Ynys Consulting Ltd are committed to protecting your personal information and to being transparent about the information we hold about you.
Holding and processing your personal information allows us to develop a better understanding of our customers, and in turn to provide you with relevant information about the events we offer and the ones that you may like.
Personal information also helps us profile our customers, to help shape our advertising messaging and placement. The purpose of this policy is to give you a clear explanation about how we collect and process your personal information through your use of our website, including any data you may provide through this website, when you sign up to our newsletter, purchase items from us, as well as others we may share this information with.
- The Data Protection Act 1998
- The Privacy and Electronic Communications (EC Directive) Regulations 2003
- The EU General Data Protection Regulation (Regulation EU 2016/679), (‘GDPR’) which became effective from 25 May 2018
This policy explains:
- Who we are
- Information we may collect about you
- How we collect your data
- How we may use your information
- Disclosure of your details to third parties
- Security of your personal information
- Data retention
- Your legal rights
- Contact details and further information
If you have any questions, please contact the Data Controller at Ynys Consulting Ltd using the contact details at the end of this policy.
For our terms and conditions of sale, please click here.
- WHO WE ARE
Ynys Consulting Ltd is a private limited company registered in Wales at 3 Redbrink Crescent, Barry CF62 5TT
The company’s core business operation is the hosting of conferences
We trade online through our website www.theticketinginstitute.com
- INFORMATION WE MAY COLLECT ABOUT YOU
Personal information refers to any information about a living human from which that person can be specifically identified. Personal information does not include data where the identity has been removed, i.e. anonymous data.
There are different types of personal data that we may use, store and transfer to other people to process on our behalf. To help you understand these different kinds of personal information we have grouped them together as follows:
- Identity Data this would be names, such as your first or last names or perhaps your username, along with your titles, such as Ms, Mrs or Dr, your date of birth and your identified gender.
- Contact Data this could be physical addresses you may supply, for billing or delivery of your orders along with telephone numbers, social network or messaging service usernames or email addresses.
- Financial Data this could be your bank account or payment card details
- Transaction Data this could include details of what you have ordered, such as events and participants, along with information about payments and refunds that have been received or sent to you.
- Technical Data this could the device or operating systems, along with such things as the Internet browser you use or plugins you have installed as well as other technology on the devices you use to access our website.
- Profile Data this could include your username and password, services or orders made by you, your interests, preferences you have told us about, feedback and survey responses you have given, along with your spending or browsing patterns.
- Usage Data this includes information about how you use our website, products and services.
- Marketing and Communications Data this includes your preferences, the permissions you have given us and allows us to ensure we only contact you as you wish to be contacted and helps us tailor our offers and promotions to you.
We also collect and construct Aggregated Data such as statistical or demographic data to help us understand our current, past and future customers, along with their needs and their shopping patterns.
Aggregated Data may be derived from your personal information but is not considered personal data in law as this data does not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a particular range of our offerings on a particular day and how many completed a purchase.
The General Data Protection Regulation specifies Special Categories of Personal Data that are considered specifically sensitive.
Examples of this may be details of your personal life, experience and beliefs, such as criminal convictions, your sexual orientation, beliefs based on religion or philosophy, trade unions membership, your ethnic origin or data about your health, biometric or genetic profiles.
Whereas we do not collect or process sensitive information
If you fail to provide personal information
We have to collect and process information in order to perform our business activities and fulfil orders that you may place with us. For example, we must have your email address to send you updates on your order and we must hold your address on file to dispatch your goods. If you fail to provide this information we may not be able to provide you with goods or services, you request.
- HOW WE COLLECT YOUR DATA
Data about you may be sent to or collected by us in a number of different ways, which we have set out below;
Information you give to us yourself
When you visit the website, sign up to our newsletter, give us feedback or make a purchase from us, we will process the personal information you give to us such as your name, email address, postal address, telephone number and card details. We keep a record of your purchases, including your job title and employer’s name
Through Technologies and Interactions As you navigate and interact with our website, we may automatically collect Technical Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies and other similar technologies.
Information from Others
We occasionally receive information about you from third parties as set out below:
- From companies involved in fulfilling the orders you place with us
- From companies helping us to better understand your opinions and how you are our service
These are detailed later in this document
- HOW WE MAY USE YOUR INFORMATION
We will only use your personal information when the law allows us to.
Most commonly, we will use your personal information in the following circumstances:
- Where we need to perform the contract, we are about to enter into or have entered into with you, such as fulfilling an order you place.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation, such as in our accounting or working with credit card companies to reduce fraudulent activity
- Where you have given us your explicit consent to use your personal information in a specific situation. We do not rely on consent as a legal basis for processing your personal information and you have the right to withdraw consent to us marketing to you at any time by contacting us. You will find the relevant contact details at the end of this policy.
Purposes for which we will use your personal information
We have set out below, in a table format, a description of all the ways we plan to use your personal information, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate.
Please note that we may process your personal information for more than one lawful ground depending on the specific purpose for which we are using your information. Please contact us if you need details about the specific legal ground we are relying on to process your personal data where more than one ground has been set out in the table below.
|Purpose/Activity||Type of data||Lawful basis for processing including basis of legitimate interest|
|To register you as a new customer||(a) Identity
|Performance of a contract with you|
|To process and deliver your conference passes and invoices including:
(a) Manage payments, fees and charges
(b) Collect and recover money owed to us
(e) Marketing and Communications
|(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to recover debts due to us)
|To manage our relationship with you which will include:
(b) Asking you to leave a review or take a survey
(d) Marketing and Communications
|(a) Performance of a contract with you
(b) Necessary to comply with a legal obligation
(c) Necessary for our legitimate interests (to keep our records updated and to study how customers use our products/services)
|To enable you to partake in a prize draw or complete a survey||(a) Identity
(e) Marketing and Communications
|(a) Performance of a contract with you
(b) Necessary for our legitimate interests (to study how customers use our products/services, to develop them and grow our business)
|To administer and protect our business and this website (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)||(a) Identity
|(a) Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise)
(b) Necessary to comply with a legal obligation
|To deliver relevant website content and advertisements to you and measure or understand the effectiveness of the advertising we serve to you||(a) Identity
(e) Marketing and Communications
|Necessary for our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy)|
|To use data analytics to improve our website, products/services, marketing and communications with you, customer relationships and experiences||(a) Technical
|Necessary for our legitimate interests (to define types of customers for our products and services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)|
|To make suggestions and recommendations to you about goods or services that may be of interest to you||(a) Identity
|Necessary for our legitimate interests (to develop our products/services and grow our business)|
We aim to communicate with you about the products we offer in ways that you find relevant to you and never excessive. To do this, we use data that we have stored about you, such as your purchase history and which of our lines or products you have viewed in the past, as well as any contact preferences you may have told us about.
We use our legitimate interest as the legal basis for communications by post and email. The majority of our communications will be by email and you may opt out of receiving these at any time by
- Using the contact details at the end of this policy
- by updating your contact preferences in your online account with us.
In the case of email, we will give you an opportunity to opt out of receiving electronic communications during your registration or first purchase with us If you do not opt out at this stage, we will provide you with an option to unsubscribe in every email that we send you subsequently. Alternatively, you can use the contact details at the end of this policy or update your contact preferences in your online account with us.
As part of our contract with you to deliver your purchases, we may need to contact you by email or telephone to provide essential information related to your purchase and its delivery, such as to confirm an address or to advise of a stock issue.
- DISCLOSURE OF YOUR DETAILS TO THIRD PARTIES
There are certain circumstances under which we may disclose your personal information to third parties. These are as follows:
- To our service providers who process data on our behalf and on our instructions for example the companies we use to take payment, fulfil and deliver orders you make with us. This would principally the organisation who operates the venue at which a conference you are attending is hosted. We require all third parties to respect the privacy of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.
- Where we are under a duty to disclose your personal information in order to comply with any legal obligation (for example to government bodies and law enforcement agencies).
We do not sell personal details to third parties for any purpose.
- Data Processors we Use
|Name of Processor||What data are they processing and why?|
|Survey Monkey||Reason for Processing: Customer Feedback and questionnaires Data Processed: First name, Last name, Email address, Contact Phone Numbers, Job Title, Employer’s name and length of service.|
|Reason for Processing: Legitimate Interest in marketing our products to customers and people similar to our customers Data Processed: email address|
|MailChimp||Reasons for Processing: Marketing of similar products or services the data subject has bought or expressed an interest in buying from Ynys Consulting Ltd. Data Processed: First name, Last name, Email address, Contact Phone Numbers, Physical Addresses, and transactional and browsing behaviour|
|Google Drive, Apps and Mail||Reasons for Processing: Sending or receiving documents and correspondence (including one to one emails) with customers. Data Processed: First name, Last name, Email address, Contact Phone Numbers, Physical Addresses, Payment Information, Registrations purchased and transactional (not payment) details|
|Quickbooks||Reasons for Processing: Keeping accurate accounting records Data Processed: First name, Last name, email address, physical addresses, telephone contact numbers, transactional details|
- SECURITY OF YOUR PERSONAL INFORMATION
Your debit and credit card information
If you use your credit or debit card to purchase from us or to make a donation, we will ensure that this is carried out securely and in accordance with the Payment Card Industry Data Security Standard (PCI-DSS). You can find more information about this standard (https://www.pcisecuritystandards.org/pci_security/). We give the option for you to store your card details safely for use in future transactions. This is carried out in compliance with PCI-DSS and in a way where none of our staff members can see your full card number. We never store your 3 or 4-digit security code.
Security of your personal information
We have put in place appropriate safeguards (both in terms of our procedures and the technology we use) to keep your personal information as secure as possible. We will ensure that any third parties we use for processing your personal information do the same and that they will only process your personal information on our instructions. The third parties will also be subject to a duty of confidentiality.
We will not transfer, process or store your data anywhere that is outside of the European Economic Area, unless we have a contractual agreement in place that is of an equivalent standard to GDPR.
- DATA RETENTION
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for or you have agreed for us to keep it. This will include ensuring we can satisfy any legal, accounting, fraud prevention or reporting requirements.
We will always consider how long we retain your data for taking into account the amount of data we hold, along with its sensitivity along with the risk of this data being disclosed, the impact this would have on you, as well as whether we can achieve the same outcomes in our business without retaining it in personally identifiable form, such as anonymising the data.
- YOUR LEGAL RIGHTS
Data protection laws give you rights, in certain circumstances, rights in relation to your personal data. These are laid out in GDPR and include
- a) The right to request access to your personal information
If you wish to request a copy of the data we hold about you, please use the details at the end of this policy to get in touch with us. If you are a citizen of a European country and you consider the processing of your data by us to be unlawful, you may lodge a complaint with the Information Commissioners Office.
- b) Request correction of your personal information
If you believe the information we hold about you to be inaccurate, you have the right to request that we correct this. In order to ensure that any new information you provide is correct and / or does not breach the rights of others, we may ask for proof of identity or the changes from you, prior to making the change.
- c) Request erasure of your personal information
You have the right to request that we delete or remove personal information where there is no good reason for us continuing to process it. There may be specific reasons where we cannot agree to erasure of your information, such as to fulfil legal or contractual obligations, such as accounting, audit and fraud prevention. You will be advised if there are any reasons why we cannot agree
- d) Object to processing of your personal information
You have the right to object to the processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
- e) Request restriction of processing your personal information
You have the right to request that we suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
- f) Request transfer of your personal information
You have the right to request that the personal information we hold about you is transferred to you or to a third party. We will provide to you, or a third party you have chosen, your personal information in a structured, commonly used, machine-readable format, exampes of this may be your personal details, profile and associated notes, along with your order history. Please note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
- g) Right to withdraw consent
In circumstances where we are relying on your consent to process your personal data, you have the right to withdraw your consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you, such as product updates or sell goods to you. We will advise you if this is the case at the time you withdraw your consent.
Please also note the following: –
We will not look to charge a fee in most cases
You will not have to pay a fee to access your personal information (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.
We may ask you to prove your identity or to confirm information you provide to us
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights). This is a security measure to ensure that personal information is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
We will aim to respond within one month.
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
- CONTACT DETAILS AND FURTHER INFORMATION
Please also contact us if you have any questions about the information we hold about you, or to change your contact preferences with us:
Email us: firstname.lastname@example.org
Call us: +44 (0) 7900 231118
Write to us:
3 Redbrink Crescent
The Vale of Glamorgan
24th May 2018