Version 3.0 – effective 30 July 2025
1 Who we are
We are ONLINEVENTS LTD, company 13302007.
Address: 38 Bates Street, Sheffield S10 1NQ, United Kingdom.
We decide how and why your personal data is used, so we are the “data controller”.
Email: he**@************co.uk
2 The data we collect
| When | What we collect |
|---|---|
| You book an event on Eventbrite | Your name, email, event booked, and whether you ticked the marketing box |
| You join the Library | Name, email, username, any learning notes you add |
| You join our mailing list | Email, how often you want emails (daily or weekly), Mailchimp tags, basic open-/click-stats |
| You visit our website | IP address, device, pages you view, cookies and Google Analytics codes |
3 How we collect your data
- Directly from you when you fill in a form or pay for membership
- Through cookies and similar tools on our site
- From Eventbrite only if you tick the box “Keep me updated by email about Onlinevents training and resources”
4 Why we use your data and our legal reasons
| Purpose | Legal reason |
|---|---|
| Send tickets and give Library access | Contract |
| Send marketing emails when you have ticked the box | Consent |
| Keep tax and payment records | Legal duty |
| Keep payments safe, prevent fraud | Legitimate interests |
| Improve our services with analytics | Legitimate interests |
You can stop marketing at any time – click Unsubscribe in any marketing email.
We also send helpful service emails (not marketing):
- event reminders and updates
- alerts when new Library material is added
- prompts to write or download your learning log
5 Who we share your data with
| Service | What they do | Safeguard |
|---|---|---|
| Eventbrite | Ticketing | Standard Contractual Clauses + UK Addendum |
| Mailchimp | UK-US Data-Privacy Framework | |
| Stripe | Payments | Binding Corporate Rules + SCCs |
| Analytics | SCCs + UK Addendum |
We rely on the standard Data-Processing Addenda provided by Eventbrite, Mailchimp and Stripe, which include all clauses required by Article 28 UK GDPR. Our contract with Eventbrite meets Article 28 UK GDPR rules for processors. We do not sell or rent your data.
6 Sending data outside the UK
Eventbrite and Mailchimp store data in the United States. Transfers use either the UK-US Data-Privacy Framework or the UK Addendum to the EU Standard Contractual Clauses. These safeguards give your data similar protection to the UK.
7 Cookies and similar tools
- Our site uses cookies to remember choices and measure traffic.
- Mailchimp emails contain tiny tracking images (pixels) that tell us if you open a message or click a link.
- Eventbrite checkout pages set cookies so your ticket order works.
You can block or delete cookies in your browser at any time. We display a cookie banner powered by CookieYes to record and remember your choices. See Eventbrite’s Cookie Statement for details.
8 How long we keep your data
- Event bookings – six years after the event, then deleted or anonymised
- Mailing-list details – until you unsubscribe or two years of no activity
- Library membership:
- Core account details (contact info and username) are kept so you can return and access your records if you re-join. You can ask us to delete them at any time unless we must keep them for legal reasons.
- Learning logs and CPD certificates are kept so you can return and access your professional-development records if you re-join. You can ask us to delete them at any time.
9 Your rights
You can ask us to:
- see a copy of your data
- correct wrong data
- delete data we no longer need
- limit or object to how we use your data
- move your data to another provider
- change your email settings at any time through Update preferences in any email
- withdraw your consent whenever you like
Library members can also download their learning log and profile straight from the dashboard. Because Eventbrite acts on our instructions, we will forward valid rights requests to Eventbrite if needed.
To use any right, email he**@************co.uk.
If we cannot solve your concern, you can contact the Information Commissioner’s Office at ico.org.uk.
If you live in the EEA, you may also complain to your local data-protection authority.
10 How we protect your data
- All web pages use secure (TLS) connections.
- Learning-log data sits on encrypted servers in the UK.
- Stripe handles all card details – we never see your full card number.
- Access to our systems is protected by strong passwords and two-factor authentication.
11 Children
Our services are for adults aged 18 and over. We do not knowingly collect data about children.
12 Links to other sites
Our website and emails may link to other sites. We are not responsible for their privacy practices. Please read their privacy notices.
13 Changes to this notice
If we make important changes, we will post the new notice here and email all current subscribers.
14 Contact us
Email: he**@************co.uk
Post: Data Privacy, ONLINEVENTS LTD,
38 Bates Street, Sheffield S10 1NQ, United Kingdom