top of page

Data Protection Policy

This document ensures compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

Data Protection Policy For Ostara Events

Effective Date: 1st April 2025

1. Purpose of this Policy

This Data Protection Policy outlines how Ostara Events (“we”, “our”, “us”) collects, uses, stores, and protects personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

As a provider of training courses, we handle personal data of customers, employees, and partners. We are committed to ensuring that this data is handled lawfully, fairly, and transparently.

2. Scope

This policy applies to:

  • All employees, contractors, and freelancers working with us.

  • All personal data processed by Ostara Events in any format (electronic, paper, verbal).

3. What Data We Collect

We may collect the following personal data:

  • Full name

  • Contact details (email address, phone number, postal address)

  • Payment details

  • Course preferences and attendance records

  • Accessibility or dietary requirements (if provided voluntarily)

  • Feedback and assessment results

For employees and contractors, we may also collect:

  • National Insurance number

  • Bank details

  • Emergency contact information

  • Right to work documentation

4. Lawful Bases for Processing

We process personal data under the following lawful bases:

  • Contract: To provide training services and fulfill contractual obligations.

  • Legal Obligation: To comply with employment, tax, and health & safety laws.

  • Consent: For marketing communications and optional services.

  • Legitimate Interests: To manage and improve our services.

5. How We Use Personal Data

We use data to:

  • Register participants for training courses

  • Communicate course details and updates

  • Process payments and issue invoices

  • Provide certificates of completion

  • Maintain internal records

  • Respond to enquiries and feedback

  • Send marketing communications (with consent)

6. Data Sharing

We do not sell or rent personal data.

We may share data with:

  • Payment processors (e.g. Stripe, PayPal)

  • Email marketing platforms (e.g. Mailchimp, if used)

  • Accreditation bodies (if applicable)

  • Legal or regulatory authorities when required

All third-party providers are vetted and required to comply with UK GDPR.

7. Data Security

We take appropriate technical and organisational measures to protect personal data, including:

  • Password-protected systems

  • Secure cloud storage with encryption

  • Regular data backups

  • Access controls and staff training

8. Data Retention

We retain personal data only as long as necessary:

  • Course participants: 6 years after course completion

  • Marketing contacts: Until consent is withdrawn

We securely delete or anonymise data when it is no longer needed.

9. Your Rights

Under UK GDPR, individuals have the right to:

  • Access their data

  • Correct inaccuracies

  • Erase data (“right to be forgotten”)

  • Restrict or object to processing

  • Withdraw consent

  • Data portability

To exercise your rights, contact us at jayne@ostara-evants.co.uk

10. Data Breaches

We will notify the ICO and affected individuals of any data breaches where required by law, within 72 hours.

11. Contact and Complaints

If you have questions or concerns about this policy or your data, please contact:
jayne@ostara-events.co.uk - Director
tina@ostara-events.co.uk - Events Manager

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
www.ico.org.uk

Reviewed annually or when significant changes occur in the law or our business operations.

OE Logo-03.png
Errie Escapes V3.png

Eerie Escapes® is a registered trademark

Ostara Events® is a registered trademark

© Ostara Events

Registered Office: 4 Teme Court, Teme St, Tenbury Wells, WR15 8AA

bottom of page