Our Data Policy - GDPR 2018
As a company we have a very limited number of reasons for collecting and storing personal data, these include:
- To contact you in relation to any services we are providing for you or your clients
- To contact you regarding future products or services that you may require from us (e.g. if you have an annual event that we cater for)
- To contact you about news, promotions or events that we think you may be interested in
When we work together on an event, we will need to hold some of your personal data in order to contact you throughout this process. Following this, we will keep your data on file for a period of 3 years, unless you ask us to delete it. You can request a copy of the data we hold for you at any time and you can also request to be ‘forgotten.’ If, after 3 years, we have had no correspondence with you, we will get in touch to ask if you are happy for us to continue holding your personal data.
If we wanted to contact you regarding promotions or anything not relating to products or services we are already providing for you, we will ask your permission before doing so.
We may hold your personal data because we have met at a trade show, networking event or similar, but have never worked together. In this situation we may want to contact you from time to time to let you know about offers, upcoming events or to provide informative content. Again, we will ask your permission before doing so, unless you have given permission when signing up to attend the trade show or networking event.
Types of data we collect
We only collect certain types of personal data, none of which are considered “sensitive” or “special categories” in that they cannot be processed to uniquely identify one specific individual (e.g. genetic or biometric). The categories of personal data that we store are as follows:
- Name and Surname
- Email address
- Work, home or mobile telephone numbers
- Company or home address
How your data is stored and processed
We have a CRM database where we store all personal data, outside of this we need to use some personal data to produce event contracts that we have with our clients. These contracts are stored in password protected folders and only the necessary data processors will have access to these folders. For example, if we are catering for your wedding, the event manager, finance director and sales manager will require access to your folder. The password for this folder will not be available to anyone else.
We also use some personal data including names, surnames and home/company addresses for invoicing purposes, this is stored on our accounting software and cannot be deleted for tax reasons. Only data that is legally required to produce a valid invoice is stored here and is limited to individual names and addresses (for private events) and company names and addresses (for corporate events). Only relevant data processors are able to access this system, these include; event managers, sales managers and directors of Boulevard Events Ltd. We do not store email addresses or telephone numbers on this system.
We occasionally use your email address or telephone number to contact you for promotional purposes, we will not do this unless we have permission.
We occasionally use Mail Chimp to send promotional or informative emails to those contacts that have opted in to receive them, if you have not opted in your data will not be saved to our Mail Chimp account. If you have opted in, only your email address will be stored. The Mail Chimp servers are in a secure facility in the United States and they use DDOS mitigation to protect all their data.
Our company uses a cloud based data storage system, which is hosted at a secure facility in Surrey. Physical access to the data centre is restricted to one senior engineer and the directors of our IT support provider. Access to the facility is fingertip recognition and firewalls can only be accessed by three directors and one engineer.
Engineers are able to access our systems and company files but only with our permission. They will not be able to access password protected files unless given access by the data controller of Boulevard Events, Mark Maher.
The offsite data centre servers are backed up and encrypted, the back-up data centre is at the company HQ of our IT support provider which is in Brentford.
Aside from those detailed above, we do not share any personal data with third parties.