Data Protection
Event Amplifier is a brand of TConsult Ltd. TConsult Ltd (hereafter “the Company”) is registered with the Office of the Information Commissioner for the purposes of data protection. The Company warrants that it meets and will continue to meet the requirements of UK data protection law and the EU General Data Protection Regulation (‘GDPR’) with respect to all data received, held and processed on the Company’s systems including but not limited to policies, procedures and controls to ensure (i) secure storage, (ii) processing of data solely for the purpose it was collected, (iii) deletion of data and (iv) responses to enquiries.
Data
Personal data that may be stored may include, but not be limited to information about (i) Client’s employees, including name, email address and/or telephone number together with records of communications between the Company and these employees, (ii) information about Client’s customers including but not limited to names, email addresses and any content they may enter into the chosen online event platform.
Transmission
The Company operates secure servers located within the European Union to which personal or commercially senstive data may be uploaded by suitably authorised personnel of Client. If Client or any of Client’s personnel transmit personal or commercially senstive data to the Company by any other means, irrespective of whether such data was protected and/or encrypted when sent, the Company will protect such data as if it had been deposited directly to the Company’s servers. However, the Company will not be liable for any data breaches except to the extent that the data breach can be attributed wholly and exclusively to the Company’s gross negligence, wilful misconduct of failure to meet its obligations under GDPR after the receipt of the data.
Storage
Personal or commercially sensitive data will be stored on computer servers and in filing systems controlled by the Company, located within the European Union and to which access is limited to those employees of the Company that have legitimate reason to access such data for the purpose of meeting the obligations of this Agreement plus those employees of Client that Client specifically authorises. The Company operates its own servers and backup servers protected by firewalls, anti-virus software and other security counter-measures. The Company maintains regular reviews of security and Client warrants that it will inform the Company of any change required to personnel authorised to access personal data on the Company’s systems within one business day. The Company will not be responsible or liable for any data breach caused by access to Client’s personal or commercially sensitive data by Client’s employees.
Purpose
Personal data will be processed strictly and only for the purpose of meeting the obligations of this Agreement.
Explicit Consent Given
By entering into a contract with the Company, the client gives explicit consent to the transfer of personally identifiable data to the Company, where such data is required for the performance of this Agreement. Where the Client is transferring personally identifiable data of its customers, propsective customers, suppliers or other counterparties (collectively ‘third parties’), Client warrants that it has the explicit consent of those third parties to the transfer of their personally identifiable data.
Withdrawal of Explicit Consent
Client may withdraw its consent at any time by sending an email to [email protected]. Such withdrawal, if it affects the Company’s ability to perform its obligations under this Agreement, will not be deemed a termination event.
Data Deletion
Unless Client specifies otherwise, personal or commercially sensitive data will be deleted within one calendar month of the completion of the purpose for which the data was solicited, stored and processed except to the extent that such data is required to be retained beyond this time by the Company under any other applicable legislation (‘Extended Retention Period’). To the extent that data is retained in an Extended Retention Period, personal data will be deleted within one calendar month of the end of the Extended Termination Period.