Last updated September 2018
Crystal Interactive is an event services business. This data protection notice is for people attending events for which we provide support services. It sets out what personal data we collect, process and store in connection with an event and how we do so.
We require your consent
We collect, process and store personal data of people attending events or intending to attend events. We will only collect, process and store your personal data with your consent and in accordance with applicable data protection law. You can withdraw your consent at any time.
What personal data do we collect, process and store?
We may collect, process and store the following types of personal data:
- name, gender, date of birth, address, email address, telephone number, job title, company name, biography and profile image;
- your personalised event agenda;
- unique identifiers such as your username and password (if you register with our website or one of our mobile applications);
- location information (if you use one of our devices or mobile applications);
- photos of you (if you attend an event that includes photography);
- information you submit as feedback, survey responses, enquiries or complaints.
We do not collect, process or store any of your sensitive personal data (for example, your race, religion or sexual preference).
You can request what personal data we hold you about and you can request that we correct that personal data.
How do we collect your personal data?
We may collect personal data from you before, during or after an event by requesting you to input it using one of our devices, one of our mobile applications or on our website. Our devices and mobile applications may track, display, collect, store and share data generated by your participation in an event including your location information during the event and time periods around the event.
If you are using one of our mobile applications on your own device, the application will only track your location if you have enabled it to do so.
For some events, our client (the business or organisation holding an event) may provide your personal data to us. We require that our client has your consent to disclose your personal data to us for the purposes of the event.
What do we use your personal data for?
We only use your personal data for the purposes of providing support services to an event or complying with our legal or regulatory requirements. We will not use your personal data for any marketing purposes.
How long do we store your personal data for?
We delete your personal data within 60 days of the event you attended (or intended to) or the expiry of any license related to any services we provide in connection with that event. You can request deletion of your personal data at any time.
How do we process and store your personal data?
We have implemented technical and organisational measures required to comply with applicable data protection law. The measures we use are designed to ensure a level of security appropriate to the risk of processing your personal data.
We may use other companies in our group or third party service providers to process your Personal Data. This processing may include activities which take place outside of the European Economic Area. If this is the case we will ensure appropriate safeguards are in place to protect your Personal Data.
You can request information about the third party service providers we use to process and store your personal data.
You can request that we restrict how we process and store your personal data.
Who can access your personal data?
Our employees, contractors and other personnel will only access and use your personal data to the extent they need to do so to perform a task in connection with our performance of support services we are providing to an event.
Who is responsible for your personal data?
Crystal Interactive is a trading name of IML Interactive UK Limited and Crystal Interactive Limited. Both companies provide event services and anyone can request which company is the service provider for a specific event at any time.
IML Interactive UK Limited or Crystal Interactive Limited (whichever is the applicable service provider for an event) is the Controller for your personal data collected in connection with an event.
In some circumstances, including when we only provide a "self-service" platform to a client (the business or organisation holding an event), our client is the Controller of your personal data collected in connection with an event and IML Interactive UK Limited or Crystal Interactive Limited (whichever is the applicable service provider for an event) is a Processor for the client. When we act as a data processor on behalf of a data controller, we collect, process and store your personal data in accordance with the data controller's instructions (which may be specific or general). In these circumstances, you will need to approach the data controller and the data controller's data protection policy will apply.
Third party services
Some of the services we provide include applications and technology provided by partners and other third parties. These third parties may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third party services, please consult their privacy policies as appropriate.
You can complain to us by emailing firstname.lastname@example.org.
If we fail to resolve your complaint, you can contact the UK's Information Commissioner's Office via their website at ico.org.uk or your local data protection authority.
Crystal Interactive contact information
Our website is crystalinteractive.net.
Employee with overall responsibility for data security: Dom Honey, Operations Director email@example.com
Employee responsible for reporting, identifying risks and action: Lee Borrett, IT Support Manager firstname.lastname@example.org
Our address is Bridge House, Flambard Way, Godalming, Surrey, GU7 1JB. UK.