Protection of your privacy and the security of your personal information is particularly important to us.
In this Policy, “we”, “us” and “our” refers to the company Hour Events of 20 Governor’s Street, GX11 1AA Gibraltar.
We do not collect, use, or process personal information without an appropriate legal basis or without your express consent. It is important for you to note that consent, which has been given by you, may be revoked at any time with immediate effect for future use.
What Personal Information Do We Collect?
We collect and process various categories of personal information at the start of and for the duration of our relationship with you. Some categories of personal information are kept beyond the termination of our relationship where so required and there is a legitimate purpose for doing so. We limit the collection and processing of information to what is necessary to achieve one or more of the legitimate purposes identified in this Policy.
Personal information which we may collect, and process may include:
- basic personal information, such as name and address, contact details and date of birth;
- information about the purpose and scope of your expected relationship with us;
- personal identification documents, such as copies of passports etc.;
- online profile and social media information obtained as a result of your use of our websites and applications;
- photos and video recordings from the events we organise.
How Do We Collect Personal Information?
We collect your personal information in the following manner:
- information you provide to us directly;
- information we receive from third parties, such as third party service providers;
- information acquired by us during the course of our relationship and dealings with you;
- information collected through the use by you of our websites and applications;
- information gathered from publicly available sources.
Why Do We Collect Personal Information?
The purposes for which your personal information is collected and processed include the following:
- contractual necessity – such as where it is necessary to enter into a contract with you for the provision of our services or to perform any agreement;
- legal obligation – such as where you apply for or are provided with a product or service where we are required by law to collect and process that personal information;
- legitimate interests of the company – where it is in our legitimate interests to do so and without prejudicing your interests or fundamental rights or freedoms.
How Do We Use Personal Information?
We will only use your personal information where it is necessary and lawful for us to do so in carrying out our business. The personal information we collect from you may be used in one or more of the following ways:
- to provide our services to you;
- to manage your relationship with us;
- to meet legal, compliance and or regulatory obligations;
- to market our products to you.
Sharing Your Personal Information
Personal information may be processed by us and/or our affiliates, agents, vendors, consultants or suppliers, as well as any other third party service providers who are performing certain services on our behalf for the purposes specified above or on your instructions. We may access, preserve, and disclose to third parties information about you if we believe disclosure is in accordance with, or required by, any contractual relationship with you, applicable law, regulation or legal process.
We disclose information to external business partners if you have consented to this or if such disclosure is lawful. In addition, we may be required by law or by a court of law to disclose certain information about you to relevant regulatory, law enforcement and other competent authorities.
In connection with IT hosting and support, personal information is transferred to data processors, including data processors in third countries outside the EU.
Your personal information may be disclosed if we enter into a sale, reorganisation, transfer or asset disposal with or merge with another business entity, in which case it may be disclosed to that entity.
Your Rights as a Data Subject
The right to confirmation and access
You have the right to ask us to confirm to you whether or not we collect, process or store your personal information. You have the right to be informed about:
- the purpose of the processing we do;
- the categories of personal information we hold;
- the envisaged period for which it will be stored, or, if not possible, the criteria used to determine that period;
- the existence of the right to request from us rectification or erasure of personal information, or restriction of processing of personal information or to object to such processing;
- the existence of the right to lodge a complaint with a supervisory authority;
- where the personal information is not collected from you, any available information as to its source;
- the existence of automated decision-making, including profiling and meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you; and
- whether your personal information is transferred to a third country and if so of the appropriate safeguards in place relating to the transfer.
The right to rectification
You have the right to have any inaccurate personal information about you rectified and to have any incomplete personal information about you completed. You may also request that we restrict the processing of that information. If you ask us to restrict processing we may have to suspend the operation of some or all of our services to you.
The right to erasure
You have the general right to request the erasure of your personal information in the following circumstances:
- the personal information is no longer necessary for the purpose for which it was collected;
- you withdraw your consent to consent based processing and no other legal justification for processing applies;
- you object to processing for direct marketing purposes;
- we unlawfully processed your personal information; and
- erasure is required to comply with a legal obligation that applies to us.
We will proceed to comply with an erasure request without delay unless continued retention is necessary for:
- Exercising the right of freedom of expression and information;
- Complying with a legal obligation under EU or other applicable law;
- The performance of a task carried out in the public interest;
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; and/or
- The establishment, exercise, or defence of legal claims.
The right to restrict processing
You have the right to restrict the processing of your personal information under certain circumstances:
- you contest the accuracy of the personal information;
- where processing is unlawful you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed personal information;
- we no longer need to process your personal information but need it for the establishment, exercise, or defence of legal claims.
If you ask us to restrict processing we may have to suspend the operation of some or all of our services to you.
The right to object to processing
You have the right to object to processing of your personal information under certain circumstances, these include:
- where our processing is for direct marketing purposes (including profiling for direct marketing purposes);
- where our processing is for scientific or historical research purposes or statistical purposes on grounds relating to your particular situation.
Where you object on the above basis, we will cease to process your personal information unless there are legitimate grounds for doing so, overrides your interests or we need to process your personal information to establish, exercise, or defend legal claims.
The right to data portability
Where the legal basis for our processing is your consent or is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, you have a right to receive the personal information you provided to us in a portable format. Additionally, you may also ask us to provide it directly to a third party and we will do so where this is feasible. We are not responsible for the use for any third party’s use of that information.
The right to complain to a supervisory authority
If you consider that our processing of your personal information has infringed data protection laws, you have a legal right to lodge a complaint with a supervisory authority responsible for data protection. You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement.
The right to withdraw consent
Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time.
Storing Personal Information
We retain your information only for as long as is necessary for the purposes for which we process the information as set out in this Policy. Records can be held in a variety of ways (physical or electronic) and formats.
Retention periods are determined based on the type and nature of the information and the legal or regulatory requirements that apply. We will, in the normal course of events, keep client records for up to six years after the termination of the relationship. However, we may retain your personal information for a longer period of time where such retention is necessary for compliance with a legal obligation to which we are subject.
Existence of Automated Decision-making
We do not use automatic decision-making or profiling when processing personal information.
How We Secure Your Information
We are committed to taking appropriate measures designed to keep your personal information secure from loss, theft, misuse and accidental, unlawful or unauthorised access, disclosure, alteration, use and destruction. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received. We update and test our security technology on an ongoing basis.
Access to your personal information is restricted to those employees who need to access that information to provide our services to you. Furthermore, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information.
A loss of personal information is known as a data breach. The European GDPR (General Data Protection Regulation) imposes certain requirements on businesses to identify, assess and report breaches in a timely manner (within 72 hours). We undertake to inform you, when required, if your personal information is compromised and there is a risk to your rights and freedoms as a result.
We may update this Policy from time to time by publishing a new version on our website. When we make such changes or update this Policy we may notify you of changes to this Policy by email.
If you would like a copy of the personal records we hold about you, or if you have any questions regarding this Policy or generally about the way we handle your personal information, contact us at:
20 Governor’s Street
Gibraltar, GX11 1AA
Phone: +350 200 71335