Effective Date: 26th February 2026

1. Introduction

This Privacy Policy explains how GEMFESTIVAL LTD

(Company No: 15191795, Registered Office: 4th Floor, 14 Museum Place, City Centre, Cardiff, CF10 3BH)

(“GemFest”, “we”, “our”, “us”) collects, uses, discloses, and protects your personal data when you:

  • Use the GemFest website

  • Purchase tickets for GemFest

  • Join our mailing list

  • Submit accessibility, crew, supplier or work applications

  • Attend our events

GEMFESTIVAL LTD is the Data Controller for all GemFest-related data processing.

We comply with:

  • UK GDPR & Data Protection Act 2018

  • EU GDPR (for EU residents)

  • Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs), where applicable

For privacy queries, contact: info@pulluprecordings.co.uk

2. Data We Collect

Data Provided Directly By You

  • Name

  • Email address

  • Phone number

  • Postal address

  • Ticket purchase details (event selection, order ID, billing details)

  • Marketing preferences and consent records

  • Accessibility requirements (where voluntarily provided)

  • Crew, supplier or contractor application information

  • Customer support communications

Payment details are processed securely by third-party payment providers. We do not store full card details.

Data Collected Automatically

  • IP address

  • Browser and device information

  • Pages visited and usage data

  • Referral source

  • Timestamps

  • Cookie identifiers

Data From Partners

We may receive limited data from:

  • Ticketing platforms (e.g. FIXR, Skiddle, Eventbrite, Fatsoma, Resident Advisor or other appointed providers)

  • Analytics platforms (e.g. Google Analytics)

  • Advertising platforms (e.g. Meta Ads)

These providers act as independent Data Controllers for their own processing.

3. How We Use Your Data

We use personal data to:

  • Process and deliver ticket orders

  • Facilitate event entry and accreditation

  • Provide customer support

  • Send marketing communications (where consented or legally permitted)

  • Improve our website and event experience

  • Manage crew, supplier and contractor onboarding

  • Ensure event safety and compliance with legal obligations

  • Detect and prevent fraud or misuse

4. Legal Bases (UK & EU)

Under UK/EU GDPR, we rely on:

Contract – to provide tickets and event services

Consent – for marketing and non-essential cookies

Legitimate Interests – service improvement, fraud prevention, event safety

Legal Obligation – accounting, regulatory and safety compliance

5. Sharing Your Data

We do not sell your personal data.

We may share personal data with:

  • Ticketing providers

  • Payment processors and banks

  • Email and CRM providers

  • Analytics and advertising platforms

  • Event medical, security or safety teams (where operationally necessary)

  • Professional advisors (legal, accounting, insurance)

Where data is transferred outside the UK or EU, we ensure appropriate safeguards such as Standard Contractual Clauses or other lawful mechanisms.

6. Data Retention

We retain personal data only as long as necessary:

  • Ticketing and financial records: up to 6 years (legal/accounting requirement)

  • Marketing data: until you withdraw consent or become inactive

  • Support and incident logs: as required for resolution or compliance

  • Cookie and analytics data: see our Cookie Policy

7. Your Rights (UK & EU Residents)

Under GDPR, you have the right to:

  • Access your personal data

  • Rectify inaccurate data

  • Request erasure

  • Restrict or object to processing

  • Data portability

  • Withdraw consent at any time

To exercise your rights, contact: info@pulluprecordings.co.uk

You may also lodge a complaint with the UK Information Commissioner’s Office (ICO) or your local EU supervisory authority.

8. Additional Rights for Australian Residents

If you are located in Australia, you have rights under the Australian Privacy Act 1988 and the Australian Privacy Principles (APPs), including:

  • Access to your personal data

  • Correction of inaccurate or incomplete information

  • Assurance that data is collected only where reasonably necessary

  • The right to opt out of direct marketing

  • Protection for cross-border transfers

If you have concerns, you may contact the Office of the Australian Information Commissioner (OAIC):

www.oaic.gov.au

9. Children

GemFest is intended for adults. We do not knowingly collect personal data from children without appropriate consent. If such data is identified, it will be deleted.

10. Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Secure hosting environments

  • Restricted internal access

  • Staff training

  • Encryption where appropriate

However, no system can guarantee absolute security.

11. Updates to This Policy

We may update this Privacy Policy periodically. Any changes will be published on this page with an updated effective date.

12. Contact

For privacy enquiries, data access requests, or complaints, please contact:

GEMFESTIVAL LTD

78–78a Monnow Street

Monmouth

NP25 3EQ

Email: info@pulluprecordings.co.uk

Privacy Policy