Privacy & Data Management Policy

1. Purpose and Overview

Standout Events is committed to managing personal information in a secure, transparent, and lawful manner. This policy outlines our approach to handling personal data concerning clients, team members, suppliers, and other individuals we engage with during our operations. It aims to define our standards and ensure alignment with data protection regulations.

2. Objective of This Policy

This document has been developed to ensure Standout Events:

  • Complies with relevant data privacy laws and embraces ethical data practices

  • Safeguards the privacy rights of employees, clients, and stakeholders

  • Provides clarity on how personal information is collected, managed, and stored

  • Minimizes the risk of data breaches or misuse

3. Legal Framework

The management of personal data at Standout Events is governed by applicable legislation, including the Data Protection Act. These laws apply to all forms of data storage—whether digital, physical, or otherwise.

To meet legal obligations, personal data must be:

  • Collected and handled transparently and legally

  • Used strictly for legitimate purposes

  • Accurate, relevant, and limited to what is necessary

  • Kept up to date where required

  • Retained only for as long as is necessary

  • Managed in accordance with the rights of the individuals concerned

  • Securely protected from unauthorized access or disclosure

  • Transferred outside of the European Economic Area only when adequate protections are in place

4. Scope of the Policy

This policy is applicable to:

  • The Standout Events head office

  • All associated offices and operational locations

  • All full-time, part-time, freelance, and volunteer personnel

  • Third-party service providers, contractors, and consultants representing Standout Events

The policy governs all identifiable data we collect and store, such as:

  • Full names

  • Physical and mailing addresses

  • Email details

  • Contact numbers

  • Any other personal or identifying information

5. Data Security Risks Addressed

The purpose of this policy is also to protect the organization from key threats, including:

  • Unauthorized sharing or leakage of confidential information

  • Lack of informed consent regarding how personal data is utilized

  • Reputational harm from data theft, hacking, or internal mishandling

6. Roles and Responsibilities

While every team member and associate is expected to handle data responsibly, specific roles carry additional accountability:

Senior Leadership

The Board of Directors holds overall responsibility for ensuring compliance with data protection obligations.

Management Responsibilities

Management is tasked with:

  • Advising the leadership team on data protection duties and associated risks

  • Overseeing policy reviews and updates in line with regulatory changes

  • Organizing training for employees and relevant stakeholders

  • Managing subject access requests from individuals regarding their personal data

  • Approving third-party agreements where data handling is involved

  • Validating data protection messaging in official communication (emails, letters, etc.)

  • Responding to media or public queries regarding data protection issues

  • Working cross-functionally to ensure marketing and outreach activities comply with data protection standards

IT Manager Responsibilities

The IT Manager is charged with:

  • Making sure digital infrastructure meets cybersecurity best practices

  • Running regular system checks and ensuring security tools are functioning correctly

  • Reviewing and assessing external data storage or cloud service providers before use