The purpose of this events privacy notice is to give you information about what personal data we process about you, and how, why and what your rights are.
Our participants and clients are valued, and we are committed to ensuring that your privacy is protected. Should we ask you to provide certain data by which you can be identified when attending our event or using our services, then you can be assured that it will only be used in accordance with this privacy notice.
We collect, process and retain personal data about you when you:
- Register to attend an event
- Participant in an event e.g. you may be photographed
- Provide us with a testimonial (written or video)
This data can include Participant name, Email Address, Phone Number, Photographic Images, Credit Card details (under certain circumstances).
Unless you voluntarily submit your personal data to us (e.g. paying for the event via the website or in person) we cannot personally identify you.
We use your personal data only for the purpose you provided to us.
It may include:
- Providing the facilities to deliver the event
- Responding to a post event query
2. Legal Grounds for Processing
By executing any contractual agreement with Garcia Inspired Training, hereinafter referred to as the “Company”.
The Company shall have the right to process your personal data, to enable the Company to fulfil its legal and contractual obligations in its capacity to deliver a live event.
The Company may rely on one or more of the following legal grounds to process your personal data:
- Contract: Article 6(1)(b) of the GDPR, which relates to the processing necessary for the performance of a contract. The Company will use when you register as a participant at one of our live events.
- Consent: Article 6(1)(a) of the GDPR, which relies on your freely-given consent at the time you provide your personal data to the Company. The Company will always make it clear what your personal data will be used for and provide you the facility to withdraw your consent – refer to section Your Rights (below).
- Legal Obligation: Article 6(1)(c) of the GDPR, where the processing is necessary in order for the Company to comply with a legal obligation. For example, where the Company will need to share information to HMRC.
- Legitimate Interests: Article 6(1)(f) of the GDPR, which relates to our legitimate interests pursued by us the Company or by a third party (such as Company partners), except where such interests are overridden by the interests or your fundamental rights and freedoms which require protection of your personal data. Examples of our legitimate interests are as follows:
- evaluation of workshop (e.g. trainer training and evaluation for event improvements)
- communicating with our clients/participants to introduce them to services, or market similar services that may be of interest and benefit to them
- promotions and publicity (e.g. using photographs and videos of an event to promote and grow our business)
3. Purposes of Processing
Purposes of processing personal data include:
- Participants/Clients: We use your personal data so that we can deliver the workshop and tell you about the details of the live event you registered for. This may also include telling you about future events, which may be of interest to you.
4. Transfers to Third Parties
While processing your personal data for the purposes indicated above, the Company may use the services of third parties such as Goggle G Suite for electronic mail, and Active Campaign for email automation and marketing.
The Company uses data processors who are third parties who provide elements of services on behalf of the business. The Company will have contracts in place with the data processors. This means that the data processors cannot do anything with your personal data unless the Company has instructed them to do so. They will not share your personal data with any organisation apart from the Company. The data processor will hold it securely and retain it for the period the Company instruct.
5. Cross-Border Data Transfers
The Company’s business processes increasingly go beyond the borders of one country. This globalisation demands not only the availability of communications and information systems across the Company, but also the worldwide processing and use of data within the Company. Consequently, your data may be subject to cross border data transfers.
The Company stores your personal data in digital format on secure local and cloud servers and systems hosted in the European Union (EU) and the United States (US). Where data is stored on servers located in the US we rely on the Privacy Shield Framework and/or the EU model clauses (called the Data Transfer Agreements) to transfer this data.
You may request a copy of the Data Transfer Agreements or data on the other applicable safeguards we use to protect your personal data.
Your personal data will be stored for no longer than necessary considering the purposes of the processing activities.
The retention will not exceed 7 years from the end of the contract/agreement after which your personal data will be destroyed securely.
7. Keeping Your Personal Data Secure
The Company has policies, procedures and security in place to keep your personal data secure once it is in our systems. All personal data is stored securely in accordance with the principles of the GDPR.
Any personal data collected in paper form (e.g. release and consent forms) are securely filed at our UK site location. All access to your personal data is highly restricted for approved business purposes only.
8. Your Rights
You can exercise your data subject rights and utilise our Data Subject Access Request (DSAR) procedure by contacting our Data Compliance Manager by emailing email@example.com. Your rights are as follows:
- You have the right to ask for a copy of your personal data.
- You have the right to have your personal data rectified. If you find your personal data, we hold is inaccurate or incomplete, you can request to see this data, rectified.
- You have the right to have your personal data deleted. Though it should be noted this is not an absolute right.
- You have the right to demand the restriction of the data processing of your personal data. This may include, but not limited to the use of data for direct marketing purposes.
- You have the right to receive your personal data in a structured, commonly used and machine-readable format (e.g. PDF or CSV) and to request the transmittance of your data to another controller;
- You have the right to object to the data processing. This is not an absolute right and only applies under certain circumstances;
- You have the right to withdraw a given consent at any time to stop a data processing that is based on your consent.
You may make any of the requests outlined above by contacting us by email firstname.lastname@example.org for the attention of our Data Compliance Manager.
If you wish to complain about how we have handled your personal data, please contact our Customer Service Manager in the first instance by email at email@example.com.
Our Customer Service Manager will then investigate your complaint and work with you to resolve the matter.
If you still feel that your personal data has not been handled appropriately according to the law, you can contact the Information Commissioner’s Office in the UK here: https://ico.org.uk/concerns/ and file a complaint with them.
We keep our privacy notice under regular review. This privacy notice was last updated on 17th January 2019.