Your Event Privacy Policy

When creating or editing your event, you can specify your own Privacy Policy. This area can be found on the ‘Edit Event’ page at the end of the creation process under 'Policies and Conditions' - alongside the text areas for your Terms & Conditions and Refund Policy. 

Since the implementation of the General Data Protection Regulation (GDPR) on 25th May 2018, it is critical you inform your customers about the data you collect. This is especially important if you collect any personal or sensitive data, like contact details or medical information. GDPR identifies two parties who are responsible for the processing of personal data:The controller determines the purposes and manner in which any personal data is processed.The processor  is the person who processes the data. Helm Tickets is the processor of data collected through ticket sales. The Organiser of the event is the controller. This means it is your responsibility to provide your own Privacy Policy, in which you clearly explain what you will do with customer data, as well as noting any parties who will process the data - including Helm Tickets and any third-party integrations you use (e.g. Mailchimp, HubSpot). You must disclose what information is shared and why.

Personal Data - What constitutes personal data, at its simplest is anything that you can use to identify an individual, this includes but is not limited to

  • Name
  • Address
  • Email address
  • Medical conditions
  • ID cards
  • IP address and location data

Sensitive information - Personal data like medical information is classed as Special category data. Data regarded as such is heavily regulated and it is imperative you obtain explicit consent at the point of collection, along with a Privacy Notice explaining why you need the information and what you will do with it. You can also include a statement within your own Event Information/Terms & Conditions which advises customers with suggested prohibitive medical conditions that they should not take part in the event but if they choose to do so, they must contact you directly to discuss the condition. This route will not only ensure you have explicit consent but will also enable you to avoid collecting and being responsible for special category data.

Individual Rights

The basis for implementing GDPR is to give control to individuals about who is collecting their data and how it can be used - these rights include being able to request data be erased. It’s important these rights are respected and you can find out more about them here.

Summary - Under GDPR regulations, it’s your responsibility to inform the customer of the following:

  • What data you’re collecting - e.g. medical conditions, contact details.
  • How it’s collected - e.g. through Helm Tickets.
  • The legal basis for collection - There are six legal basis for collection, which are; consent, contract, legal obligations, vital interests, public task and legitimate interest. You can read more about the requirements for each one here. You must have a legal basis for collecting data and therefore, you should only collect data that is absolutely necessary.
  • Why you need the data -  e.g. if you must legally have medical conditions on record to gain event insurance or to protect attendees from allergens.

The above details should be included in your Privacy Policy. Therefore, we recommend you seek professional guidance on the GDPR and collecting customer information. Official information can be found on the ICO website.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us