InstaStand Ltd values your privacy and always aims to demonstrate transparency and fairness in the collection and use of client/personal data. We will, through appropriate management and strict application of criteria and controls, adhere to the principles of the Data Protection Act 2018 [DPA 2018] and the UK General Data Protection Regulation.
WHAT IS PERSONAL DATA UNDER THE UK GDPR?
The UK GDPR applies to ‘personal data’ meaning any information relating to an identifiable person (‘data subject’) who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people. The UK GDPR applies to both automated personal data and to manual filing systems where personal data is accessible according to specific criteria.
WHO DOES THE UK GDPR APPLY TO?
The UK GDPR applies to processing carried out by organisations operating within the UK. It also applies to organisations outside the UK that offer goods or services to individuals in the UK. The UK GDPR does not apply to certain activities including processing covered by the Law Enforcement Directive, processing for national security purposes and processing carried out by individuals purely for personal/household activities.
A Data Controller is an organisation that determines the purposes, conditions, and means of the processing of personal data. InstaStand Ltd is a Data Controller, for the purposes of operating its business. We are registered to process personal data with the Information Commissioner’s Office (ICO), Reg. No: ZA341504. (Visit www.ico.org.uk for further details.) The Data Protection Officer (DPO) for Exhibition Services Ltd is James Dunman who can be contacted at firstname.lastname@example.org
A Data Processor is an organisation that processes personal data on behalf of a Controller. Third party processors with which InstaStand Ltd works includes, but is not limited to, providers of: IT systems and website/email hosting, CRM and accounting systems, file sharing/storage systems, contracted business and maintenance services, HR/payroll, event venues, transport/courier services, marketing/advertising services/social media and analytics platforms.
HOW WE USE PERSONAL DATA
InstaStand Ltd uses your data for the following legitimate purposes:
- To enable our business to respond to your enquiries and contacts about the quotation/provision of exhibition services as advertised in print or online at exhibitionservices.com (and when redirected via www.instastand.co.uk) and associated social media accounts. Enquiries and contacts include those received through phone calls, emails and post; or in response to e-newsletters and online advertising including those generated via google or bing paid-for adwords.
- As part of our website’s functionality cookies (which can be opted into when first visiting the site): For further information read our Cookies Policy
- To enable provision of contracted exhibition services according to your instruction, or the instruction of nominated contacts in your organisation.
- To keep in touch with you during the planning and delivery stages of the services you have contracted us to provide.
- To instruct third parties, where appropriate, who may be assisting us in the provision of the exhibition services you have contracted.
- We may contact you by email/letter to follow up about the service(s) you have received or to inform you of our other services that may be relevant to you.
HOW LONG DO WE KEEP PERSONAL DATA?
We will keep your personal data on our secure CRM system for a minimum of three years from the last time you have contracted services from us, unless you request removal according to your rights under the UK GDPR.
SECURITY OF EVENT DATA
We operate a ‘safe file’ system in our offices and site locations and our staff are fully-trained in data security. This applies to all client files and contacts whether securely stored in physical files or held on desktop/hand-held devices. Non-essential paperwork is routinely shredded and recycled.
When making credit card payments to InstaStand Ltd, we use PCIDSS Best Practices. PCI DSS is the worldwide Payment Card Industry Data Security Standard that was set up to help businesses process card payments securely and reduce card fraud. PCI DSS is intended to protect sensitive cardholder data, achieved through enforcing tight controls surrounding the storage, transmission and processing of cardholder data that businesses handle. Your details are destroyed after payment has been processed through our payment terminal. If providing us with other financially sensitive company details, for instance for credit references, that data is securely stored according to our ‘safe file’ system.
YOUR RIGHTS UNDER THE UK GDPR
Unless subject to an exemption under the UK GDPR, you have the following rights with respect to your personal data:
- The right to request a copy of your personal data which InstaStand Ltd holds.
- The right to request that InstaStand Ltd corrects any personal data if it is found to be inaccurate or out of date.
- The right to request your personal data is erased where it is no longer necessary for InstaStand Ltd to retain such data.
- The right to withdraw your consent to the processing of personal data at any time.
- The right to request that the data controller provides the data subject with his/her personal data and where possible, to transmit that data directly to another data controller, (known as the right to data portability).
- The right, where there is a dispute in relation to the accuracy or processing of your personal data, to request a restriction is placed on further processing.
- The right to object to the processing of personal data.
- The right to lodge a complaint with the Information Commissioner’s Office.
To exercise all relevant rights, queries or complaints please in the first instance contact our Data Protection Officer: James Dunman email@example.com
Contact the ICO on t:0303 123 1113/email: https://ico.org.uk/global/contact-us/email/ or write to: The Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF