Data Protection Policy.

This policy outlines how The Eventurist collects, processes, and protects personal data in line with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA).

Definitions

  • The Eventurist: Refers to our company and team responsible for delivering events and experiences.

  • DPA: The Data Protection Act 2018, incorporating the UK’s application of GDPR.

  • Responsible Person: Jacquelyn Udeh

  • Register of Systems: A record of all systems or platforms where we process personal data.

1. Data Protection Principles

We are committed to processing data in line with the following principles:

  • Processed lawfully, fairly and transparently

  • Collected for specific and legitimate purposes

  • Limited to what is necessary

  • Accurate and kept up to date

  • Stored only as long as needed

  • Protected with appropriate security

2. General Provisions

  • This policy applies to all personal data processed by The Eventurist.

  • Our Responsible Person ensures compliance and reviews this policy annually.

3. Lawful, Fair and Transparent Processing

We maintain a Register of Systems to track where and how data is processed.

  • This register is reviewed at least annually.

  • Individuals can request access to their personal data anytime.

4. Lawful Purposes

We only process data based on one of the following legal grounds:

  • Consent

  • Contractual necessity

  • Legal obligation

  • Vital interests

  • Legitimate interests

When relying on consent, we keep a record of opt-in agreements. You can revoke consent at any time via email or unsubscribe links.

5. Data Minimisation

We only collect what’s necessary. At The Eventurist, we process data to:

  • Manage event bookings and communications

  • Tailor guest experiences (e.g. dietary preferences)

  • Send newsletters (if opted in)

  • Process payments securely

  • Collect feedback and testimonials

6. Accuracy

We take reasonable steps to keep personal data accurate and up to date.

We also routinely review the privacy policies of third-party platforms we use — including Squarespace, Stripe, and Mailchimp — to ensure alignment with our standards.

7. Data Retention & Archiving

We retain personal data only as long as necessary. Our archiving policy considers:

  • What needs to be retained

  • How long it should be stored

  • Why it’s retained

We review this annually and securely delete data that is no longer required.

8. Security

We are committed to keeping your information safe. That includes:

  • Using up-to-date, secure software

  • Limiting access to only those who need it

  • Deleting data in a way that’s irreversible

  • Maintaining reliable back-ups and disaster recovery plans

9. Data Breaches

In the unlikely event of a data breach, we will:

  • Assess the risk to individuals

  • Notify the ICO within 72 hours if necessary

  • Contact affected individuals where appropriate

You can learn more about your rights on the ICO website.

If you have any questions or would like to make a request related to your personal data, please reach out to us at hello@theeventurist.co.uk.