.
How we collect your personal data
We use different methods to collect data from and about you including through:
- Direct interactions – You may give us Identity Data, Contact Data, Transaction Data, Profile Data, Financial Data and Marketing Data by using our websites, filling in forms, corresponding with us by post, phone, email or otherwise. This includes personal data you provide when you:
- Request a quotation or information on our products and services
- Place an order with us for our products and services
- Submit a request through our websites
- Create or amend account details on our websites
- Request marketing information to be sent to you
- Provide us with feedback
Provide a quotation to us - Provide products or services to us
- Via a third-party (for example when requesting employment or trade references)
- Automated technologies or interactions – As you interact with our websites, we may automatically collect Usage Data and Technical Data about your device(s), browsing actions and patterns. This data is collected via third-parties and the use of cookies, server logs and similar technologies, (please see ‘Cookies Page’ for further information).
How and why we use your personal data
We will only use your personal data when legally permitted. The most common uses of your personal data are:
- Where we need to process the information to carry out an agreement we have with you.
- Where it is necessary for our legitimate interests (or those of a third-party) and your interests, and fundamental rights do not override those interests.
- Where we need to process the information to comply with a legal or regulatory obligation.
The reasons we use your information include:
- Delivering our products and services,
- Carrying out your instructions (e.g. to provide you with a quotation),
- Managing our relationship with you, getting to know you better, and including (unless you tell us otherwise) telling you about products and services we think may be relevant to you,
- To verify your identity,
- Understanding how you use our services,
- Providing online customer experience requests,
- Understanding your customer experience with us,
- Providing IT, systems and websites operations support,
- Providing security and business continuity,
- Undertaking risk management,
- Undertaking product and service improvements,
- Undertaking data analytics to better understand your circumstances and preferences so that we can make sure we can provide the best possible experience for our customers,
- Managing our business and developing new business,
- Research, reporting & strategic planning,
- Protecting and undertaking our legitimate interests,
- Protecting our legal rights and complying with our legal obligations,
- Corresponding with professional advisers including lawyers, solicitors, bankers, auditors and insurers,
- Undertaking system development and planning, audit and administrative purposes,
- Recruitment and employment purposes,
- Employee training and development.
Tracking or recording what you say or do
To help us ensure that we provide you with what we’ve agreed to provide you, together with delivering you the best possible experience, we may record details of your interactions with us. We may record and keep track of conversations with us including phone calls, voicemails, face-to-face meetings, letters, emails, live chats, video chats and any other kinds of communication. We may use these recordings to check your instructions to us, assess, analyse and improve our service, train our employees, manage risk or to prevent and detect fraud or any other crimes. We may also capture additional information about these interactions (e.g. telephone numbers that we are called from, IP addresses and information about devices or software that are used) together with any information that you share with us during these communications. We use CCTV in and around our premises and these may collect photos, videos or voice recordings of you.
Compliance with laws and regulatory compliance obligations
We’ll use your information to meet our compliance obligations, to comply with laws and regulations that White Event Production are subject to and to share with regulators and the authorities. This may include using information to help detect or prevent crime (including CCTV). We’ll only do this on the basis that it’s needed to comply with a legal obligation or it’s in our legitimate interests and that of others.
Marketing and market research
We send you marketing communications through a number of different channels and via our marketing partners. You may receive direct marketing by email if you have placed an order with us previously and have either consented to receive such email marketing by signing up to our newsletter on our website, and/or have not asked us to stop sending direct marketing by email to you.
We only want you to receive marketing communications from us if you genuinely want to receive them and as such are making it really easy for you to update your marketing preferences; simply get in touch via one of the ways to ‘Contact Us’ (see below) and let us know.
- How to stop receiving our newsletters
You can opt-out from receiving our newsletters from us at any time. To do this either click the ‘Unsubscribe’ link within the email or simply get in touch to confirm that you no longer wish to receive our periodic newsletters via email.
- How to opt-out of direct marketing
You can opt-out from receiving direct marketing communications from us at any time. To do this simply get in touch to confirm that you wish to opt-out of all direct marketing communications.
To stop all direct marketing (including both newsletters via email and marketing communications/notifications) you must opt-out of both.
You can also opt out from cookies and other technology being used for marketing purposes. Please see our ‘Cookies Policy’ page for information on how to do this.
Data anonymization and aggregation
Your personal data may be converted into statistical or aggregated data which can’t be used to identify you, then used to produce statistical research and reports. This aggregated data may be shared and used in all the ways described in this privacy policy.
Legal bases for processing your data
Set out below is a description of the ways we use your personal data and the legal grounds on which we will process such data. We have also explained what our legitimate interests are where relevant.
We may process your personal data for more than one lawful reason, depending on the specific purpose for which we are using your data. Please email us, (see ‘Contact Us’ below), if you need details about the specific legal reason we are relying on to process your personal data, where more than one ground has been set out in the table below.
It is sometimes necessary for us to process your personal data in order to enter into a contract with you, or to satisfy a contractual requirement (referred to as ‘performance of a contract with you’ below), or to comply with a statutory requirement. In those circumstances, if you do not provide the personal data we require, we will be unable to provide our products and services to you.
Purpose / Activity
| Type of data
| Lawful basis for processing
|
To set you up as a new client, customer or prospective client or prospective customer on our systems. | (a) Identity data (b) Contact data (c) Financial data
| Performance of a contract with you. |
To set you up as a new prospective supplier, supplier, sole trader sub-contractor on our systems. | (a) Identity data (b) Contact data (c) Financial data
| Performance of a contract with you. |
To process and provide you with quotations and delivery of your order including; (a) Managing payments, fees and charges. (b) Collect and recover money owed to us. | (a) Identity data (b) Contact data (c) Financial data (d) Transaction data (e) Marketing data | (a) Performance of a contract with you.
(b) Necessary for our legitimate interests to recover debts owed to us. |
Communicating with you; including in response to any query, request or complaint you may have including by email, telephone or other.
| (a) Identity data (b) Contact data (c) Financial data (d) Transaction data (e) Technical data (f) Profile data (g) Usage data
| (a) Necessary for the performance of a contract with you.
(b) Necessary to comply with a legal obligation.
(c) Necessary for our legitimate interests (to keep our records updated and to ensure we deliver the best experience possible. |
To process requests for credit accounts; contacting trade references for references, validating provided information against third-party sources; sharing and obtaining information from credit reference agencies and fraud protection agencies | a) Identity data (b) Contact data (c) Financial data
| (a) Performance of a contract with you.
(b) Necessary for our legitimate interests in providing an appropriate credit limit and managing credit accounts. |
To manage and develop our relationship with you which will include: (a) Notifying you about changes to our terms or privacy policy. (b) Asking you to share your feedback with us or leave a review. | (a) Identity data (b) Contact data (c) Profile data (d) Marketing data | (a) Performance of a contract with you.
(b) Necessary to comply with a legal obligation.
(c) Necessary for our legitimate interests to keep our records updated and to understand how customers experience, and use our products and services. |
To administer and protect our business and our websites (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data). | (a) Identity data (b) Contact data (c) Technical data
| (a) Necessary for our legitimate interests for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or restructuring exercise.
(b) Necessary to comply with a legal obligation. |
To use data analytics to improve our websites, products/services, marketing, customer relationships and experiences. | (a) Technical data (b) Usage data | Necessary for our legitimate interests to group customers for our products and services to ensure that marketing is relevant and appropriate, to develop our business and to inform our marketing strategy. |
To make suggestions and recommendations to you about our products and services that may be of interest to you. | (a) Identity data (b) Contact data (c) Technical data (e) Usage data (f) Marketing data | Necessary for our legitimate interests to develop our products and services and grow our business. |
Visiting our premises for a meeting, appointment, course or training; including sign-in on reception and the use of CCTV in and around our premises. | (a) Identity data (b) Contact data (c) Transaction data
| Necessary for our legitimate interests to know who is on-site and ensure everyone’s safety in the event of an emergency. (We use CCTV in and around our premises for security purposes). |
Publicity; we may use your limited details and a quote or testimonial after having first obtained your consent to do so. | (a) Identity data (b) Contact data | We will only do this with your consent in writing. |
Direct Marketing; (a) newsletters about our company, updates and showcases of our work, products and services. (b) direct communications from us with a researched and targeted approach for products and services that we believe may be of interest to you. | (a) Identity data (b) Contact data (c) Marketing data | (a) We will only share our newsletters with you if you have given your consent to receive them. (b) Necessary for our legitimate interests to develop our products and services and grow our business. |
Fraud prevention.
| Identity data (b) Contact data (c) Financial data (d) Technical data (e) Profile data (f) Usage data | Necessary to comply with a legal obligation. |
Regulatory compliance. | (a) Identity data (b) Contact data (c) Financial data (d) Technical data (e) Profile data (f) Usage data (g) Marketing data | (a) Necessary to comply with a legal obligation.
(b) Necessary for our legitimate interests to ensure that transactions and interactions with us are not fraudulent. |
Processing Job Applicants; including considering employment history and qualifications. | (a) Identity data (b) Contact data (c) Profile data
| Necessary for our legitimate interests to select and appoint new employees within the business. |
Processing Successful Job Applicants; including contacting references, obtaining bank details, emergency next of kin contact details and more in-depth health information. | (a) Identity data (b) Contact data (c) Financial data (d) Profile data
| (a) Performance of a contract with you.
(b) Necessary to comply with a legal obligation.
(c) Necessary for our legitimate interests to keep our records updated and to manage and develop employees during their employment with us. |
Managing and communicating with employees | (a) Identity data (b) Contact data (c) Financial data (d) Transaction data (e) Technical data (f) Profile data (g) Usage data
| (a) Performance of a contract with you.
(b) Necessary to comply with a legal obligation.
(c) Necessary for our legitimate interests to keep our records updated and to manage and develop employees during their employment with us. |
Employee Training; including the use of copies of your communications with us in order to train our employees. | a) Identity data (b) Contact data (c) Financial data (d) Transaction data
| Necessary for our legitimate interests to ensure that we are able to provide a great service to you. |
How we share your data with third-parties
We will not sell, trade, transmit or otherwise pass on your personal information to a third-party, except where it is necessary to deliver our services. In such cases, we may share your personal information with business partners, suppliers and sub-contractors for the performance of any contract we enter into with (them or) you, including without limitation any data processor we engage.
We use selected partners to process information on our behalf, for example a credit reference agency for the purpose of setting up an account, or our marketing agency for the purpose of emailing our newsletters. This information is processed under agreements with White Event Production Ltd.
We sometimes share the data we collect from you with the following trusted third-parties:
- Banks and payment providers – to obtain payment of any amounts due to us, make payments to you and to set up standing orders or direct debits.
- Our IT Inventory system providers – in order to provide software to set up your account, to communicate with you, to quote and provide products and services to you, and to provide our systems to us, including for the purposes of hosting, support and software licensing.
- Our IT support team – in order to provide hardware and software, together with IT support to provide our systems to us, allow us to run our business and adequately safeguard our data and your personal information, including for the purposes of hosting, support and software licensing.
- Marketing service providers – to allow us to send periodic newsletters via email communications to you. We will only send you our newsletters if you have previously given your consent for us to do so; You can remove your consent for this at any time by contacting us, (see ‘Contact us’ below).
- Marketing agencies – for the purposes of providing you with relevant advertising or marketing on our website or on social media or to contact you directly via email with relevant products and/or services that we reasonably believe may be of interest to you.
- Social media platforms – for the purpose of targeted advertising.
- Digital analytics companies – for the purposes of website analytics and reporting in respect of our analytics and marketing.
- Public relations agencies – for the purposes of managing external communications about our company, products, services, recent events and activities via our newsletters, websites and social media platforms.
- Professional advisers including lawyers, solicitors, bankers, auditors and insurers – for the purposes of providing consultancy, banking, legal, insurance and accounting services.
- Delivery providers – for the purposes of packaging and delivering products to you.
- Payments Processors – for the purposes of accepting credit and debit card payments and processing these payments, authorisation checks and refunds.
- Pensions Providers and The Pensions Regulator – for the purposes of providing and administering employees and employer pension contributions.
- Police or other such regulatory authority – as part of an investigation or otherwise for legal or regulatory purposes.
- Dispute Resolution agencies – for the purposes of dealing with any complaints.
- Credit reference agencies – for the purpose of checking the details that you have provided us with are correct and to comply with our regulatory obligations.
- Security companies – for the purposes of security, including prevention and detection methods.
- Auditors – to audit our systems and transactions for the purposes of ensuring efficiency, or regulatory or contractual compliance.
- HM Revenue & Customs, regulators and other authorities based in the UK and other relevant jurisdictions who require reporting of processing activities in certain circumstances.
- UK law enforcement agencies and third-party security companies – for the purposes of ensuring that we comply with the law and have adequate security measures in place.
- If ever required, we will share your personal information to other companies in connection with potential or actual corporate restructuring, merger, acquisition, sale or takeover of our business, including any transfer or potential transfer of any of our rights or duties under our agreements we have in place with you.
- We will disclose your personal information to third-parties if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request. We do this in order to protect our rights, property or safety or of our clients, suppliers, employees, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.
Alternatively, you may also request for us to share your data with anyone else; we will only do so on receipt of your consent via written request/confirmation that you wish for us to do so.
How we protect your data
We have put appropriate measures in place to protect your personal data:
- We implement security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
- We limit access to your personal data to those employees, agents, contractors and other third-parties who have a business need to know such data.
- We review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- Encryption is used on all mobile devices and we use Mobile Device Management (MDM) software to ensure control of personal data across all mobile devices.
- Our website is entirely accessed using https rather than http, meaning that all information that is sent and received is encrypted for additional security. You can see this in the address bar of your browser.
- We use two-step verification methods for accessing data in selected processes.
- As described in this Privacy Policy, we may in some instances disclose your personal data to third-parties. Where we do, we require that third-party to have appropriate technical and organisational measures in place to protect your personal data; however in some instances we may be compelled by law to disclose your personal data to a third-party, and have limited control over how it is protected by that party.
Your personal data may be processed outside the European Economic Area (EEA) – including by staff operating outside the EEA who work for us or for one of our third-parties mentioned. That includes to digital marketing or social media agencies for the purposes of providing relevant marketing or advertising to you, market research or survey providers and email marketing services, for the purposes of processing any payments that you may make to us, calls and electronic communicating with you for the purposes of reporting and tracking web and mobile application performance.
Where your personal data is transferred outside of the EEA, we require that appropriate safeguards are in place.
- We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission. For further details, see European Commission: Adequacy of the protection of personal data in non-EU countries.
- Where we use providers based in the US, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the Europe and the US. For further details, see European Commission: EU-US Privacy Shield.
How long we retain information
We will only keep your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting requirements.
At the end of that retention period, your data will either be deleted or anonymised (so that it can no longer be associated with you) for research or statistical purposes.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
By law we have to keep basic information about our customers (including Contact, Identity, Financial and Transaction Data) for six years after ceasing to be a customer, for tax purposes. In some circumstances you can ask us to delete your data: see ‘Your rights’ below for further information. We may anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
We will store transactions, payment (this does not include payment card data) and order data for up to 7 years, or for as long as required by UK financial authorities and company regulations.
We will store employee contact and pensions data for up to 75 years, or for as long as required by UK financial authorities and company regulations.
Your rights
You have the right:
- to ask us not to use your personal data for direct marketing. To do so, simply click drop us an email to dataprotection@event-headsets.co.uk. For more information on how we use your personal data for direct marketing please see above.
- to ask us not to process your personal data where it is processed on the basis of legitimate interests, if there are no compelling reasons for that processing;
- to request from us access to personal information held about you (see ‘Contact Us’ below);
to ask for the information we hold about you to be rectified if it is inaccurate or incomplete; - to ask that we stop any consent-based processing of your personal data after you withdraw that consent;
- to ask, in certain circumstances, to delete the personal data we hold about you;
- to ask, in certain circumstances, for the processing of that information to be restricted; and
- to ask, in certain circumstances, for data portability.
Contact Us
If you have any questions about our Privacy Policy, including any requests to exercise your rights, please contact us via phone, email or post, using the details set out below:
By post:
Data Controller
White Event Production
4 Danbury Court,
Linford Wood,
Milton Keynes,
MK14 6PL
By email:
dataprotection@event-headsets.co.uk
By phone:
01908 483 627
In order to request a copy of the personal data that White Event Production Ltd holds about you, please do this via any of the above methods, we will require the following information from you:
- your full name;
- your email address;
- a description of the data that you are requesting, including a date range;
We will do our best to respond to all legitimate Subject Access Requests (SARs) within 28 days. Occasionally it may take us longer than this if your request is particularly complex, or if you have made a number of requests. In this case, we will notify you and keep you updated.
We may need to request some additional information from you in order for us to be able to verify your identity before we’re able to process your request. This is a security measure to ensure that your personal data is not disclosed to any person who has no right to receive it. Should we request any additional information from you to verify your identity please return this to us at your earliest convenience so that we can action your request promptly.
You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
If you are unhappy with our processing of your personal data, you have the right to complain to the Information Commissioner’s Office (ICO) at any time. The ICO’s contact details are available here: https://ico.org.uk/concerns/. We would, however, appreciate the chance to deal with any concerns before you approach the ICO, so please contact us by email in the first instance.
Changes to our Privacy Policy
Any changes that we may make to our Privacy Policy in the future will be posted on our website. Where appropriate, we may also notify you that a change has been made when you next communicate with us via email.
This Privacy Policy was last updated on 11th June 2020.