Event Vendor Services

Privacy Policy

Who We Are

Event Vendor Services (“we”, “us”, “our”) is operated by Waldemar Schaechtel, who acts as the data controller responsible for the personal data processed through this website (eventvendorservices.co.uk).

Legal Name:

Waldemar Schaechtel

Trading Name:

Digital Business Company

Business Address / Registered Address:

48 Louise Lorne Road
Birmingham B13 8BN
United Kingdom

Contact Email:

info@dbcompany.uk

Types and Categories of Personal Data We Collect

We collect and process different categories of personal data depending on how you interact with our website. This includes information you provide directly, as well as data collected automatically through cookies, and server logs.

The categories of personal data we may collect are:

Server Log Data (collected automatically)

This includes:

  • IP address
  • browser type and version
  • operating system
  • referring URLs
  • pages visited
  • timestamps and access dates

These logs are generated automatically by our hosting provider for security, troubleshooting, and fraud-prevention purposes.

Cookie Identifiers

Unique identifiers stored in cookies or similar technologies that help us understand website performance, remember user preferences, or provide analytics.

(A separate Cookie Policy will provide full details about the cookies we use.)

Sources of Personal Data

We collect personal data from the following sources:

1. Directly from you

This includes information you provide when contacting us through our website contact form, such as your name, email address, and message.

2. Automatically through your use of our website

This includes data collected via:

  • server logs generated by our hosting provider
  • cookies and similar technologies
  • embedded content that may load resources from third-party providers (e.g., YouTube or social media embeds)
3. Not from third parties

We do not purchase data from external providers, marketing lists, or affiliate networks. All data we process comes directly from users or through automated technical systems when the website is accessed.

Contact Form Data

Contact Form Data (provided directly by you)

If you choose to contact us through the contact form on our website, we will collect the following personal data that you provide:

  • Full name
  • Email address
  • Subject / enquiry topic
  • Message content

This data is submitted via our Simple Contact Form (a WordPress plugin) and is transmitted to us by email via Google Mail (Gmail). We do not store contact form submissions in our website database.

Purpose of Processing:

To receive and respond to your enquiry.

Lawful Basis:

Legitimate Interests (Article 6(1)(f) UK GDPR). Our legitimate interest is to respond to communications that you have initiated by contacting us directly.

Retention Period:

We retain contact form submissions (received by email) for up to 12 months from the date of receipt, or for as long as reasonably necessary to fulfil the purpose of your enquiry. After this period, emails containing your personal data will be securely deleted.

Recipients:

Your data is transmitted to us via Google Mail (Gmail), operated by Google LLC. Google acts as a data processor in this context. Google’s data processing is governed by its own privacy policy, available at https://policies.google.com/privacy. We do not share the information you submit through the contact form with any other third parties.

Purposes of Processing and Lawful Bases

We process personal data only for specific and legitimate purposes in accordance with Article 13(1)(c) and Article 6 of the UK GDPR.

For each category of personal data, the purposes of processing and the lawful bases we rely on are listed below.

Server Log Data (collected automatically)

Purposes of Processing:

  • maintaining the security and integrity of the website
  • preventing fraud and detecting malicious activity
  • diagnosing technical issues and ensuring service stability
  • monitoring overall website performance

Lawful Basis:

Legitimate Interests (Article 6(1)(f) UK GDPR).

Our legitimate interest is to operate a secure, reliable, and technically functional website with minimal privacy impact.

Cookie Identifiers

Purposes of Processing:

  • enabling essential website functionality
  • remembering user preferences (if applicable)
  • improving website performance

Lawful Bases:

  • Legitimate Interests (Article 6(1)(f)) for strictly necessary cookies (e.g., security cookies, session cookies, load-balancing cookies)
  • Consent (Article 6(1)(a)) for any analytics or other non‑essential cookies that we may use in future.

Further details will be provided in our separate Cookie Policy.

Cookies and Similar Technologies

We use cookies and similar technologies to support essential website functions and improve the performance and reliability of our website. Cookies may be set directly by us (first-party cookies) or by third-party services that provide functionality or analytics.

Under the Privacy and Electronic Communications Regulations (PECR), we must inform you about the cookies we use, explain why they are used, and obtain your consent before placing any non-essential cookies on your device.

Types of Cookies We Use

Strictly Necessary Cookies:

These cookies are required for the website to function (e.g., security cookies, load-balancing cookies, session cookies). They do not require consent under PECR.

Other Non-Essential Cookies:

Any marketing, advertising, tracking, or social-media-related cookies require explicit consent and will only run if you choose to enable them.

Cookie Consent Mechanism

When you first visit our website, you will be presented with a cookie banner that allows you to:

  • accept all cookies
  • reject non-essential cookies
  • manage or change your preferences

You can withdraw your consent at any time by adjusting your cookie settings.

Cookie Policy

More detailed information—including the specific cookies used, their purposes, duration, and providers—is available in our separate Cookie Policy, which is linked from our cookie banner and website footer.

Profiling and Automated Decision-Making

We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.

We do not use behavioural advertising, personalised targeting, or tracking technologies that monitor individuals across websites for marketing purposes.

If we ever introduce third-party advertising technologies or profiling-based services in the future, full details will be provided in our Cookie Policy and this Privacy Policy will be updated accordingly.

Recipients and Categories of Recipients

We may share personal data with the following categories of recipients. These organisations process data on our behalf to help us operate and secure our website. We do not sell personal data or share it with third parties for their own independent marketing purposes.

Hosting Provider

We share server log data and other essential technical information with our hosting provider, which is necessary for website operation, security, and performance.

Purpose:

Website hosting, server administration, security, and performance monitoring.

Recipients and Categories of Recipients

Email Service Provider (Google LLC)
When you submit our contact form, your data is transmitted to us via Gmail, provided by Google LLC. Google acts as a data processor and does not use the content of your emails for its own advertising purposes. For more information, see Google’s Privacy Policy.

No Data Shared for Third-Party Marketing or Advertising

We do not share personal data with advertising networks, social media platforms, affiliate networks, or any third parties for marketing or profiling purposes.

No Data Shared with Payment Providers or E-Commerce Services

We do not sell products or process payments on this website. Therefore, no personal data is shared with payment processors.

Embedded Content Providers

When you view embedded content on our website (for example, a YouTube video or a social media post), your browser sends certain technical data (such as your IP address, browser type, and the page you are visiting) to the provider of that content so that it can be delivered to your device.

We currently embed content only from a small number of well‑known providers, such as YouTube (Google LLC). These providers may also set their own cookies or use similar technologies. We do not control their data processing. For more information, please refer to their respective privacy policies and to our separate Cookie Policy.

International Transfers of Personal Data

Our website is hosted by IONOS in data centres located within the United Kingdom and/or the European Economic Area (EEA), which the UK recognises as providing an adequate level of data protection.​

We do not transfer personal data to countries outside the UK or EEA. If this ever changes in future (for example, by adding new third‑party services based in other countries), we will update this Privacy Policy to explain the transfers and the safeguards we rely on.

Storage Periods and Retention Criteria

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, as explained in this Privacy Policy. Where exact retention periods cannot be specified, we apply clear criteria to determine how long data is stored, taking into account legal requirements, security needs, and our legitimate business interests.

Our typical retention periods are:

Server log data:

Retained for 30–90 days for security monitoring, fraud prevention, and troubleshooting.

After the applicable retention period expires, personal data is securely deleted, anonymised, or otherwise removed from our systems.

Security Measures

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it, in accordance with Article 32 of the UK GDPR.

These measures include:

  • SSL/TLS encryption (HTTPS) to protect data transmitted between your browser and our website
  • Secure hosting provided by reputable service providers with industry-standard safeguards
  • Regular software updates and security patches to keep our website and its components up to date
  • Strong password protections for administrator accounts
  • Access control policies, ensuring that only authorised individuals can access personal data
  • Regular backups to prevent data loss and ensure continuity in case of technical failure

While no online system can guarantee absolute security, we take reasonable and proportionate steps to protect your information from unauthorised access, loss, misuse, or alteration.

Your Rights Under UK GDPR

Under the UK General Data Protection Regulation (UK GDPR), you have several rights regarding your personal data. You may exercise any of the rights listed below by contacting us at info@dbcompany.uk

We will respond to all valid requests within one month, unless the request is complex or numerous, in which case we may extend the response time by a further two months (as permitted by law).

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you, together with information about how and why we process it.

Right to Rectification (Article 16)

You have the right to request that inaccurate or incomplete personal data be corrected.

Right to Erasure (Article 17)

You may request that we delete your personal data in certain circumstances, including when:

  • the data is no longer necessary for the purposes for which it was collected
  • you withdraw consent (where consent was the lawful basis)
  • you successfully object to processing (see below)

This right does not apply where processing is required by law or where there are overriding legitimate grounds.

Right to Restrict Processing (Article 18)

You may request that we limit the way we use your personal data, for example while we verify its accuracy or consider an objection.

Right to Object (Article 21)

You may object at any time to processing based on our legitimate interests.

We will stop processing unless we can demonstrate compelling legitimate grounds that override your rights.

Right to Data Portability (Article 20)

Where the lawful basis is consent or contract, and the processing is carried out by automated means, you may request your personal data in a structured, commonly used, machine-readable format, and—where technically feasible—have it transmitted to another controller.

Right to Withdraw Consent

If we rely on consent to process your personal data, you may withdraw that consent at any time.

This does not affect the lawfulness of processing carried out before withdrawal.

Rights Related to Automated Decision-Making (Article 22)

You have the right not to be subject to a decision based solely on automated processing—including profiling—that has legal or similarly significant effects on you.

We do not carry out such processing.

How to Exercise Your Rights

You can exercise any of your rights under the UK GDPR by contacting us at:

Email: info@dbcompany.uk

We will respond to all valid requests within one month. If your request is complex or if you have made multiple requests, we may extend this period by up to two additional months, as permitted by law. If an extension is required, we will inform you of the reasons.

To protect your information, we may need to verify your identity before responding to your request.

There is no fee for exercising your rights, except in cases where a request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.

Right to Complain to the ICO

If you have concerns about how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection.

You can contact the ICO using the details below:

Website: https://ico.org.uk

Helpline: 0303 123 1113

Live Chat: Available on the ICO website

Postal Address:

Information Commissioner’s OfficeWycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF
United Kingdom

We would appreciate the opportunity to address your concerns first, so please consider contacting us before approaching the ICO.

Children’s Data

Our website and content are not specifically directed at children, and we do not knowingly collect personal data from children under the age of 13. Under UK law (Article 8 UK GDPR), children aged 13 or above may give valid consent for certain online services, but only where consent is the lawful basis for processing.

If analytics or other optional cookies requiring consent are enabled, these will only be activated after a user provides valid consent through our cookie banner. We do not profile children or use children’s data for marketing purposes.

If you are a parent or guardian and believe that we may have inadvertently collected personal data from a child under 13, please contact us at info@dbcompany.uk so that we can promptly delete the information.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we provide. When we make significant changes, we will post a notice on this website to inform you of the update.

The “Last updated” date below indicates when this Privacy Policy was most recently revised.

Last updated: 12 May 2026