Effective Date: 14.07.2023
the General Data Protection Regulation (GDPR) and other applicable data protection laws. Please read this
Policy carefully to understand our practices regarding your personal information.
(1.) Data Controller
1.1 The data controller responsible for the collection and processing of personal data is Saffron Event
Productions Limited, located at 16-19 Eastcastle St London W1W 8DY. If you have any questions or concerns
regarding this Policy or the processing of your personal data, please contact us at firstname.lastname@example.org
(2.) Personal Data Collection
2.1 We collect and process personal data from customers in order to provide our services and improve the
customer experience. The types of personal data we may collect include:
● Contact information (e.g., name, address, email address, phone number)
● Account credentials (e.g., username, password)
● Payment information (e.g., credit card details, billing address)
● Communication preferences
● Any other information you voluntarily provide to us
(3.) Legal Basis for Processing
3.1. We collect and process personal data based on one or more of the following legal bases:
● Performance of a contract: The processing is necessary for the performance of a contract between you
and us or for taking pre-contractual steps at your request.
● Consent: You have given clear consent for us to process your personal data for specific purposes.
● Legal obligations: The processing is necessary for compliance with our legal obligations.
● Legitimate interests: The processing is necessary for our legitimate interests or those of a third party,
provided your fundamental rights and freedoms do not override those interests.
● Purposes of Processing
3.2 We process personal data for the following purposes:
• Providing and improving our products and services
• Managing customer accounts
• Processing payments and fulfilling orders
• Communicating with customers and responding to inquiries
• Sending promotional offers and updates (with your consent)
• Conducting market research and analysis
• Complying with legal obligations
• Data Retention
3.3 We retain personal data for as long as necessary to fulfil the purposes outlined in this Policy, unless a longer
retention period is required or permitted by law. The criteria used to determine the retention periods include the
nature of the data, the purposes for which it is processed, and any legal or regulatory requirements.
(4.) Data Security
4.1 We implement appropriate technical and organisational measures to protect personal data from unauthorized
access, disclosure, alteration, or destruction. These measures include encryption, access controls, regular
security assessments, and staff training. However, no data transmission over the internet or electronic storage
system is completely secure, and we cannot guarantee absolute security.
(5.) Sharing of Personal Data
5.1 We may share personal data with trusted third parties who assist us in providing our products and services,
such as payment processors, shipping partners, and marketing service providers. These third parties are
contractually obligated to handle personal data in a manner consistent with this Policy and applicable data
We may also disclose personal data if required to do so by law or in response to valid legal requests, such as
court orders or government regulations.
(6.) International Data Transfers
6.1 If we transfer personal data to countries outside the European Economic Area (EEA) or other territories with
equivalent data protection laws, we ensure that appropriate safeguards are in place to protect the data. These
safeguards may include EU Standard Contractual Clauses, Privacy Shield certification, or other approved
(7.) Your Rights
7.1 Under the GDPR and applicable data protection laws, you have certain rights regarding your personal data,
• The right to access, correct, or delete your personal data
• The right to restrict or object to the processing of your personal data
• The right to withdraw consent (if processing is based on consent)
• The right to data portability
• The right to lodge a complaint with a supervisory authority
7.2 To exercise these rights, please contact us using the contact information provided above. We will respond to
your request in accordance with applicable data protection laws.
(8.) Changes to this Policy
8.1 We may update this Policy from time to time to reflect changes in our data processing practices or legal
obligations. We encourage you to periodically review this Policy to stay informed about how we collect, use,
disclose, and store your personal data.
including how and why we process personal data as described above.