This website has been developed and is administered by The Event Business Ltd. on behalf of Volvo Car Corporation.
This policy applies to the processing of personal data in manual and electronic records kept by The Event Business. It also covers The Event Business's response to any data breach and other rights under the General Data Protection Regulation.
This policy applies to the personal data of any living individual with citizenship of an EU county. These are referred to in this policy as "relevant individuals".
"Personal data" is information that relates to an identifiable person who can be directly or indirectly identified from that information, for example, a person's name, identification number, location, online identifier. It can also include pseudonymised data.
"Special categories of personal data" is data which relates to an individual's health, sex life, sexual orientation, race, ethnic origin, political opinion, religion, and trade union membership. It also includes genetic and biometric data (where used for ID purposes).
"Criminal offence data" is data which relates to an individual's criminal convictions and offences.
"Data processing" is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The Event Business makes a commitment to ensuring that personal data, including special categories of personal data and criminal offence data (where appropriate) is processed in line with GDPR and domestic laws and all its employees conduct themselves in line with this, and other related, policies. Where third parties process data on behalf of The Event Business, The Event Business will ensure that the third party takes such measures in order to maintain The Event Business's commitment to protecting data. In line with GDPR, The Event Business understands that it will be accountable for the processing, management and regulation, and storage and retention of all personal data held in the form of manual records and on electronic equipment.
Personal data is kept within systems under the direct control of The Event Business. The following types of data may be held by The Event Business, as appropriate, on relevant individuals:
All personal data obtained and held by The Event Business will:
In addition, personal data will be processed in recognition of an individual's data protection rights, as follows:
The Event Business has taken the following steps to protect the personal data of relevant individuals, which it holds or to which it has access:
There are clear lines of responsibility and accountability for these different roles.
Relevant individuals have a right to be informed whether The Event Business processes personal data relating to them and to access the data that The Event Business holds about them. Requests for access to this data will be dealt with under the following summary guidelines:
The Event Business may be required to disclose certain data/information to third parties. The circumstances leading to such disclosures include:
These kinds of disclosures will only be made when strictly necessary for the purpose, be minimal in nature and transmitted using only secure methods.
The Event Business adopts procedures designed to maintain the security of data when it is stored and transported.
All our employees are trained to:
Personal data relating to relevant individuals is not to be kept or transported on unencrypted laptops, unencrypted USB sticks, or similar devices, unless authorised by a Director. Where personal data is recorded on any such device it should be protected by:
The Event Business may on occasion require a third party outside of the EEA to process the data of relevant individuals. This third parties will be subject to the same level of protection and process and scrutiny as detailed under Data disclosures, plus they must either:
Where a data breach is likely to result in a risk to the rights and freedoms of individuals, it will be reported to the Information Commissioner within 72 hours of The Event Business becoming aware of it and may be reported in more than one instalment.
Relevant individuals will be informed directly in the event that the breach is likely to result in a high risk to the rights and freedoms of that individual, unless the source of the data is that of a third party. Should the source of the data be that of a third party, then The Event Business will notify the relevant third party of the relevant individuals effected by the breach.
If the breach is sufficient to warrant notification to the public, The Event Business will do so without undue delay in consultation with third parties where the third party is the source of the data being held by The Event Business.
The Event Business reserves the right to retrieve and review information on any system and may monitor the transmission and storage of information without notice for the following purposes:
The Event Business reserves the right to make and keep copies of any electronic communication and data documenting use of the any system for the purpose set above and if it sees fit.
All communication and stored information sent, received, created or contained within The Event Business system are the property of The Event Business
Any relevant individuals may contact The Event Business at:
FAO: Data Protection
The Event Business
Unit 16 The Heath,
Alkerton Oaks Business Park,