We’ll keep this page updated to show you all the things we do with your personal data. This policy applies if you’re a client, a sponsor, an exhibitor, volunteer, customer, contractor or employee or use any of our services, visit our websites, email, call or write to us. In certain circumstances we may also provide an extra privacy notice, which will always refer to this page.
We’ll never sell your personal data and will not share it with any organizations we work with.
Who are ‘we’?
In this policy, whenever you see the words ‘we’, ‘us’, ‘our’, it refers to Sbarc Ltd, company registration number 04126119
Our registered office is at Address: Llys Y Dderwen Ffordd Gelli Morgan, Parc Menai, Bangor LL57 4FH
Sbarc Ltd is either subcontracted or is the owner of various events which raise income from a range of commercial trading activities to generate income, including sale of pitches, sponsorship and commercial activities.
What personal data do we collect?
Your personal data (any information which identifies you, or which can be identified as relating to you personally for example, name, address, phone number, email address) will be collected and used by us. We’ll only collect the personal data that we need.
We collect personal data in connection with specific activities such as registration or placing an order, volunteering, ordering an image, employment etc.
You can give us your personal data by filling in forms on our websites, by registering to receive information on various events.
This personal data you give us may include name, job title, address, email address and telephone numbers.
Personal data provided by you
This includes information you give when interacting with us, for example enquiring or registering, placing an order or communicating with us. For example:
• Personal details (name, email, address, telephone, and so on) when you register for an event
• Financial information (payment information such as account number and sort code)
• Your opinions and attitudes about an event that you have recently attended
If you buy a ticket on line your details will be recorded and your association with that relationship will be recorded. We may automatically collect the following information:
• Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform and if you access our website via your mobile device we will collect your unique phone identifier
• Information about your visit, including, but not limited to the full Uniform Resource Locators (URL) and query string, clickstream to, through and from our website (including date and time), products you viewed or searched for, page response times, download errors, length of visits to certain pages, page interaction information (such as but not limited to, scrolling, clicks, and mouse-overs), methods used to browse away from the page, and any phone number used to call our customer service number
• Information about your purchases including but not limited to revenue figures, the types of products purchased, membership application ID, purchase ID, Holiday booking ID, and Renewal ID.
• The terms that you use to search our website
Personal data created by your involvement with us
Your activities and involvement with us will result in personal data being created. This could include details of how you’ve helped us by volunteering or being involved with our campaigns and activities. If you decide to exhibit with us, then we’ll keep records of when and how much you invested to an event.
Information we generate
We conduct research and analysis on the information we hold, which can in turn generate personal data. For example, by analyzing your interests and involvement with our work we may be able to build a profile which helps us decide which of our communications are likely to interest you. The sections Research and Profiling gives more detail about how we use information for profiling and targeted advertising, including giving you more relevant digital content.
Information from third parties
We buy anonymous external data (e.g. census data, Experian MOSAIC, TGI) and combine it with your personal data at an aggregated level to build profiles which help us work out what you’re most likely to want to hear from us about and how.
Sensitive personal data
At times we’ll collect sensitive personal data for Equal Opportunities monitoring, as well as researching whether we deliver great experiences for everyone, but this is only ever analyzed at an aggregate level.
If you’re a volunteer then we may collect extra information about you (e.g. references, criminal records checks, details of emergency contacts, medical conditions etc.). This information will be retained for legal or contractual reasons, to protect us (including in the event of an insurance or legal claim) and for safeguarding purposes.
Children’s personal data
We collect their names and dates of birth to ensure their right to free admission. We don’t ask children on family memberships for consent to marketing communications, so they don’t receive them unless they’ve asked for them through our websites.
How we use your personal data
We’ll only use your personal data on relevant lawful grounds as permitted by the EU General Data Protection Regulation (from 25 May 2018)/UK Data Protection Act and Privacy of Electronic Communication Regulation.
Personal data provided to us will be used for the purpose or purposes outlined in any fair processing notice in a transparent manner at the time of collection or registration where appropriate, in accordance with any preferences you express. If asked by the police, or any other regulatory or government authority investigating suspected illegal activities, we may need to provide your personal data.
Your personal data may be collected and used to help us deliver our activities, help us raise awareness, or complete your order or request. Below are the main uses of your data which depend on the nature of our relationship with you and how you interact with our various services, websites and activities.
Your privacy is important to us, so we’ll always keep your details secure. We’d like to use your details to keep in touch about things that may matter to you.
If you choose to hear from us we may send you information based on what is most relevant to you or things you’ve told us, you like. We may also show you relevant content online. This might be about visiting our events, volunteering with us.
We’ll only send these to you if you agree to receive them and we will never share your information. If you agree to receive marketing information from us, you can change your mind later.
However, if you tell us you don’t want to receive marketing communications, then you may not hear about events or other work we do that may be of interest to you.
Personal data provided to us may also be profiled to help us with advertising targeting.
How can I change my contact preferences?
We’d love to stay in touch, but we don’t want to out-stay our welcome. Choose how you would like us to get in touch with you by registering or signing in to the relevant website. For example, you can tick ‘email’ and we’ll keep you updated on events, places and news relevant to you – straight into your inbox.
We’ll always act upon your choice of how you want to receive communications (for example, by email, post or phone). However, there are some communications that we need to send.
Newsletters and magazines
We use the personal data you provide to keep you up to date, this includes sending renewal information to annual events by mail and email, sending the annual publication.
Management of volunteers
We need to use your personal data to manage your volunteering, from the moment you enquire to the time you decide to stop volunteering with us. This could include: contacting you about a role you’ve applied for or we think you might be interested in, expense claims you’ve made, shifts you’ve booked and to recognize your contribution.
We process customer data to fulfil ticket and holiday bookings and retail activities. Your data will be used to communicate with you throughout the process, including to confirm we’ve received your order and payment, to confirm dispatch, to clarify where we might need more detail to fulfil an order or booking, or to resolve issues that might arise with your order or booking. Properties may also hold dietary requirements for events.
We carry out research with our supporters, customers, staff and volunteers to get feedback on their experience with us. We use this feedback to improve the experiences that we offer and ensure we know what is relevant and interesting to you.
If you choose to take part in research, we’ll tell you when you start what data we will collect, why and how we’ll use it. All the research we conduct is optional and you can choose not to take part.
Recruitment and employment
In order to comply with our contractual, statutory, and management obligations and responsibilities, we process personal data, including ‘sensitive’ personal data, from job applicants and employees.
Such data can include, but isn’t limited to, information relating to health, racial or ethnic origin, and criminal convictions. In certain circumstances, we may process personal data or sensitive personal data, without explicit consent. Further information on what data is collected and why it’s processed is given below.
Contractual responsibilities: Our contractual responsibilities include those arising from the contract of employment. The data processed to meet contractual responsibilities includes, but is not limited to, data relating to: payroll, bank account, postal address, sick pay; leave, maternity pay, pension and emergency contacts.
Statutory responsibilities: Our statutory responsibilities are those imposed through law on the organization as an employer. The data processed to meet statutory responsibilities includes, but is not limited to, data relating to: tax, national insurance, statutory sick pay, statutory maternity pay, family leave, work permits, equal opportunities monitoring.
Management responsibilities: Our management responsibilities are those necessary for the organizational functioning of the organization. The data processed to meet management responsibilities includes, but is not limited to, data relating to: recruitment and employment, training and development, absence, disciplinary matters, e-mail address and telephone number.
Sensitive personal data
The Act defines ‘sensitive personal data’ as information about racial or ethnic origin, political opinions, religious beliefs or other similar beliefs, trade union membership, physical or mental health, sexual life, and criminal allegations, proceedings or convictions.
In certain limited circumstances, we may legally collect and process sensitive personal data without requiring the explicit consent of an employee.
(a) We will process data about an employee’s health where it is necessary, for example, to record absence from work due to sickness, to pay statutory sick pay, to make appropriate referrals to the Occupational Health Service, and to make any necessary arrangements or adjustments to the workplace in the case of disability. This processing will not normally happen without the employee’s knowledge and, where necessary, consent.
(b) We will process data about, but not limited to, an employee’s racial and ethnic origin, their sexual orientation or their religious beliefs only where they have volunteered such data and only for monitoring and upholding our equal opportunities policies and related provisions.
(c) Data about an employee’s criminal convictions will be held as necessary.
Disclosure of personal data to other bodies
In order to carry out our contractual and management responsibilities, we may, from time to time, need to share an employee’s personal data with one or more third party supplier.
To meet the employment contract, we are required to transfer an employee’s personal data to third parties, for example, to pension providers and HM Revenue & Customs.
In order to fulfil our statutory responsibilities, we’re required to give some of an employee’s personal data to government departments or agencies e.g. provision of salary and tax data to HM Revenue & Customs.
Updating your data and marketing preferences
We want you to remain in control of your personal data. If, at any time, you want to update or amend your personal data or marketing preferences please contact us in one of the following ways:
Sbarc Ltd firstname.lastname@example.org
All Wales Boat and Leisure Show email@example.com
Welsh Food and Drink firstname.lastname@example.org
01248 810594 Open 9.00am – 5.30pm weekdays
Write to: Llys Y Dderwen Ffordd Gelli Morgan, Parc Menai, Bangor LL57 4FH
Verification, updating or amendment of personal data will take place within 30 days of receipt of your request.
Your data protection rights (DPO)
Where Sbarc Ltd is using your personal data on the basis of consent, you have the right to withdraw that consent at any time. You also have the right to ask the Sbarc Ltd to stop using your personal data for direct marketing purposes.
What to do if you’re not happy
In the first instance, please talk to us directly so we can resolve any problem or query. You also have the right to contact the Information Commissions Office (ICO) if you have any questions about Data Protection. You can contact them using their help line 0303 123 113 or at www.ico.org.uk.
Cookies and links to third party websites
Links to other websites
Our websites may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we don’t accept any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
Keeping your information
We will only use and store your information for as long as it is required for the purposes it was collected for. How long it will be stored for depends on the information in question, what it is being used for and, sometimes, statutory legal requirements.
How we secure your data
Information system and data security is imperative to us to ensure that we are keeping our customers, volunteers, employees and contractor safe.
We operate a robust and thorough process for assessing, managing and protecting new and existing systems which ensures that they are up to date and secure against the ever-changing threat landscape. In addition to this, we follow a defense in depth security model, which means that your data is protected by multiple layers of security.
Our staff complete mandatory information security and data protection training on employment and annually thereafter to reinforce responsibilities and requirements set out in our information security policies.
When you trust us with your data we will always keep your information secure to maintain your confidentiality. By utilizing strong encryption when your information is stored or in transit we minimize the risk of unauthorized access or disclosure; when entering information on our website, you can check this by right clicking on the padlock icon in the address bar.
Disclosing and sharing information
Storage of information
Sbarc Ltd are based in the UK and we store all our data within the European Union (EU). Some organizations which provide services to us may transfer data outside the European Economic Area, but we’ll only allow this if your data is adequately protected. Some of our systems are provided by US companies and whilst it is our policy that we prefer data hosting and processing to remain on EU-based solutions, it may be that using their products results in data transfer to the USA. However, we only allow this when we certain it will be adequately protected. (e.g. US Privacy Shield or Standard EU contractual clauses).