Privacy Policy | IVII

PRIVACY POLICY

Ivii nights is owned by IVII Limited, a registered company in the United Kingdom. This privacy policy will explain how our organization uses the personal data we collect from you when you use our website.

PRIVACY POLICY NOTICE

"I", "our", "us", or "we" refer to the business, Ivii Ltd.

"you", "the user" refer to the person(s) using this website.

GDPR means General Data Protection Act.

PECR means Privacy & Electronic Communications Regulation.

Cookies mean small files stored on a users computer or device.

What data do we collect?

Ivii Ltd collects the following data:

your personal Identification Information such your full name, date of birth, gender, age etc.

your contact information such as your telephone number, email address, postal address etc.

your social media identification (Handles).

Please note that Ivii Ltd do not store your debit/credit card information as payments are made through Stripe Inc. which is our trusted third party payment gateway service.

How do we collect your data?

We collect data and process data when:

you register an account on our website.

you voluntarily complete a customer survey or provide feedback on any of our message boards or via email.

you use or view our website via your browser’s cookies.

a bar/nightclub that you have existing affiliations with uploads the information they have of you providing they have obtained your consent as per our data sharing agreement.

How will we use your data?

Our Legal basis for processing your data is Contractual for the following activities:

to process your ticket purchases.

to process your guestlist registration.

to process and manage your account

to provide support and maintenance services.

to enable you to access and use our services.

to verify your identity.

to verify your age.

to determine the terms of a ticket purchase.

to contact you if there are any issues with the use of our website.

to deal with any complaints you may have in regard to our service.

to make decisions on processing your ticket.

to detect and prevent fraud, money-laundering and other crimes.

to inform you of any changes we have in regard to how we operate as a business.

Our Legal basis for processing your data is Legitimate interest for the following activities:

to sending you offers, share news and events and information regarding any purchases or bookings.

to obtain customer feedback information following visits and bookings.

to review performance of our website for improvement purposes.

to monitor business performance and assist with auditing, compliance and accounting purposes.

to enable third parties to get in touch with you if there are any changes to an event you have registered for.

to enable third parties to get in touch with you in regard to offers and promotions they may have that we think you may be interested in.

to perform analysis that will help to us understand you better as a customer and therefore help us provide a better service.

Marketing

Ivii Ltd would like to send you information about products and services of ours that we think you might like, as well as those of our partner companies.

If you have agreed to receive marketing, you may always opt out at a later date.

We will share your data with our third-party companies so that they may offer you their products and services we think you may be interested in. When you register for an event from a venue, these venues may get access to your contact information with which they may use to contact you for marketing purposes based on legitimate interests.

You also have the right to withdraw consent where it has been provided and we will no longer send you information related to those subjects, which may result in you not being informed about our latest events, offers and venues.

If you no longer wish to be contacted for marketing purposes, you may select to opt out option from the “edit profile” section of our website

How do we store your data?

Ivii Ltd securely stores your data using SSL encryption on our secure cloud-based servers within the EEA (European Economic Area). Ivii Ltd will keep your information for as long as you are registered on our website. We do not under any circumstances, give access to our databases to anyone outside of Ivii Ltd. Only authorised Ivii Ltd employees have access to your personal data via the Ivii databases. We take data protection very seriously and take appropriate measures to comply with the GDPR and DPA regulations.

Who do we share your personal information with?

We share your information with the following:

Our authorised staff to ensure they provide you with the best possible service.

third party processors that are involved in the smooth delivery of the service we provide to you, and;

bars/nightclubs you have expressed interest in.

The term “expressed interest” can be defined as:

registering for a specific bar/nightclubs’ guestlist.

purchasing a ticket to attend an event a specific bar/nightclub.

Where applicable, we will disclose your personal data with legal entities if obligated to do so under the law, or to protect the rights and property of Ivii Ltd. This may include sharing information with organisations such as with fraud protection and credit risk reduction agencies.

What are your data protection rights?

Ivii Ltd would like to ensure you are fully aware of all of your data protection rights. Every user is entitled to the following:

The right to access – You have the right to request Our Company for copies of your personal data. We may charge you a small fee for this service.

The right to rectification – You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete the information you believe is incomplete.

The right to erasure – You have the right to request that Our Company erase your personal data, under certain conditions.

The right to restrict processing – You have the right to request that Our Company restrict the processing of your personal data, under certain conditions.

The right to object to processing – You have the right to object to Our Company’s processing of your personal data, under certain conditions.

The right to data portability – You have the right to request that Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, please contact us at our email: data@ivii.co.uk

Breach of Security

If a breach of security occurs and your personal data is at risk or has been exposed, Ivii Ltd will contact you as soon as possible to ensure you are aware. We will also inform you of any actions we plan to take or have taken in response to the breach.

Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology For further information, visit allaboutcookies.org.

How do we use cookies?

Ivii Ltd uses cookies in a range of ways to improve your experience on our website, including:

keeping you signed in

understanding how you use our website

advertising purposes.

What types of cookies do we use?

There are a number of different types of cookies, however, our website uses:

Functionality – Our Company uses these cookies so that we recognize you on our website and remember your previously selected preferences. These could include what language you prefer and location you are in. A mix of first-party and third-party cookies are used.

Advertising – Our Company uses these cookies to collect information about your visit to our website, the content you viewed, the links you followed and information about your browser, device, and your IP address. Our Company sometimes shares some limited aspects of this data with third parties for advertising purposes. We may also share online data collected through cookies with our advertising partners. This means that when you visit another website, you may be shown advertising based on your browsing patterns on our website.

How to manage cookies

You can set your browser not to accept cookies, and the above website tells you how to remove cookies from your browser. However, in a few cases, some of our website features may not function as a result.

Privacy policies of other websites

Our Company website contains links to other websites. Our privacy policy applies only to our website, so if you click on a link to another website, you should read their privacy policy.

Changes to our privacy policy

Our Company keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 9 January 2019.

How to contact us

If you have any questions about Our Company’s privacy policy, the data we hold on you, or you would like to exercise one of your data protection rights, please do not hesitate to contact us at: data@ivii.co.uk

How to contact the appropriate authority

Should you wish to report a complaint or if you feel that Our Company has not addressed your concern in a satisfactory manner, you may contact the Information Commissioner’s Office.

IVII LTD DATA SHARING AGREEMENT

This agreement covers the sharing of personal data between Ivii Ltd, who are the data controller and processor,other organisations may also be data controllers, and any other third-party organisations that will work with Ivii ltd to ensure an effective and efficient delivery of our services.

Scope Of The Agreement

This agreement has been prepared in accordance with GDPR, ICO and DPA and covers the sharing of personal data.

The scope of “data sharing” is the disclosure of personal data by transmission, dissemination, or simply making the personal data available to third parties by whatever means, and includes the giving of access to third parties via the Ivii platform.

This agreement aims to achieve the following:

help all the parties to be clear about their respective roles;

set out the purpose of the data sharing;

cover what is to happen to the data at each stage; and

set standards.

Principles Relating to Processing Shared Data

In accordance with Article 5 GDPR, all parties will ensure that shared personal data is:

processed lawfully, fairly and in a transparent manner in relation to the data subject (‘lawfulness, fairness and transparency’);

collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall, in accordance with Article 89(1), not be considered to be incompatible with the initial purposes (‘purpose limitation’);

adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);

accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);

kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) subject to implementation of the appropriate technical and organisational measures required by this Regulation in order to safeguard the rights and freedoms of the data subject (‘storage limitation’);

processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).

Limitations Of Data Sharing

Ivii Ltd will only share personal data to controllers and third parties of whom users have expressed interest or third parties that are involved in the process of providing our services. The term “expressed interest” can be defined as:

a user registering for a specific bar/nightclubs’ guestlist.

a user purchasing a ticket to attend an event a specific bar/nightclub.

Other than the legal basis of contractual reasons, Ivii Ltd will only share personal data based on legitimate interest but only if the users have consented to doing so.

The Objective (Legal basis) Of Sharing Personal Data

Ivii Ltd share personal data to other controllers and third parties on the legal basis of a contractual reason to enable all organisations involved in this agreement such as bars/nightclubs to achieve the following:

to verify the identity of the user upon entry of a bar/nightclub

to verify the age of the user upon entry of a bar/nightclub

to contact the user if there are any changes to any events.

detect and prevent fraud, money laundering and other crimes.

to deal with any complaints users may have.

to provide you with general information about the event you are attending.

Ivii Ltd also share personal data to other controllers and third parties on the legal basis of legitimate interest for the following reasons:

to enable the controllers and third parties to better serve the user via marketing directly to them if.

to enable third parties to communicate with users in relation to special offers, service announcements, and product/service information we think users might like.

to enable controllers and third parties to request for customer surveys.

The user has the option to opt out if they wish to do so.

How We Share Data

Ivii Ltd will share personal data via the following methods:

Routing data sharing

Ad Hoc or one-off Sharing

Data Pooling.

Routine Data Sharing

Ivii Ltd can arrange with all organisations involved in this agreement to share personal data for established purposes in a routine, pre-planned way, providing the request complies with the lawful processing on a contractual basis and/or legitimate interest.

Ad Hoc or One-Off Sharing

Ivii Ltd can arrange with all organisations involved in this agreement for personal data to be shared on a one-off basis, providing the request complies with the lawful processing on a contractual basis and/or legitimate interest.

Data Pooling

As well as providing personal data for users that have expressed interest in your bar/nightclub, we will also market to the users that you have uploaded onto the platform on a contractual basis and/or legitimate interest providing they have been given consent.

Personal Information That We Share

Ivii Ltd will share personal data in accordance with the data minimization approach. We will determine on an individual basis whether the data sharing is required by reviewing considerations made under the “Reviewing of the data agreement” and “Accountability and Data Protection” sections of this agreement to make a decision in regards to whether the some or all information should be shared. Other considerations will also be made to ensure to determine whether the sharing of data is necessary and in compliance with GDPR and DPA.

Access To The Shared Personal Data

Ivii Ltd requires shared personal data to be handled on a “need to know” basis. Controllers or third parties that extract or receive personal data from our platform should:

Only have access to the personal data if they need it, and

Only allow relevant staff within the organisation to have access to the data.

Rights of the Individual

All parties within this agreement are responsible for the personal data that they receive. All parties will also ensure that users are entitled to their rights to their personal data in accordance with GDPR Chapter 3, which are as follows:

the right to be informed

the right to access

the right to rectification

the right to erasure

the right to restrict processing

the right to data portability

the right to object

rights in relation to automated decision making and profiling.

Accountability and Data Protection

All organisations involved within this data sharing agreement are responsible for compliance with the GDPR, Part 2 of the DPA as appropriate. We have therefore adopted a “design and default” approach to our data protection policy via data minimisation which will help us comply with the data protection legislation and good practice whenever we process data.

In addition to this, all organisations must ensure to:

put in place appropriate technical and organisational measures designed to implement the data protection principles; and

integrate safeguards into your processing so that you meet the GDPR's requirements and protect the individual rights.

process the personal data that is necessary to achieve the specific purpose.

All organisations in this agreement must also consider the following:

whether minimising the processing of personal data should be pursued;

whether to pseudonymise personal data as soon as possible;

ensure transparency in respect of the functions and processing of personal data;

enable individuals to monitor the processing; and

create (and improving) security features.

review the personal data that you receive from other organisations.

make sure they know its origin and whether any conditions are attached to its use.

review the personal data that you share with other organisations.

make sure they know who has access to it and what they will use it for;

make sure they provide a suitably high level of security when sharing special category or sensitive data;

identify who within their organisation should have access to data that has been shared with them and adopt a “need to know” approach to viewing personal data.

consider the impact a personal data breach may have on individuals

consider the impact a personal data breach could have on your organisation – in terms of cost, reputation damage or lack of trust from your customers or clients.

This is not an exhaustive list. Complying with data protection by “design and by default” may require all organisations to do much more than the above.

Responsibility of Shared Personal Data

All parties that receive shared personal data are required to take on their own legal responsibilities for the data, including its security. However, Ivii Ltd will still take reasonable steps to ensure that the data we share will continue to be protected with adequate security by the recipient organisation by:

ensuring that the recipient understands the nature and sensitivity of the information;

taking reasonable steps to be certain that security measures are in place, particularly to ensure that Ivii Ltd have incorporated an agreed set of security standards into our data sharing agreement, and

resolving any difficulties before we share the personal data in cases where we and the recipient organisation have different standards of security, IT systems, procedures or protective marking systems

Reviewing of this data sharing agreement.

Ivii Ltd will review this data sharing agreement on a regular basis given that there is a chance that there could be a change in circumstances or a change in the rationale for the data sharing at any point.

We will consistently determine the following points:

Whether the sharing of data is still essential. Ivii Ltd will factor in new developments into regular reviews of the data sharing arrangement to ensure that we can justify the sharing. If the aim of the data sharing has been achieved with not having to share the data, then no further sharing will be necessary. On the other hand, Ivii Ltd may find that the data sharing is making no impact upon the established objectives and therefore the sharing may no be longer justified.

Whether we have proactively communicated any changes to your data sharing arrangement to the people concerned.

Whether our privacy information and our data sharing agreements accurately explain the data sharing that is being carried out.

Whether our information governance procedures are still adequate and working.

In addition to this, we will also check whether all organisations involved in the sharing are reviewing if:

it is necessary to share personal data at all, or if any parties could use anonymised information instead;

they are only sharing the minimum amount of data and that the minimum number of organisations, and their staff members, have access to it;

the data they are sharing is still of appropriate quality;

all the organisations involved in the sharing are still applying the retention periods correctly;

all the organisations involved in the sharing have attained and are maintaining an appropriate level of security; and staff are properly trained and are aware of their responsibilities for any shared data they have access to.

users are still provided with all their individual rights under the GDPR or DPA as appropriate.

they are responding to people’s queries and complaints properly and are analysing them to make improvements to our data sharing arrangements.

Third Party Processing Companies

STRIPE PAYMENTS UK LIMITED
9th Floor, 107 Cheapside
London. EC2V 6DN

1&1 IONOS LIMITED
Discovery House, 154 Southgate Street
Gloucester. GL1 2EX

ClickSend
White Collar Factory, 1 Old Street Yard
London. EC1Y 8AF