Please read the following information carefully. This Privacy Notice (“the Notice”) contains information about what data we collect, process and store and the reasons for obtaining and processing the data and is to be read in conjunction with our Terms of Business.
The Notice also sets out who we share information with, the steps we take to ensure information is kept secure, the rights of data subjects in respect of personal data and how to contact us in the event of a complaint.
Gala Management Services T/A Gala Events, (“Gala”) sells hospitality packages (“Hospitality Services”) in accordance with requests received from you (“the Client”) as per our Terms of Business.
Through the provision of Hospitality Services by Gala and its employees, it acts as a data processor and data controller for the purpose of the General Data Protection Regulations (“GDPR”).
If you have any questions about this Notice or about personal data you can contact the Directors or Gala’s Compliance Officer via email at firstname.lastname@example.org or write to us at:
19 Pensham Croft
What Personal Information do we collect?
In order to allow us to provide Hospitality Services we may collect the following information from the Client that relates to the package that we are instructed on:
- Name of Client
- Client’s Organisation or Business Name
- Contact information for Client (e.g. address, email address, telephone number)
- Fee and/or billing details;
- Bank details/Card details
The Client will usually be the source of any personal information that we hold, unless such information is provided to us by any third party.
How do we use the Personal Information?
All personal information that we collect in relation to the provision of Hospitality Services will be recorded, used and protected by Gala in accordance with applicable data protection legislation and this Notice.
We will process and store the personal data and sensitive personal data provided by the Client to us in order to provide and improve the Hospitality Services.
In the case of personal data, the legal bases that we rely upon are that:
- The processing is necessary for the performance of the contract to provide the Hospitality Services to the Client;
- The processing is necessary in order to comply with legal obligations to which Gala is subject; and/or
- The processing is necessary for the purposes of legitimate interests pursued by Gala, such as for use in the defence of potential complaints, legal proceedings or fee disputes or fee recovery, for keeping anti-money laundering records, for training staff or for otherwise complying with our professional obligations.
In the case of sensitive personal data, the legal bases that we rely upon are:
- In some cases, the personal data may have been manifestly made public by the Client;
- The processing is necessary for the establishment, exercise or defence of legal claims. Where litigation is contemplated by the Client, these claims may be the claims that we are asked to pursue or defend on your behalf. Alternatively, the personal data may be retained for the defence of potential complaints and legal proceedings against ourselves; and/or
- The processing is necessary for reasons of substantial public interest.
Information collected from other sources
In the provision of the Hospitality Services it is likely that information will be provided solely by you the Client; however from time to time and depending on the nature of the request, information may be collected via another party. Such information will only be processed in order to provide the Hospitality Services.
Personal data provided to third parties
We will not use personal data for purposes that are not clear at the time they were provided and personal data will not be disclosed outside of Gala except where necessary for the provision of the Hospitality Services or with the Client’s consent.
Personal data may be shared with the following:
- Third Parties in accordance with our instructions (such as the Hospitality provider, venue, caterers);
- Ombudsmen and other regulatory authorities;
- the Client; and
- Staff in confidence.
We may share some personal data with third parties in limited circumstances, which may include (a) if we are under a legal or regulatory duty to do so; (b) if it is necessary to do so to enforce our contractual rights; (c) to lawfully assist the police or security services with the prevention and detection of crime or terrorist activity; (d) where such disclosure is necessary to protect the safety or security of any persons and/or (e) otherwise as permitted under applicable law.
Personal information will not be used for any other purpose than has been set out in this Notice.
Transfer of data outside the EEA
Please note that the Gala does not transfer data outside of the EEA in general. There may however be a requirement from time to time to transfer some or all of your personal data outside of the EEA if so required in order to provide the Hospitality Services. Where this happens, all necessary steps will be taken to ensure that data transferred outside of the EEA is afforded the same or similar safeguards and processes that we undertake within the EEA.
Gala may carry out marketing activities which include events and communications via email, social media and other digital platforms. In the provision of marketing activities we may collect your name, address, email address, name of your organisation (if applicable), telephone number and details of your enquiry. Any personal data that you provide to use will only be used to administer and provide products and services you request or have expressed an interest in and to tailor marketing communications from us. We will not use your data for purposes that are not clear when you provide your details and will not disclose them outside of Gala except in limited circumstances.
Further information and a full copy of our Marketing Privacy Notice can be found on our website www.galahospitality.co.uk
Gala will retain personal information for no longer than is reasonably necessary for the provision of Hospitality Services and personal information will not be retained indefinitely or for reasons incompatible with the relevant data protection legislation, including the GDPR and the requirements of other regulatory bodies.
Our standard data retention period for personal information provided to us for the purpose of providing Hospitality Services is as set out in our Retention Policy.
Hard copy files will either be archived securely off site with a third party for the period as set out in our Retention Policy after which the data will be securely destroyed. Any data held electronically shall be held on our server or via an external drive for the period as set in our Retention Policy.
We take the security of personal information seriously and Gala has appropriate measures, safeguards and protocols in place to ensure that data is kept secure, is only accessed by those individuals authorised to do so and where there is a legitimate need to access the data. Appropriate and reasonable steps are in place to reduce the risk of unauthorised access to personal data held by Gala (either through accidental disclosure or deliberate act) and in line with Gala’s obligations under applicable data protection legislation, including the GDPR.
Under the GDPR, data subjects have a number of important rights regarding their personal information. In summary these rights are as follows and include the right to:
- Request access to personal information;
- Request that inaccurate information is corrected;
- Request that processing of personal information is restricted;
- Request that personal information that we hold is erased in certain circumstances;
- Request a copy of the personal information that has been provided to us;
- Object to the processing of personal information or the continued processing of personal information;
- Request not to be subject to automated decision making which produces legal effects that concern or affect data subjects in a significantly similar way.
Further information regarding rights under the GDPR can be found by visiting www.ico.org.uk. These rights are subject to the conditions and restrictions set out in the General Data Protection Regulation and the Data Protection Act 2018.
Should you wish to make a request to exercise any of the above rights you should contact us via email at via email at email@example.com or write to us at:
19 Pensham Croft
When contacting us please ensure that you provide relevant information to allow us to identify you (this can include confirmation of any of the unique or personal identifiers we hold about you such as proof of identity or address) and state the right or rights that you wish to exercise. We may need to contact you to request further information to verify your identity.
We will respond to you within one month from when we receive a valid request.
Where to make a complaint
We hope that you are happy with our service and that we can resolve any issues or complaints that may arise. If you have a complaint regarding any aspect of your personal data or this Notice please write to us at firstname.lastname@example.org
In the event you are not satisfied with the outcome of your complaint, you may write to the Information Commissioner’s Office via:
Information Commissioner’s Office
You can also contact the Information Commissioner’s Office using their online form by visiting www.ico.org.uk
Changes to this Privacy Notice
We aim to meet high standards and so our policies and procedures are subject to regular review. From time to time we may change this Notice and will inform you, usually via writing or by publishing updated content to our website, as appropriate.