Bracken Events has always honoured our customers’ right to data privacy and protection. We have demonstrated our commitment by adhering to the current UK Data Protection policy, and now we are revising our own internal policies in order to meet the requirements of the GDPR. Bracken Events is, and has always been, committed to high standards of information security, privacy and transparency. We place a high priority on protecting and managing data in accordance with accepted standards. Bracken Events is fully aware of our role in helping to provide the right tools, systems and processes to meet our GDPR mandate. In any event, we’ll only use your information for the purpose or purposes it was collected for (or for closely related purposes).
We may process personal information for certain legitimate business purposes, which include some or all of the following:
Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of our customer
To enhance the security of our network and information systems
To provide postal communications which we think will be of interest to you
Whenever we process data for these purposes we will ensure that we always keep your personal data rights in high regard and take account of these rights at all times.
When we process your personal data for our legitimate interests, we will make sure that we consider and balance any potential impact on you (both positive and negative), and your rights under data protection laws. Our legitimate business interests do not automatically override your interests - we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You have the right to object to this processing if you wish, and if you wish to do so please contact our firms Data Protection Officer. Please bear in mind that if you object this may affect our ability to carry out tasks above for your benefit.
Where we keep it
We are based in the UK and we store our data within the EU. Some organisations which provide services to us may transfer personal data outside of the EU, but we will only allow them to do if your data is adequately protected. For example, some of our systems use Microsoft products. As a US company, it may be that using their products result in personal data being transferred to or accessible from the US. However, we will allow this as we are certain personal data will still be adequately protected (as Microsoft is certified under the USA’s Privacy Shield scheme).
How long we keep it
How long information will be stored depends on the information in question and what it is being used for. For example, if you ask us not to send you marketing e-mails, we will stop storing your e-mails for marketing purposes (though we’ll keep a record of your preference not to be e-mailed).We continually review what information we hold and delete what is no longer required. We will not retain your data for any longer than necessary and the longest time that we will hold your data wil be 24 months.
What are your rights?
We want to ensure that you remain in control of your personal data. Part of this is making sure you understand your legal rights, which are as follows:
The right to confirmation as to whether we have your personal data and, if we do, to obtain a copy of the personal information we hold (this is known as a data subject access request)
The right to have your data erased (though this will not apply where it is necessary for us to continue to use the data for a lawful reason)
The right to have inaccurate data rectified
The right to object to your data being used for marketing or profiling; and
Where technically feasible, you have the right to personal data you have provided to us which we process automatically based on your consent or the performance of a contract. This information will be provided in a common electronic format.