- “I”, “our”, “us”, or “we” refer to the business, Andy Wright, Toastmaster.
- “you”, “the user” refer to the person(s) using this website.
- GDPR means General Data Protection Act.
- ICO means Information Commissioner’s Office.
- Cookies mean small files stored on a user’s computer or device.
Data collection and processing of your personal data
Andy Wright is the controller of data that passes through this website or via email, including booking forms. This data is only processed by us and is not passed on to other parties.
Data which we retain
In order to provide professional services to you we will collect personal details from yourselves, your event party and other event suppliers at your evnt. The details we may ask for are:
- Home Addresses
- Phone numbers
- Email addresses
- Social media links
This data is held securely and is not shared with any third party. We may save personal data for longer periods than required by law if it is in our legitimate business interests and not prohibited by law.
We may also post photos, quotes or testimonials from your event in a variety of places, listed below. This is done via legitimate interest. Should any member of your wedding party not wish to be included in this, please let me know by email. In addition to this, I also provide you with the ability to opt out of posting photographs from your event in the various places:-
- On our website
- In associated blogs and other websites
- On social media
We also capture website visitor names, phone numbers and email addresses when visitors make contact via our website to enquire about our services at your event.
We never capture credit or debit card numbers. These are all handled via our card processing service.
Our website may contain adverts and links on some pages, these relate to only trusted bodies who each have high standards of user privacy and security. If you have any concerns about this we suggest you do not click on any external links on the website. We do not share your information with third parties.
Data security and protection
We take all reasonable steps to ensure that data is held and processed securely. This includes the security of any personal information is held by using secure data storage technologies; the website and those other services use SSL (secure internet connections) and data is encrypted where possible. Our methods meet the GDPR compliance requirement.
External data processors
In addition to my own data, I also use a variety of data processors. They are listed below.
Mailchimp is a service to provide emailing to lists. I use mailchimp in order to keep in touch with you on run up to your wedding date. They hold names and email addresses. They self-certify as being compliant with Privacy Shield, so are compliant with GDPR. I retain data via legitimate interest.
Google Analytics is a service which provides information about how visitors use a website. I use the information that I gain to provide you with a more effective website. Google is GDPR compliant.
Your individual rights
Under the GDPR your rights are as follows.
- the right to be informed;
- the right of access;
- the right to rectification;
- the right to erasure;
- the right to restrict processing;
- the right to data portability;
- the right to object; and
- the right not to be subject to automated decision-making including profiling.
You also have the right to complain to the ICO [www.ico.org.uk] if you feel there is a problem with the way we are handling your data. We handle subject access requests in accordance with the GDPR.