GUEST PASS LTD ("GuestPass", "we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our event management platform and services.
Contact Information:
GUEST PASS LTD
Unit 52a Atcham Business Park
Atcham, Shrewsbury, Shropshire
United Kingdom, SY4 4UG
1. Information We Collect
1.1 Information You Provide
- Account Information: Name, email address, phone number, password, and organisation details
- Registration Data: Guest information including names, contact details, dietary requirements, accessibility needs
- Payment Information: Payment card details, billing address, and transaction history
- Event Information: Event details, preferences, schedules, and custom registration fields
- Communications: Messages, support requests, and feedback you send to us
- Documents: Files and documents you upload or share through our platform
1.2 Information Collected Automatically
- Usage Data: Pages viewed, features used, time spent, and interaction patterns
- Device Information: IP address, browser type, operating system, device identifiers
- Location Data: Approximate location based on IP address
- Cookies and Tracking: Session data, preferences, and analytics information
- QR Code Scans: Check-in times, locations, and verification data
- Wristband Data: Access control events, activation interactions, and usage patterns
2. How We Use Your Information
We use the information we collect to:
- Provide, operate, and maintain our event management services
- Process registrations, tickets, and payments
- Send event notifications, updates, and communications
- Manage check-ins, access control, and wristband activations
- Provide guest dashboards and document distribution
- Customise and personalise your experience
- Analyse usage and improve our services
- Detect, prevent, and address technical issues or fraud
- Comply with legal obligations and enforce our terms
- Send marketing communications (with your consent)
3. Legal Basis for Processing (GDPR)
Under GDPR, we process your personal data based on:
- Contract Performance: Processing necessary to provide services you've requested
- Legitimate Interests: Operating and improving our platform, fraud prevention, security
- Legal Obligations: Compliance with applicable laws and regulations
- Consent: Marketing communications and optional features (withdrawable at any time)
4. Information Sharing and Disclosure
4.1 Event Organisers
Guest information is shared with the event organisers who create and manage events. Event organisers are independent data controllers responsible for their use of guest data.
4.2 Service Providers
We share information with trusted third-party service providers who assist us in:
- Cloud hosting and infrastructure services
- Payment processing and fraud prevention
- Transactional email delivery (Mailgun / Sinch Email)
- Customer support and ticketing systems
We do not share attendee data with advertising, marketing, or third-party analytics platforms. A full list of sub-processors is available on request.
4.3 Legal Requirements
We may disclose information when required by law, legal process, or to:
- Comply with legal obligations
- Protect our rights, property, or safety
- Prevent fraud or security issues
- Respond to government requests
4.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
5. International Data Transfers
GuestPass offers region-specific hosting. Where required, client instances are hosted on servers located within the EU, ensuring that event and attendee data does not leave the European Union. Hosting region is agreed with each client prior to deployment.
Where data is transferred outside the hosting region (for example, transactional email delivery), we implement appropriate safeguards, including:
- Standard Contractual Clauses approved by the European Commission
- Adequacy decisions for certain countries
- Strong technical and organisational security measures
6. Data Retention
We retain your information for different periods depending on the type of data:
- Account Data: Retained while your account is active, plus a reasonable period for legal compliance
- Event Data: Retained as long as needed for the event and post-event purposes, typically 1-3 years
- Payment Records: Retained for 7 years for tax and accounting purposes
- Guest Registration Data: Retained as determined by event organisers, with deletion options available
- Analytics Data: Aggregated and anonymised data may be retained indefinitely
- Legal Records: Retained as required by applicable laws and regulations
You may request deletion of your data subject to legal retention requirements. Event organisers control retention of guest data for their events.
Each client's event data is stored in a dedicated, isolated environment. When an event organiser requests full data deletion, the entire environment and its database are destroyed, leaving no residual data on our infrastructure.
7. Your Rights and Choices
7.1 GDPR Rights (EU/UK Residents)
- Right of Access: Request a copy of your personal data
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure: Request deletion of your data ("right to be forgotten")
- Right to Restriction: Limit how we use your data
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for marketing
- Right to Withdraw Consent: Withdraw consent for processing at any time
- Right to Lodge a Complaint: Contact your local data protection authority
7.2 CCPA Rights (California Residents)
- Right to Know: Request disclosure of personal information collected, used, and shared
- Right to Delete: Request deletion of personal information
- Right to Opt-Out: Opt-out of sale of personal information (we do not sell personal data)
- Right to Non-Discrimination: Equal service and pricing regardless of privacy choices
7.3 General Rights
- Account Settings: Update your account information and preferences
- Communication Preferences: Opt-out of marketing emails via unsubscribe links
- Cookie Settings: Manage cookies through your browser settings
- Account Deletion: Request deletion of your account and associated data
To exercise your rights, contact us using the information at the end of this policy. We will respond to your request within 30 days (or as required by applicable law).
8. Data Security
We implement enterprise-grade security measures to protect your information, including:
- Encryption of data in transit (TLS/SSL) and at rest
- Regular security audits and vulnerability assessments
- Access controls and authentication mechanisms
- Secure payment processing through certified providers
- Employee training on data protection and security
- Incident response and breach notification procedures
8.1 Data Isolation Architecture
Each client's event platform runs in its own dedicated, isolated container environment with a separate database. Client data is never co-mingled with data from other clients, projects, or services. Each environment is inaccessible from any other service on our infrastructure. Access to server environments is restricted to authorised GuestPass operations personnel only.
However, no method of transmission over the Internet is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.
9. Cookies and Tracking Technologies
We use cookies and similar technologies to:
- Maintain your session and authentication state
- Remember your preferences and settings
- Analyse usage and improve our services
- Provide personalised content and features
You can control cookies through your browser settings. Disabling cookies may limit functionality of certain features.
10. Children's Privacy
Our services are not directed to children under 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us, and we will delete such information.
For events involving minors, event organisers are responsible for obtaining appropriate parental consent and complying with applicable children's privacy laws.
11. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. For significant changes, we will provide additional notice (such as email notification).
Your continued use of our services after changes become effective constitutes acceptance of the updated policy.
12. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:
GUEST PASS LTD
Unit 52a Atcham Business Park
Atcham, Shrewsbury, Shropshire
United Kingdom, SY4 4UG
Email: privacy@guestpass.live
For GDPR-related enquiries, you may also contact your local data protection authority.
