PRIVACY & DATA PROTECTION
PRIVACY & DATA PROTECTION POLICY
CONTEXT AND OVERVIEW
Key Details
Policy prepared by: Sonya Couch
Approved by management March 2025
Policy became operational March 2025
Next Review Date: March 2026
Introduction
THEEVENTMASTER LTD needs to collect and use certain information about individuals, including customers, suppliers, business contacts, employees, and other people the organization interacts with. This policy outlines how personal data should be collected, managed, and stored to comply with the company’s data protection standards and the law.
Why This Policy Exists
This policy ensures that THEEVENTMASTER LTD:
Complies with data protection laws and best practices
Protects the rights of staff, customers, and partners
Is transparent about how it stores and processes personal data
Safeguards against the risk of a data breach
Data Protection Law
The Data Protection Act outlines how organizations, including THEEVENTMASTER LTD, must collect, handle, and store personal information, whether it’s held electronically, on paper, or in other formats. To comply with the law, personal data must be collected fairly, stored securely, and not disclosed unlawfully.
The Data Protection Act is governed by eight key principles that personal data must:
Be processed fairly and lawfully
Be collected for specific, lawful purposes
Be adequate, relevant, and not excessive
Be accurate and kept up to date
Not be retained longer than necessary
Be processed in accordance with individuals' rights
Be protected in appropriate ways
Not be transferred outside of the European Economic Area, unless the receiving country offers an adequate level of protection
PEOPLE, RISKS & RESPONSIBILITY
Policy Scope
This policy applies to:
The head office of THEEVENTMASTER LTD
All other offices of THEEVENTMASTER LTD
All staff, freelancers, and volunteers of THEEVENTMASTER LTD
All contractors, suppliers, and third parties working on behalf of THEEVENTMASTER LTD
It covers all data the company holds about identifiable individuals, including but not limited to:
Names
Postal addresses
Email addresses
Telephone numbers
Any other identifying information related to individuals
Data Protection Risks
This policy helps mitigate several significant data security risks, including:
Breaches in confidentiality (e.g., inappropriate disclosure of information)
Failure to offer choice (e.g., ensuring individuals can control how their data is used)
Reputational damage (e.g., if hackers gain access to sensitive data)
Responsibilities
All individuals who work for or with THEEVENTMASTER LTD share responsibility for ensuring data is collected, stored, and handled in accordance with this policy. Each team handling personal data must ensure it complies with this policy and data protection regulations.
Key Responsibilities:
The Directors are ultimately accountable for ensuring that THEEVENTMASTER LTD meets its legal obligations.
The Data Protection Officer (Sonya Couch) is responsible for:
Keeping directors updated on data protection issues
Reviewing data protection procedures and policies
Arranging training on data protection
Responding to data protection queries
Handling subject access requests (requests from individuals to view their data)
Approving contracts and agreements with third parties that process sensitive data
The IT Manager is responsible for:
Ensuring systems and equipment used for data storage meet security standards
Conducting regular security checks on hardware and software
Evaluating third-party services for data storage or processing
Sonya Couch also holds responsibility for:
Approving data protection statements in communications (e.g., emails, letters)
Addressing data protection queries from journalists or the media
Ensuring marketing initiatives comply with data protection principles
This policy is designed to protect both THEEVENTMASTER LTD and its stakeholders, ensuring the secure handling of personal data in compliance with applicable laws.