Your event privacy policy
You can specify your own privacy policy when you're creating or editing your event.
You'll find this area on the ‘create event’ page at the end of the process under 'policies and conditions'. This is also where you can put your terms & conditions and refund policy.
Why you must provide a privacy policy
Under the Data Protection Act 2018 and the General Data Protection Regulation (GDPR) you must tell your attendees about any personal data you collect. This is particularly important if you collect any sensitive data, such as medical information.
Personal data is anything that can be used to identify someone. This includes:
- Name
- Address
- Email address
- Medical conditions
- ID cards
- IP address and location data
Sensitive data includes medical information or information about the protected characteristics (age, sex, race etc.) This data is categorised as special category data and is heavily regulated. You can read about this here: special category data.
You must only collect data that is absolutely necessary.
Helm Tickets is the 'processor' of the data collected through ticket sales, but as the organiser you're the 'controller'. The controller is the person or organisation who determines the purposes and manner in which any personal data is processed. This means it's your responsibility to provide your own privacy policy.
We recommend you seek professional guidance on your responsibilities under the GDPR. You can also find official information on the ICO website.
What to include in a privacy policy
You must clearly explain what you do with your attendees' data, including:
- Noting any parties who will process the data (including Helm Tickets and any third-party integrations you use like MailChimp or HubSpot), which data is shared, and why
- What data you're collecting e.g. medical conditions, contact details
- How the data is collected e.g. through Helm Tickets
- Why you need it e.g. if you must legally have medical conditions on record for your event insurance or to protect attendees from allergens
- The legal basis for collecting it. You must meet one of the 6 legal bases for collecting the information:
- Consent
- Contract
- Legal obligation
- Vital interests
- Public task
- Legitimate interest
You can read more about the requirements for each one here, and you can find out more about other rights under the GDPR here.