Who is responsible for my data? Played Limited is responsible for your data. We are registered as a company in England and Wales and act as the data controller for the data we collect from you. We also act as the data processor for the data that you collect from attendees when using Played.
How is my personal data used? We use your personal data for various purposes, such as creating a secure login to access your account, providing support, sending essential account notifications, and for marketing purposes.
Where is my data stored? Your data is stored in Played's secure database in London, UK, hosted on the Microsoft Azure Cloud in a Microsoft data centre in the UK South.
What are my rights regarding my data? You can see, amend, correct or delete your personal data, as well as limit, restrict or object to its processing. You can also withdraw your consent for data usage, such as for marketing emails, and object to our use of your data where we rely on our legitimate interests.
How do I exercise my rights? To raise any objections or exercise any of your rights, you can send an email to email@example.com. We may ask you to verify your identity before providing any information.
How do you ensure GDPR compliance? We are committed to GDPR compliance and have implemented security protocols, data storage and transfer safeguards, and privacy policies in line with GDPR requirements. We also work with third parties that adhere to the same standards.
What if I have concerns or complaints? If you have any complaints concerning Played's processing of your personal data, please email us at firstname.lastname@example.org. You also have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data in the country where you live or work, or where you think a breach of data protection laws might have taken place.
How we use your personal data?
Who do you share my data with? We share your data with some sub-processors like Atlas, Sendgrid, and Stripe. We ensure they adhere to the same data protection standards as we do, and your personal data is never sold to third parties.
International data transfers and security
We take security extremely seriously and have technologies, processes and security protocols to protect against the loss or theft of personal data. Our security processes include:
We will report any breach of Personal Data, and do so as fast as we can; we aim to let people know within 24 hours.
We use external servers monitored by Microsoft Azure Cloud Platform, a world-leader in data storage and security. Access to any business account is strictly limited and a register is kept of all access. Personal information can only be partially accessed for business technical support, billing or maintenance reasons. Played has strict internal data handling policies that all employees with access to data commit too.
We will only send data outside of the European Economic Area (‘EEA’) to work with third parties who we use to deliver services to you or to comply with a legal duty. If we do transfer data outside the EEA, we will make sure that it is protected in the same way as if it were being used in the EEA. We will use one of the following safeguards to ensure that it is protected:
How long we hold your data? We keep your data only for as long as we need it. How long we need data depends on what we are using it for, whether that is to provide services to you, for our own legitimate interests (described above) or so that we can comply with the law. We will actively review the information we hold and when there is no longer a customer, legal or business need for us to hold it, we will either delete it securely or in some cases anonymise it. These principles are extended to any third party services that we share your data with.
What should I do if I have concerns or complaints? If you have any concerns or complaints about Played's processing of your personal data, please email us at email@example.com. Note that you have the right to lodge a complaint with the supervisory authority responsible for the protection of personal data in the country where you live or work, or where you think a breach of data protection laws might have occurred.