This Privacy Notice ("Notice") sets out how Great Events, LDA., here in after GR8 Events, protects the privacy of the Personal Data of our employees, clients, partners or any other entity with which GR8 Events relates in the context of its activity.
As an event organising company, GR8 Events needs to collect, use and disclose Personal Data in order to carry out its business functions and activities, including the organisation and management of events on behalf of its clients. At GR8 Events, we are committed to protecting the privacy and confidentiality of Personal Data and to maintaining a controlled environment (physical, electronic, human and procedural controls) in line with operational risks.
By providing Personal Data, Stakeholders agree that this Notice will apply to how we handle their Personal Data and consent to its collection, use and disclosure as detailed in this Notice. If they do not agree with any part of this Notice, Interested Parties should not provide us with their Personal Data. If they do not provide us with their Personal Data, as well as if they withdraw the Consent they have provided in accordance with this Notice, this may affect our ability to provide the services to them, or negatively affect the quality of the services we can provide to them. For example, most events have restricted access and can only be accessed with valid identification (name, email or telephone contact). Please note that there may be cases where local data protection laws impose more restrictive Personal Data processing practices than those set out in this Notice. When this occurs, we will adjust our Personal Data processing practices to comply with such local laws.
What personal data do we collect?
Personal Data has the meaning given by local data protection laws and, where the GDPR applies, the meaning is deemed to be given under the GDPR. Personal Data generally means data relating to an individual who can be identified from that data; or is identifiable from the combination of that data with other available data.
Generally, the type of Personal Data we collect is necessary to facilitate the arrangements, support or organise services and/or products related to the events on behalf of our clients.
In this sense, we normally process the following types of Personal Data about our clients:
- Contact details (such as name, address, telephone number, e-mail address);
- Payment data;
- Data on dietary needs and health limitations (if any); and
- Other relevant data required by the service provider(s) (e.g. accommodation or tour providers).
When our customers contact us for other purposes, Personal Data related to those purposes may also be collected. For example, we may collect Personal Data to be able to contact our customers in the context of a competition/campaign they have entered or to respond to questions or comments they have sent us. We also collect data necessary for use in our business activities or those of our related entities, including, for example, financial details needed to process transactions, video surveillance images used for security purposes or other relevant Personal Data that our customers may wish to provide to us.
In some circumstances we collect Personal Data that may be considered sensitive data under local data protection laws. Sensitive data may include (without limitation) racial or ethnic origin, philosophical or religious beliefs or affiliations, sexual preferences or practices, criminal record or alleged criminal offence, membership of political, professional or trade associations, biometric and genetic information, financial data and health data. We will only collect sensitive data in accordance with local data protection laws, with the explicit consent of the data subjects and where the data is reasonably necessary or directly related to one or more of our operational functions or activities (e.g. event planning), unless required or authorised to do so by law. To the extent permitted or required by local data protection laws, our customers consent to us using and disclosing their sensitive data solely for the purpose for which it was collected, unless we subsequently receive their consent for another purpose. We will not use sensitive data for purposes other than those for which it was collected, unless we receive consent from the data subjects to do so.
How do we collect Personal Data?
We only collect Personal Data in accordance with local data protection laws. We generally collect Personal Data in the context of contacts with our customers, unless it is unreasonable or impractical to do so. Generally, this collection will occur when our customers:
- contact us in person, by telephone, letter, e-mail;
- visit us through our website; or
- contact us through social media.
We may also collect Personal Data when our customers:
- register using forms created for the events;
- enter competitions or register for campaigns / promotions;
- sign up to receive marketing communications (e.g. e-newsletters);• request brochures or other information.
In some circumstances, it may be necessary to collect third party Personal Data from our customers. This includes cases where a client asks us to invite/identify employees and/or guests. When this happens, we rely on the authorization of the client, responsible for the event, to act on their behalf, as well as the consent to collect, use and disclose Personal Data inaccordance with this Notice. Our customers must inform us immediately if they become aware that their Personal Data has been provided to us by another person without their consent or if they did not obtain such consent before providing us with another individual's Personal Data.
We make every effort to maintain the accuracy and integrity of the Personal Data we store and to ensure that all Personal Data is up to date. However, any Interested Party may contact us immediately if there are any changes to their Personal Data or if they become aware that we have inaccurate Personal Data (please see section 13 below). We cannot be responsible for any losses arising from inaccurate, erroneous, defective or incomplete personal information that Interested Parties, or someone acting on their behalf, provides to us.
How do we use Personal Data?
We will only process Personal Data when:
- Consent has been given to us for such processing (which may be withdrawn at any time, as detailed in section 8 of this Notice);
- Such processing is necessary for us to provide our services;
- This processing is necessary to comply with legal obligations; and/or
- Such processing is necessary for our legitimate interests or those of any third party receiving such Personal Data (as detailed in sections 5 and 6 of this Notice).
When a customer contacts us in the context of an inquiry or award of an event, the purpose for which we collect their Personal Data is generally to provide advice about the event and/or assist with booking related products and/or services. the events. However, the purpose of collection may be different depending on the specific circumstances disclosed in this Notice(e.g. collecting Personal Data for the purposes of participating in a campaign, collecting feedback, etc.).
When a client makes an event or product/service award with our support, we generally act as an agent for the service providers (e.g. for a hotel). In this case, we process Personal Data as necessary to provide the requested services, including collecting Personal Data for our internal purposes as described in this Notice and for the service provider for whom we act as agent.For example, if you award an event through GR8 Events and where participants are required to be accommodated in a hotel, we will use the Personal Data to allow accommodation to be booked and we will disclose the Personal Data to the contracted entity in order to allow them to provide the requested service.
We may share data with our event service providers (catering, hotels, audiovisual, airlines, entrance control, car rental companies or other event-related suppliers). These service providers may also use Personal Data as described in their respective privacy policies to obtain additional information to facilitate the provision of the requested services. We recommend that our Clients review the privacy policies of any event service providers that are purchased through GR8 Events. We will provide copies of all relevant service providers' terms, conditions and privacy policies upon request.
We act as agents for many service providers around the world, so it is not possible to refer to all of the service providers for which we act (in particular their locations) in this Notice. For more information about the disclosure of Personal Data to service providers located outside the GDPR context, see section 6 of this Notice.
If there are any concerns regarding the transfer of Personal Data to a service provider, or if further information is required, please see section 13 of this Notice.
The purposes for which we collect Personal Data also include:
- provide services or tools that our Customers choose to use (for example, saving event preferences on our websites in a wish list or saving Personal Data to enable advance completion of online forms);
- identification of fraud or errors;
- legal or regulatory compliance;
- develop and improve our products and services;
- maintain or improve the relationship with our Customers, namely, creating and maintaining a customer profile that allows the provision of a service aligned with their preferences;
- market research, assessment of Customer satisfaction and collection of feedback on the services we provide;
- facilitate our Customers’ participation in loyalty programs;
- perform analytics related to our services, including, but not limited to, event-related preference trends;
- support internal organization and accounting;
- support compliance with applicable legal obligations or customs/immigration requirements related to travel; It is
- other purposes as authorized or required by law (for example, to prevent a threat to life, protect health or safety, or to enforce GR8 Events' legal rights).
Where permitted by local data protection laws, we may use Personal Data to carry out marketing activities relating to our (and third party's) products and services that we believe may be of interest to our Customers, unless they have asked us not to receive such information. These campaigns may include, but are not limited to, email sending, digital marketing and other electronic notifications. Personal Data will be used to send digital marketing material (including e-newsletters, email, SMS, MMS and IM) if Customers have chosen to receive them. Customers can sign up to receive e-newsletters and other promotional/digital marketing materials by following the relevant links on our website or asking one of our employees to do so.
Any individual who does not wish to receive promotional or marketing material from us, or participate in market consultations or receive other types of communications, should refer to sections 8 and 13 of this Notice.
What Personal Data is disclosed to third parties?
At GR8 Events we do not sell, rent or exchange Personal Data. Personal Data will only be disclosed to third parties as set out in this Notice and in accordance with local data protection laws (note: in this Notice, reference to “disclose” includes transferring, sharing verbally or in writing, sending or making available Personal Data to another entity).
Personal Data may be disclosed to the following types of third parties:
- the situations of each of the circumstances described in section 4 of this Notice(“How do we use Personal Data?”);
- ICT solution providers who support us in providing products and services (suchas any external data hosting providers we may use);
- editors, printers and distributors of marketing material;• organizers of external events and exhibitions;
- marketing or market consultation agencies;
- courier services or courier services; It is
- external consultants (such as lawyers, accountants, auditors or recruitmentconsultants);
- travel service providers, such as travel wholesalers, airlines, hotels, car rental companies,transfer managers and other related service providers;
- any third party to whom we assign or transfer any of our rights or obligations;
- people who register on behalf of others (for example, a family member, friend or co-worker);
- employers, in the context of corporate, business or governmental client events;
- contact persons (e.g. a family member) when our Customers are not contactable andcontact is, in our opinion, in the Customer's interests (e.g. if the person is concerned abouttheir well-being or needs act on behalf of
Customer due to unforeseen circumstances);
- as required or authorized by applicable law, and to comply with GR8 Events’ legalobligations;
- customs or immigration services to comply with legal obligations applicable in the contextof the event;
- government agencies or public authorities to comply with valid and authorized requests,including court orders or any other valid legal process;
- regulatory bodies or law enforcement authorities, including for fraud protection and related security purposes; It is
- supervisory agencies where illicit activity is suspected and where Personal Data is a necessary part of investigating orreporting the matter.
Other than the above, we will not disclose Personal Data without consent, unless we believethat disclosure is necessary to lessen or prevent a threat to the life, health or safety of anindividual, for public health or safety, or for certain action is carried out by an enforcementbody (e.g. prevention, detection, investigation or punishment of criminal offences), or wheresuch disclosure is authorized or required by law (including applicable data protection/privacylaws).
On GR8 Events websites or social networks, users may choose to use certain third-partyresources with which we partner. These features, which may include social networking andgeolocation tools, are operated by third parties and are clearly identified as such. These thirdparties may use or share Personal Data in accordance with their own privacy policies, so werecommend that you consult their privacy policies if you consider these tools relevant.
What Personal Data is transferred abroad?
We may disclose Personal Data to certain overseas recipients as described below. We willensure that such international transfers are necessary for the performance of a contractbetween our Customers and third parties abroad or are subject to appropriate or adequatesafeguards as required by local data protection laws (e.g. GDPR). We will provide copies ofthe relevant safeguards documents upon request (see section 13 of this Notice).
It is possible that Personal Data may be transferred to an entity abroad located in a jurisdictionwhere it is not possible to guarantee a level of data protection equal to that existing in thecontext of the GDPR. In these cases, GR8 Events cannot be responsible for the way theserecipients handle, store and process Personal Data.
(a) Non-foreign related entities
GR8 Events operates a global business, including operations in Angola and Brazil. PersonalData may be disclosed to our related entities abroad to support travel booking and/or toenable administrative, consultancy or technical services to be carried out, including thestorage and processing of such data.
b) Service providers for events located abroad
To provide our services it may be necessary for us to disclose Personal Data to relevantoverseas event service providers. We deal with many different service providers around theworld, so finding a relevant service provider will depend on the services provided. Relevantservice providers will, in most cases, receive Personal Data in the country in which theyprovide the services or in which their business is based.
(c) Our service providers located abroad
We may also need to disclose Personal Data to service providers located abroad for thepurpose of supporting the provision of services, including the storage and processing of suchdata. Generally, we will only disclose Personal Data to these overseas recipients in the contextof an event award and/or to enable the provision of administrative and technical servicesprovided on our behalf.
If you have any specific questions about where or to whom Personal Data may be sent, pleasesee section 13 of this Notice.
At GR8 Events we are committed to protecting Personal Data by implementing and maintainingappropriate technical, organizational and human control measures to ensure a level of securityaligned with the risks related to:
- accidental or illegal destruction;
- loss; unauthorized alteration or disclosure;
- or improper access to Personal Data transmitted, stored or processed.
GR8 Events regularly monitors and reviews security controls and strives to protect PersonalData in the same way it protects your sensitive business Information.
GR8 Events destroys or mischaracterizes Personal Data whenever it is no longer relevant tothe business or as required by law.
Rights in relation to the Personal Data we collect
If any interested party, of which GR8 Events has Personal Data, and who wishes to:
- update, modify, delete or obtain a copy of Personal Data; or
- restrict or prevent GR8 Events from using any personal information, including withdrawing anyconsent you have previously given to the processing of such information; or
- obtain a copy of personal information that was processed based on your consent or asnecessary for the performance of a contract to which you are party,
You must formally make the request to GR8 Events through the contacts identified in section13 of this Notice. After the request, an acknowledgment will be made and information will begiven about the period within which the Information will be made available.
GR8 Events will make every effort to respond to such requests within one month or less,although it may be necessary to extend this period for complex requests.
Additionally, GR8 Events reserves the right to deny access to Information for any reasonpermitted by applicable laws. If the request for access or correction of Information is denied,the reasons for such denial will always be communicated in writing, unless it is unreasonableto do so or when required by local data protection laws.
All communications related to requests for access to Personal Data must be made formally inwriting through the contacts identified in section 13 of this Notice.
If we are asked by GR8 Events to restrict or stop using Personal Data, withdrawing the consentpreviously provided for the processing of Personal Data, the ability to provide services or theirquality may be negatively impacted. For example, most access to events must be made underthe participant's full name and must include contact details and appropriate identification (e.g.telephone number, employee number), and it is not possible to validate access without thisinformation.
Personal Data shared with GR8 Events must be accurate and individuals agree to update itwhenever necessary. Additionally, they agree that, in the absence of any update, GR8 Eventsmay assume that the data sent is correct.
Any individual may at any time ask GR8 Events to stop sending marketing communications,using the unsubscribe links provided in marketing emails or through the contact detailsindicated in section 13 of this Notice.
In any of the situations listed above, the applicant may be asked to provide a valid means ofidentification to ensure that GR8 Events complies with its security obligations and prevents theunauthorized disclosure of Personal Data.
GR8 Events reserves the right to charge a reasonable administrative fee following anymanifestly unfounded or excessive requests regarding access to Personal Data or for anyadditional copies of the requested Personal Data.
Integrations with Social Networks
GR8 Events websites and mobile applications may use social media features and tools (such as “Like” and “Share”buttons). These resources are provided and operated by external companies (e.g. Facebook) and hosted by externalcompanies or directly on our website or mobile application. Social Tools may collect data related to the page visited onthe website / mobile application, the IP address and may set cookies to improve the functioning of Social Tools.
If the user has activated social media accounts, they may be able to share data about the visit and use of our website ormobile application with these same social media accounts. In this way, interactions with Social Tools may be recorded bythird parties. In addition, external companies may share Personal Data with GR8 Events in accordance with their policies,such as your name, profile photo, friends lists or any other information that individuals have chosen to make availablewith these same companies. In these cases, we may share this data with a third-party company for the purpose ofpromoting targeted marketing through these same social media platforms. In this situation, users have the option tomanage data sharing and disable targeted marketing in their social media privacy settings.
When a user accesses the website, uses any mobile application, or opens digitalcorrespondence from GR8 Events, the servers may record data regarding the device ornetwork the user is connected to, including the IP address. An IP address is a series ofnumbers that identify a computer and are assigned when accessing the Internet.
IP addresses may be used by GR8 Events for systems administration, investigation of securityissues and compilation of anonymous data about the use of the website and/or mobileapplications. IP addresses may also be associated with other Personal Data available aboutindividuals for the purposes described above (for example, to better tailor marketing andadvertising materials, provided the user has opted in to receive digital marketing).
Tracking Technologies / Cookies
GR8 Events websites may contain links to third party websites over which GR8 Events has nocontrol. GR8 Events is not responsible for the privacy practices or content of associatedwebsites. GR8 Events recommends reading the privacy policies of any associated websitesthat are visited, as their privacy practices and policies may differ from those of GR8 Events.
Feedback / Complaints / Contact
Any questions, comments or complaints about this Notice or the handling of Personal data; or if you wish to inform GR8 Events of a change or correction to the Personal data; or if you wish to receive information about the Personal Data that is processed byGR8 Events; or for any complaint or comment relating to data protection; should be sent to GR8Events using the contact details below:
Address: R. General Firmino Miguel, 3, tower 2, 12 floor | 1600-100 Lisbon, PortugalGR8 Events will respond to any queries or complaints received as quickly as possible.
Changes to the Notice
This Notice may be changed and updated. If a change is made to the Notice, the revisedversion will be duly archived and published and dated on the GR8 Events website, when itexists. If necessary, in addition to updating the Notice, we may ask customers for consent toinclude other types of processing.