The event organiser, 1 Big Summer, has the legal responsibility to tell ticket buyers and event attendees how their personal information will be collected and used. You can find their Privacy Policy below or contact them to request it.
1 Big Summer – Privacy Policy
Last updated: 1st March 2021
Approved by: Group Marketing Manager
Introduction
Live Tour Promotions, acting as ‘1 Big Summer’ (‘we’) is a Limited organisation whose registered
address 16-18 Barnes Wallace Road, Portsmouth, PO15 5TT
These addresses are securely locked and alarmed when not occupied.
Live Tour Promotions Limited needs to gather and use certain information about individuals.
These can include customers, suppliers, business contacts, employees and other people
the organisation has a relationship with or may need to contact.
This policy describes how this personal data must be collected, handled and stored
to meet the company’s data protection standards — and to comply with the law
Why this policy exists.
This data protection policy ensures Live Tour Promotions:
Complies with data protection law and follow good practice
Protects the rights of staff, customers and partners
Is open about how it stores and processes individuals’ data
Protects itself from the risks of a data breach
Data Protection Law
The Data Protection Act 1998 describes how organisations — including [Live Tour Promotions]—
must collect, handle and store personal information.
These rules apply regardless of whether data is stored electronically, on paper or on other
materials.
To comply with the law, personal information must be collected and used fairly, stored safely and
not disclosed unlawfully.
The Data Protection Act is underpinned by eight important principles. These say that personal
data must:
1. Be processed fairly and lawfully
2. Be obtained only for specific, lawful purposes
3. Be adequate, relevant and not excessive
4. Be accurate and kept up to date
5. Not be held for any longer than necessary
6. Processed in accordance with the rights of data subjects
7. Be protected in appropriate ways
8. Not be transferred outside the European Economic Area (EEA), unless that country or
territory also ensures an adequate level of protection
People, Risks and Responsibilities
Policy Scope
This policy applies to:
The head office of Live Tour Promotions
All branches of Live Tour Promotions including and not limited to Basic Bitch Rose
All staff and volunteers of Live Tour Promotions
All contractors, suppliers and other people working on behalf of Live Tour Promotions.
It applies to all data that the company holds relating to identifiable individuals, even if that
information technically falls outside of the Data Protection Act 1998. This can include:
Names of Individuals
Postal Addresses
Email Addresses
Telephone Numbers
Any other information relating to individuals
Data Protection Risks
This policy helps to protect Live Tour Promotions from some very real data security risks,
including:
Breaches of confidentiality.
For instance, information being given out inappropriately.
Failing to offer choice.
For instance, all individuals should be free to choose how the company uses data relating to
them.
Repetitional damage.
For instance, the company could suffer if hackers successfully gained access to sensitive data.
Responsibilities
Everyone who works or is a potential contractor for or with Live Tour Promotions has some
responsibility for ensuring data is collected, stored and handled appropriately.
Each team that handles personal data must ensure that it is handled and processed in line with
this policy and data protection principles.
However, these people have key areas of responsibility:
The Board of Directors is ultimately responsible for ensuring that Live Tour Promotions
meets its legal obligations.
The [Data Protection Officer], Elliott Dalton (ED) is responsible for:
Keeping the board updated about data protection responsibilities, risks and issues.
Reviewing all data protection procedures and related policies, in line with an agreed
schedule.
Arranging data protection training and advice for the people covered by this policy.
Handling data protection questions from staff and anyone else covered by this policy.
Dealing with requests from individuals to see the data Live Tour Promotions holds about
them (also called ‘subject access requests’).
Checking and approving any contracts or agreements with third parties that may
handle the company’s sensitive data.
The [IT Manager], Elliott Dalton, is responsible for:
Ensuring all systems, services and equipment used for storing data meet acceptable
security standards.
Performing regular checks and scans to ensure security hardware and software is
functioning properly.
Evaluating any third-party services, the company is considering using to store or process
data. For instance, cloud computing services.
The [Marketing Manager], Elliot Dalton, is responsible for:
Approving any data protection statements attached to communications such as emails
and letters.
Addressing any data protection queries from journalists or media outlets such as
newspapers.
Where necessary, working with other staff to ensure marketing initiatives abide by data
protection principles.
General staff guidelines
The only people able to access data covered by this policy should be those who need it for
their work.
Data should not be shared informally. When access to confidential information is
required, employees can request it from their line managers.
ED will provide training to all employees to help them understand their responsibilities
when handling data.
Employees should keep all data secure, by taking sensible precautions and following the
guidelines below.
In particular, strong passwords must be used and they should never be shared.
Personal data should not be disclosed to unauthorised people, either within the company
or externally.
Data should be regularly reviewed and updated if it is found to be out of date. If no longer
required, it should be deleted and disposed of.
Employees should request help from their line manager or the data protection officer if
they are unsure about any aspect of data protection.
Data Storage
These rules describe how and where data should be safely stored. Questions about storing data
safely can be directed to the IT manager or data controller.
When data is stored on paper, it should be kept in a secure place where unauthorised people
cannot see it.
These guidelines also apply to data that is usually stored electronically but has been printed out
for some reason:
When not required, the paper or files should be kept in a locked drawer or filing cabinet.
Employees should make sure paper and printouts are not left where unauthorised people
could see them, like on a printer.
Data printouts should be shredded and disposed of securely when no longer required.
When data is stored electronically, it must be protected from unauthorised access,
accidental deletion and malicious hacking attempts:
Data should be protected by strong passwords that are changed regularly and never
shared between employees.
If data is stored on removable media (like a CD or DVD), these should be kept locked away
securely when not being used.
Data should only be stored on designated drives and servers and should only be uploaded
to an approved cloud computing service.
Servers containing personal data should be sited in a secure location, away from general
office space.
Data should be backed up frequently. Those backups should be tested regularly, in line
with the company’s standard backup procedures.
Data should never be saved directly to laptops or other mobile devices like tablets or
smart phones.
All servers and computers containing data should be protected by approved security
software and a firewall.
Data Use
Personal data is of no value to Live Tour Promotions unless the business can make use of it.
However, it is when personal data is accessed and used that it can be at the greatest risk of loss,
corruption or theft:
When working with personal data, employees should ensure the screens of their
computers are always locked when left unattended.
Personal data should not be shared informally. In particular, it should never be sent by
email, as this form of communication is not secure.
Data must be encrypted before being transferred electronically. The IT manager can
explain how to send data to authorised external contacts.
Personal data should never be transferred outside of the European Economic Area.
Employees should not save copies of personal data to their own computers.
Always access and update the central copy of any data.
Data Accuracy
The law requires Live Tour Promotions to take reasonable steps to ensure data is kept accurate
and up to date.
The more important it is that the personal data is accurate, the greater the effort Live
Tour Promotions should put into ensuring its accuracy.
It is the responsibility of all employees who work with data to take reasonable steps to
ensure it is kept as accurate and up to date as possible.
Data will be held in as few places as necessary. Staff should not create any unnecessary
additional data sets.
Staff should take every opportunity to ensure data is updated. For instance, by confirming
a customer’s details when they call.
Live Tour Promotions will make it easy for data subjects to update the information Live
Tour Promotions holds about them. For instance, via the company website.
Data should be updated as inaccuracies are discovered. For instance, if a customer can no
longer be reached on their stored telephone number, it should be removed from the
database.
It is the marketing manager’s responsibility to ensure marketing databases are checked
against industry suppression files every six months.
Subject Access Requests
All individuals who are the subject of personal data held by Live Tour Promotions are entitled to:
Ask what information the company holds about them and why.
Ask how to gain access to it.
Be informed how to keep it up to date.
Be informed how the company is meeting its data protection obligations.
If an individual contacts the company requesting this information, this is called a subject access
request.
Subject access requests from individuals should be made by email, addressed to the data
controller elliott@livetourpromotions.co.uk . The data controller can supply a standard request
form, although individuals do not have to use this.
Individuals will be charged £10 per subject access request. The data controller will aim to provide
the relevant data within 14 days.
The data controller will always verify the identity of anyone making a subject access request
before handing over any information.
Providing Information
Live Tour Promotions aims to ensure that individuals are aware that their data is being
processed, and that they understand:
How the data is being used
How to exercise their rights
To these ends, the company has a privacy statement, setting out how data relating to
individuals are used by the company is available on this website and by contacting Festival
Collections Limited on the details above.
All of the above are data processors to Live Tour Promotions as data controller. We have GDPR
compliant processor contracts in place with all of the above-named parties. All processors
undertake to keep the data within the EEA or are compliant and certified under the EU-U.S. and
Swiss-U.S. Privacy Shield Frameworks.
Policy Statement
1. Live Tour Promotions intends to comply with GDPR or the same as subsequently enacted into
UK domestic law at Brexit.
2. We will therefore:
1. Only process as much personal data as is necessary for the services we supply.
2. Only hold such data for so long as necessary for those purposes. In this connection
we have decided that ten years following the last contact with an individual is
usually an appropriate period to hold data covering the legal limitation period (six
years) and a moderate margin. As in most cases this is only archived data is not
sensitive, not dangerous and will not be used. there will be little risk to data
subjects.
3. Only process such data on grounds for lawful processing provided within GDPR
Article 6.
4. Send or otherwise provide appropriate notices (GDPR Articles 13 and 14) to those
whose personally identifiable information (“Personal Data”) is processed by us
including our employees, and individuals or individuals within partners who supply
us with goods or services. We will also send such notices to individuals within
organisations, to whom generic marketing communications (e.g., newsletters) are
sent.
Not engage in direct marketing to clients or prospects otherwise than in
accordance with the relevant legislation and guidance from the ICO.
Utilise appropriate organisational and technical measures to ensure that
Personal Data processed by us is kept secure.
Where we use third party data processors, we will choose them carefully with
a view to their data security and compliance with GDPR and have GDPR
compliant contracts with them.
Not transfer Personal Data (which includes giving third parties access to it
within our IT system) to recipients located outside the European Economic
Area and the UK without confirmation from our Data Protection Officer that
such transfer is lawful.
Update this document from time to time so that it remains an accurate
record of our data processing activities and policies.
3. We conclude that where we hold and process such personal data for the purposes of direct
marketing to those individuals’ employers we should, unless guidance from the ICO says
otherwise, either:
1. obtain consent to that direct marketing from the individuals and send the notices required
by Articles 13 and 14 to the individuals; or
2. be satisfied that we have a legitimate interest in holding that Personal Data and using it for
that purpose.
Our processing
1. Customers
Personal data collected: Full Name, Email address, Telephone Number, Address, payment
details, cookie tracking, pixel tracking
Special categories of data collected: None
Data origination: Provided by individual
Storage location: Mail Chimp, Google, Shopfy, Stripe
Identified data usage: Product Purchasing and future information about new products
available
Third parties with access: None
Retention period: 10 Years
2. Employees of suppliers, contractors and clients
Personal data collected: Email Address, Full Name, Business Name, Postal Address, Role Title,
Telephone, Signature and Bank Details
Special categories of data collected:
Data origination: Provided by individual
Storage location: Mail Chimp Server, Locked Filing Cabinet and Internal Server, Dropbox
Identified data usage: Client invoices, supplier payments, marketing and communications,
credit management and fraud prevention
Third parties with access: Just Develop IT BOOKKEEPERS (Accountants), Xero - Accounting
Software
Retention period: 10 Years
4. Data Storage
Live Tour Promotions stores and processes some of its data remotely:
Cloud-based platform providers Google, Mail Chimp, Shopify, Stripe
Hard Drive stored safely at outsourced location in locked and secure position.
All of the above are data processors to Live Tour Promotions as data controller. We have GDPR
compliant processor contracts in place with all of the above-named parties. All processors
undertake to keep the data within the EEA or are compliant and certified under the EU-U.S. and
Swiss-U.S. Privacy Shield Frameworks.
5. Organisational and technical measures
We use the following organisational and technical measures to ensure the confidentiality
of personal data:
Provisions that contractors who process data are required to consider the use of lockable
filing cabinets, secure storage for archived files and the use of a shredder or confidential
waste bin for hard copies of paperwork, file notes, incoming and outgoing letter
correspondence containing personal data.
For electronically held data employees who process data are required to consider using
storage on the work one drive or platforms approved by the Data Protection Officer,
password protection on all files containing personal data, the use of Live Tour
Promotions Limited’s secure platforms for processing data, running up to date antivirus
and malware systems, installation of adequate firewalls, the secure destruction or
disposal of IT equipment.
Email accounts are individually assigned and not shared with colleagues or third parties.
Access to emails is only authorised for third parties for specific purposes by Senior
Management Team members.
We hold GDPR compliant contracts with all data processors.
6. Consent
We do not engage in direct marketing to individuals except in their capacity as a member of our
Company or as a conduit for our company.
Following consultation with the ICO and a review of the appropriate legislation, we have
concluded that as our customers have purchased through Shopify and other product purchasing
platforms, we do not need consent in communicating through digital means with our customers
about our related products and services. We believe that as a customer there is a legitimate
interest in receiving this information which is noted as a lawful reason for processing data in
Recital 47. In all communications there is an opt-out and the customer will have received an
article 13 or 14 notice prior to receiving any communications at all.
We will keep the proposed replacement of The Privacy and Electronic Communications (EC
Directive) Regulations 2003 and guidance from the ICO under review.
We are aware that consent under GDPR must be freely given, specific, informed and
unambiguously given by a statement or a clear affirmative action and that we have to keep a
record of each consent obtained for as long as we are using it. We do not currently believe that
any of our processing of Personal Data, except for the sending of the commercial marketing,
requires data subject consent.
7. Legitimate Interests
Recital 47 of the GDPR reads: “The legitimate interests of a controller, including those of a
controller to which the personal data may be disclosed, or of a third party, may provide a legal
basis for processing, provided that the interests or the fundamental rights and freedoms of the
data subject are not overriding, taking into consideration the reasonable expectations of data
subjects based on their relationship with the controller.”
We rely on legitimate interest as justifying much of our processing of Personal Data as we have
assessed that the majority of our processing activity would be in the reasonable expectations of
those, we process data about. Our activities reliant on legitimate interest are as follows:
Suppliers, and partners: Our suppliers and partners are not usually individuals so
here we are dealing with the identifiable employees of our suppliers and clients
who require us to deal with such individuals or self-employed individuals. We
require their personal data (email, office address, telephone numbers) to enable us
to contact them in the context of their job. If an employee leaves a client
or supplier, we remove their details from the CRM and other systems (or we would
be communicating with the wrong person). They expect that we will hold their
contact details for this purpose.
Customers: When individuals purchase products or utilise services through our
trading company, we have access to process this data to administer our contracted
duties and send them carefully selected information about our products and
services.
Affiliated Brands: We may AT time work with OR own ourselves, affiliated brands
that maybe of interest to existing customers. Customers may from time to time
receive information about these brands we work alongside with.
In all the above cases we believe that we have a legitimate interest in carrying out that processing
and that the processing has no significant risk to the rights and freedoms of the individuals
concerned.
8. Notices
As noted elsewhere we do not believe that GDPR should be interpreted as requiring an Article 13
or Article 14 notice to be sent to every data subject whose personal data we are processing. We
do believe that such notices should be sent to:
Suppliers and clients once engaged with Live Tour Promotions
10. Processors
We have identified the following parties as data processors:
Google - In the provision of One Drive applications
Xero - In the provision of accounting software
Ticket Tailor - In the provision of ticketing services
Fatsoma - In the provision of ticketing services
Eventbrite - In the provision of ticketing services
Squarespace – In the provision of sales / commerce / data collection
Mailchimp - In the provision of Email Marketing Services
Shopify - In the provision of Email & Sales Marketing Services
The above parties either have a direct contract using Live Tour Promotions model contract or
through GDPR compliant terms and conditions of use of service.
11. Communication & Data Policy
A customer’s privacy and right to not be spammed will always take priority over marketing
preferences and targeted mailers.
Live Tour Promotions will never compromise our privacy promise in return for up-front
monetary compensation.
People only receive announcements (email, push notifications, feed items) about events or
affiliated brands if:
They have purchased products or affiliated products
They have signed up to direct or indirect marketing via the Basic Bitch Rose website or a
third-party channel.
They have openly provided email addresses for e-correspondence.
They have opted in subject to the new GDPR compliance regulations.
All data stored and collected is subject to GDPR regulations, and Husky Events will not
compromise on this.
12. How We Use Your Personal Data (Legal Basis for Processing)
Live Tour Promotions does not and will not disclose, share or sell your data without your
consent, unless required to do so by law.
The purposes and reasons for processing your personal data are detailed below:
We collect your personal data in the performance of a contract and to provide you with
our products and services.
We use your personal information to answer your queries and provide industry specific
advice
We use your personal information to send you updates and run regular competitions.
We collect and store your personal data as part of our legal obligation for business
accounting and tax purposes
We may also contact you for feedback on your use of our products, services or our
website and may need to use your information to send important notices, such as the
GDPR where there have been regulation/law revisions or changes to our terms, conditions
and policies.
We collect your personal data for important event announcements and information,
cancellations or rescheduling communications.
We collect your personal data for marketing purposes including electronic marketing.
13. Your Rights
You have the right to access any personal information that Husky Events holds or process about
you and to request information about:
What personal data we hold
The purposes of the processing
The categories of personal data concerned
The recipients to whom the personal data has/will be disclosed
How long we intend to store your personal data for
If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask
us to correct and/or complete the information and we will strive to update/correct it as quickly as
possible, unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing in
accordance with the data protection law, as well as to object to any direct marketing from us and
to be informed about any automated decision-making that we use.
If we receive a request for any of the above rights, we may ask you to verify your identity before
acting on the relevant request; this is to ensure that your data is protected and kept secure.
14. Sharing and Disclosing Your Personal Information
We do not share or DISCLOSE any of your personal information without your consent, other than
for the purposes specified in this notice, where there is a legal requirement or to enforce our
terms and conditions.
15. Safeguarding Measures
Live Tour Promotions takes your privacy seriously and we take every reasonable measure and
precaution to protect and secure your personal data. We work hard to protect you and your
information from unauthorised access, alteration, disclosure or destruction and have several
layers of security measures and procedures in place to maintain the safety of your data.
16. Consequences of Not Providing Your Data
You are not obligated to provide your personal information to Event Catering Solutions; however,
your personal information is necessary to ensure that we are able to deliver services and effective
communication, and, in some instances, we will not be able to provide services, products or
reminder notifications without this information.
17. Lodging a Complaint
Live Tour Promotions only processes your personal information in compliance with this privacy
notice and in accordance with the relevant data protection laws. If, however you wish to raise a
complaint regarding the processing of your personal data or are unsatisfied with how we have
handled your information, you have the right to lodge a complaint with the supervisory authority.
Information Commissioner’s Office Wycliffe House Water Lane WILMSLOW SK9 5AF 0303 123
1113
Appendix
Article 1 - Mailchimp Privacy Policy
Article 2 – Ticket Tailor Privacy Policy
Article 3 – Stripe Privacy Policy
Article 4 – Fatsoma Privacy Policy
Article 5 - Eventbrite Privacy Policy
Article 6 – Squarespace Privacy policy