Legal

Application Privacy Notice

Last updated: 22 April 2026

This notice explains how we handle personal data inside the EventWorks application — the software you use after signing in to your EventWorks account.

If you're looking for how we handle data on our public marketing site, see our website privacy policy. If you're a customer asking how we handle the personal data you enter into the platform about your own business contacts — people at your client organisations and your suppliers — see our Data Processing Addendum. For that data we act as a processor on your behalf, and the DPA governs our obligations.

Who we are

EventWorks is a product of Kick Digital Ltd, a company registered in England and Wales (company number 08967728). Our registered office is at 2 Endeavour House, Parkway Court, Longbridge Road, Plymouth, Devon, PL6 8LR.

For data covered by this notice, Kick Digital Ltd is the data controller. You can reach us at [email protected] or on 01752 710404.

Our two roles

Inside the application, we wear two hats depending on whose data we're processing:

  • Controller — for data about the people who sign in to EventWorks on behalf of a customer organisation (account holders, administrators, and invited team members). We decide why and how this data is processed, and this notice covers it.
  • Processor — for the personal data that customers enter into the platform about their own business contacts: people at their client organisations, their suppliers (such as caterers, venues, and other event partners), and similar business relationships. We only process that data on the customer's instructions, under the terms of our Data Processing Addendum. This notice does not describe that processing.

What we collect about account users

1. Account and profile data

When your organisation creates an EventWorks account, and when you are invited or sign in as a user, we collect:

  • Name, email address, and (optionally) phone and job title.
  • A hashed password, or the identifier returned by your single sign-on provider.
  • Your organisation's billing details, address, and VAT status.
  • Any profile photo you choose to upload.

2. Usage, security, and audit data

While you use EventWorks we record:

  • IP address, browser, and device information for sign-in and security purposes.
  • An audit trail of changes you make inside the application (who did what and when).
  • Application and error logs, which may incidentally contain identifiers.

3. Support and communication data

If you contact our support team — whether by email, through the in-app chat widget, or through our help centre — we keep a record of that correspondence and any information you share with us to help resolve your query.

4. Billing data

Our payment provider, Stripe, handles card details directly — we do not see or store full card numbers. We retain the information Stripe returns to us (last four digits, card brand, billing country) and the resulting invoices, which we are legally required to keep.

How we use your data and our legal basis

  • To provide the EventWorks service — creating your account, authenticating you, delivering features, and providing support. Legal basis: performance of our contract with your organisation, and our legitimate interests in operating the service.
  • To bill for the service — taking payment, producing invoices, and keeping accounting records. Legal basis: contract, and legal obligation (UK tax and accounting law).
  • To keep the service secure — detecting abuse, investigating incidents, and preventing fraud. Legal basis: legitimate interests in protecting our service and our customers.
  • To improve the product — understanding how features are used in aggregate, fixing bugs, and prioritising work. Legal basis: legitimate interests. We use non-essential analytics only with your consent (see Cookies below).
  • To send service communications — important notices about your account, security, and changes to the service. Legal basis: contract and legitimate interests.
  • To send marketing or product news, where you've opted in. Legal basis: your consent. You can unsubscribe at any time.

How long we keep it

  • Active account data: for as long as your organisation has an EventWorks subscription.
  • After an account closes: we retain account and billing records for up to 7 years to meet UK tax and accounting obligations. User profile data not needed for those records is deleted or anonymised sooner.
  • Support correspondence: typically 3 years from the last interaction.
  • Application and security logs: up to 90 days in the ordinary course of business, longer if an incident is under investigation.
  • Marketing consent records: until you unsubscribe, plus a short record of the withdrawal itself.

Who we share it with

We do not sell your data. We share it with service providers that help us run EventWorks. Our current sub-processors are listed at geteventworks.com/sub-processors, which is the authoritative list — this section summarises the main categories:

  • Hosting and infrastructure — the providers who host our servers, databases, and backups.
  • Payments — Stripe, for card processing and billing.
  • Transactional email — to send account notifications, password resets, and invoices.
  • Customer support — the live-chat and help-centre tools embedded in the application.
  • Error monitoring — to capture and investigate application errors.
  • Optional third-party integrations — accounting tools, CRMs, calendars, and similar services that a customer chooses to connect to their own account. Data flows to these providers only when a customer enables the integration.

Where any of these providers process personal data outside the UK, they do so under appropriate safeguards (such as the UK International Data Transfer Addendum to the EU Standard Contractual Clauses, or an adequacy decision).

Cookies and similar technologies

The EventWorks application uses cookies and similar technologies for two purposes:

  • Strictly necessary — to keep you signed in, remember your workspace, protect against cross-site request forgery, and preserve essential preferences. These do not require consent.
  • Optional — support chat widgets, product analytics, and error-reporting tools. These only load after you accept them in our cookie banner.

You can review or change your cookie choices at any time using the Cookie Preferences link in the application footer.

Your rights

Under UK GDPR, you have the right to:

  • Request a copy of the personal data we hold about you as an account user.
  • Ask us to correct information that is inaccurate or incomplete.
  • Ask us to delete your data, where we no longer need it and there is no overriding legal obligation to keep it.
  • Object to, or ask us to restrict, certain processing based on our legitimate interests.
  • Withdraw consent (for marketing or optional cookies) at any time.
  • Receive your data in a portable format.

Many of these actions can be performed directly in the application (for example, updating your profile or exporting your own data). For anything else, email [email protected] and we will respond within one month.

If your business contact details appear in EventWorks because one of our customers added you as a client contact or supplier contact, please contact that customer in the first instance — they are the controller of your data. We will support them in handling your request.

Making a complaint

We would rather hear from you first so we can put things right, but you have the right to complain to the UK Information Commissioner's Office (ICO). You can contact the ICO at ico.org.uk or on 0303 123 1113.

Changes to this notice

If we make material changes, we will update the "Last updated" date at the top of this page and, where appropriate, notify account administrators by email.