This notice applies to data that is held stored, used and shared by Smart Gift Voucher Ltd t/a Smart Gift (we/our/us) and your rights in relation to personal information.
We are a provider of a software package, Smart Gift (Software), and enter into agreements for the use of the Software (Agreement(s)) with hospitality and leisure venues (Venue(s)) pursuant to which the venues provide services in relation to vouchers and ticketing and other ancillary services (Services) to guests.
We receive personal information in relation to guests from each Venue with whom we have an Agreement and in these circumstances the Venue is the data controller and we are the data processor and process personal data in accordance with the respective Venue’s directions.
We hold personal information that a representative of a venue provides to us for the purpose of entering into an Agreement with the venue in the capacity of data controller.
We may also hold other information that individuals or people other than guests may give to us which we hold as data controller.
The categories of data that we hold are names and addresses and dates of birth. We do not hold bank card details – these are captured by a secure payment application within the Software.
We do not collect data from third party sources unless specifically requested in writing by the relevant Data Controller.
We as data controller receive analytical data from Google in relation to people visiting/browsing our website which does not contain any personal data.
The processing of guest’s and Venue owner’s/representative’s personal data and any booking engine data is necessary for the performance of the Agreement and the provision of Services.
If we are going to process data that we hold in the capacity of data controller, e.g. for marketing purposes to a Venue, then we will obtain prior consent from the relevant person at the Venue and give the opportunity to withdraw consent at any time.
We process analytical data from Google in relation to our website on the basis of our legitimate interests seeking to develop our own business and we do not carry out any automatic profiling.
We routinely share personal data with third party suppliers and sub-processors as part of the provision of the Services the categories of which are: hosting, software providers, accountants, consultants. We ordinarily contract with these suppliers on their standard terms and conditions and we need to share data in this manner in order to provide the Services.
If a guest at a Venue requests that the Venue as data controller provides certain marketing services then we as part of the provision of Services will provide that guest’s data to third parties for that purpose in accordance with the Venue’s directions but not otherwise.
We will share personal information with law enforcement or other authorities if required by applicable law
We will not share data with third parties for marketing purposes where we hold data in the capacity of data controller unless we are instructed to do so.
We will store guest’s information for the period required for the provision of the Services and as directed by the relevant Venue as data controller.
Where we hold data as data controller we will hold the data for the duration of the Agreement and any longer period required for us to comply with applicable law (e.g. audit) or in other cases for the duration of the period necessary for the purpose that you provided the data to us or to which you have consented (e.g. any marketing).
We do not transfer personal information outside the European Economic Area (EEA).
A data subject has certain rights including the following: to correct any mistakes in your information; to request the erasure of any information; to withdraw consent to processing for marketing (Rights).
If you are a guest at a Venue for which we are providing Services then you must contact the Venue in order to exercise any of your Rights and in general as we can only act in accordance with the Venue’s instructions.
If you are a Venue with whom we have an Agreement then we will not necessarily be able to perform the actions in relation to your Rights until the Agreement has ended and we are not required to retain the data by law other than the withdrawal of consent to any marketing to which you may have consented.
We have appropriate security measures in place to prevent personal information from being lost, used or accessed in an unauthorised way. Those processing your information will do so only in an authorised manner and are subject to a duty of confidentiality.
We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
Our website may contain hyperlinks or references to third party websites. Any such hyperlinks or references are provided for your convenience only. We have no control over third party websites and accept no legal responsibility for any content, material or information contained in them. The display of any hyperlink and reference to any third party website does not mean that we endorse that third party’s website, products or services. Your use of a third party site may be governed by the terms and conditions of that third party site.
We hope that we can resolve any query or concern you raise about our use of your information.
The General Data Protection Regulation gives you the right to lodge a complaint with the supervisory authority which is the Information Commissioner who may be contacted at: ico.org.uk/concerns.
This privacy notice was published on 19 November 2020 and may be changed from time to time.
Please write to this registered office address for the attention of GDPR Team or Email: firstname.lastname@example.org