Privacy Policy

Last Updated: February 2026

 

At Eventilise, we take your privacy seriously. This notice explains how we collect, use, and protect your personal information when you use our website or services.

 

 

1. Who We Are

 

Eventilise is the "Data Controller" for your information. This means we decide why and how your data is processed.

 

Contact: eventilise@gmail.com

 

Address: Office 860, 60 Tottenham Court Road, Fitzrovia, London, United Kingdom, W1T 2EW

 

We use secure service providers to manage our communications; please see Section 8 regarding International Data Transfers.

 

 

2. Information We Collect

 

We only collect the minimum information needed to provide our services through the use of this website (for initial contact) or through other channels, such as by email, phone and through Whatsapp (for vetting, contract arrangements, payment processing, safeguarding purposes):

 

 

* For all website users:

 

Contact Details: Name, email, and phone number (e.g., when you fill out a form).

 

Technical Data: Your IP address and how you use our site (collected via cookies).

 

Event Information: Any specific details you provide to help us curate your bespoke schedules or talent.

 

 

* For Service Providers (Contractors/Facilitators):

 

Vetting & Identity: We collect government-issued IDs, 5-year employment histories, and 5-year home address histories to verify your suitability.

 

Criminal Record Data: We process DBS check information to ensure safeguarding standards.

 

Financial & Professional Health: We conduct financial health checks and collect bank details for the processing of invoices and tax compliance.

 

 

* For Clients (Businesses/Organisations):

 

Operational Data: Beyond contact details, we collect site location addresses for events and company-specific payment processing details.

 

 

* For Attendees (Event Guests):

 

Safety & Logistics: We collect names, emails, and WhatsApp numbers for event coordination.

 

Emergency & Health: We collect Next of Kin details (name and contact details for emergency purposes only) and signed safety waivers.

 

Special Category Data: we collect dietary and health requirements (e.g., allergies or accessibility needs) to ensure your safety and wellbeing during events.

 

 

3. Photography, Video, and Image Use

 

We often capture the energy of our workshops through photography and video. We use these images in the following ways:

 

For Your Benefit: We share photos back with you as a record of your experience.

 

Workshop Community: We may share a group gallery with other attendees of the same workshop to foster a collaborative community.

 

Marketing & Promotion: With your explicit consent, we may use selected images on our website, social media, or in printed brochures to showcase Eventilise’s services.

 

Your Choice: We will always ask for your permission before taking close-up or identifiable photos. You can withdraw your consent for us to use your image for marketing at any time by emailing eventilise@gmail.com. If you do not wish to be photographed at all, please let our facilitators know at the start of the event; we will provide a "no-photo" indicator (such as a specific lanyard or seating area) to ensure your privacy is respected.

 

4. Safeguarding & Vetting Procedures

 

To maintain our high standards of mobile logistics, we perform rigorous vetting. This includes 5-year background checks and financial screening. 

 

We use secure, encrypted portals for this data and ensure that DBS information is handled only by authorised personnel and destroyed promptly after a suitability decision is made.

 

5. Why We Use Your Data (Our Legal Basis)

 

Under UK law, we must identify a specific "lawful basis" for every way we use your information. We rely on the following grounds:

 

* Contract: We process your data when it is necessary to fulfill our agreement with you, such as delivering the event services you have booked or paying a provider’s invoice.

 

* Consent: We rely on your clear permission for non-essential activities, such as sending you our newsletter or using certain website tracking cookies. You can withdraw this consent at any time.

 

* Special Category Data (Health & Dietary): Because this information is sensitive, we process it based on your Explicit Consent. In rare safety-critical situations where consent cannot be obtained, we process this data under the "Substantial Public Interest" condition (Schedule 1, DPA 2018) to ensure your physical wellbeing.

 

* Criminal Offence Data (DBS): We process background check information for our providers to meet our Legal Obligations and the 'Safeguarding of children and individuals at risk' condition (Schedule 1, DPA 2018).

 

* Vital Interests & Legitimate Interests (Next of Kin): We store emergency contact details to protect your Vital Interests (safety) in an emergency. This is also a Legitimate Interest, as it is essential for responsible event management.

 

* Recognised Legitimate Interests: Under the Data (Use and Access) Act 2025, we process certain data for "recognised" purposes that are in the public interest. This includes essential tasks like detecting and preventing crime (fraud checks), safeguarding vulnerable individuals, and ensuring network security. For these specific tasks, the law recognises our interest is valid without requiring a separate balancing test.

 

* General Legitimate Interests: For other business tasks, such as improving our website or internal administration, we use your data in ways you would reasonably expect and which have a minimal impact on your privacy.

 

 

6. How Long We Keep Your Data

 

We don’t keep data "forever." We store your information only for as long as necessary to fulfill the purposes we collected it for (e.g., 7 years for financial records to satisfy HMRC).

 

Data Type: 

 

* DBS Certificates - Retention Period: Destroyed within 6 months; Reason: DBS Code of Practice compliance.

 

* Vetting Logs - Retention Period:  Duration of contract + 6 years - Reason: To comply with insurance requirements and to defend potential legal claims (Statute of Limitations).

 

* Attendee Health/Dietary - Retention Period: Deleted 30 days post-event - Reason: Data minimisation once the event is over.

 

* Next of Kin / Waivers - Retention Period: 3 years - Reason: Limitation period for personal injury claims.

 

* Financial/Bank Data - Retention Period: 7 years - Reason: HMRC tax and audit requirements.

 

 

7. Your Rights

 

You have several "Data Subject Rights" over your information:

 

Access: You can ask for a copy of your data. We will perform a "reasonable and proportionate" search to find it.

 

Correction: You can ask us to fix inaccurate info.

 

Erasure: You can ask us to delete your data (the "Right to be Forgotten").

 

Withdraw Consent: If you gave us permission (e.g., for marketing), you can take it back at any time.

 

 

8. International Data Transfers

 

To provide our services, we use some third-party tools (such as WhatsApp for coordination and Google Account for email) that may store or process data outside the United Kingdom. 

 

Where data is transferred to countries without a UK 'adequacy' rating (like the USA), we ensure it is protected by the UK International Data Transfer Agreement (IDTA) or equivalent legally approved safeguards to ensure your data remains as safe as it is in the UK.

 

9. Automated Decision Making

 

We do not use solely automated systems to make significant decisions about you. While we use digital tools to assist with vetting and financial health checks, a human member of the Eventilise team reviews all results before any final decision is made regarding your suitability as a provider.

 

10. Who we share your data with

 

We do not sell your data. We only share your information when necessary to provide our services, such as:

 

* Clients: Sharing facilitator names and vetting status (e.g., confirmation of a valid DBS) to ensure site security.

 

* Service Providers: Sharing attendee dietary requirements with catering partners.

 

* Legal Obligations: If required by the Information Commission, law enforcement, or for insurance purposes.

 

 

11. How to Complain

 

If you are unhappy with how we handle your data, you have a legal right to complain directly to us first.

 

Contact us: Email eventilise@gmail.com with the subject "Data Protection Complaint."

 

Our Promise: We will acknowledge your complaint within 30 days.

 

Resolution: We will investigate and provide a full response without undue delay.

 

If you remain dissatisfied after our final response, you can then escalate your complaint to the Information Commission (formerly the ICO) at www.ico.org.uk.

 

We need your consent to load the translations

We use a third-party service to translate the website content that may collect data about your activity. Please review the details in the privacy policy and accept the service to view the translations.