Side Quest Events
The Card Reserve
Get on the list
Legal

Privacy Policy.

How we collect, use and protect your personal data, and the rights you have over it.

Last updated: 2 May 2026

1. About this policy

This privacy policy explains how Side Quest Events Ltd (“we”, “us”, “our”) collects, uses, shares and protects your personal data when you visit our website, sign up for the early list, apply to vendor or contact us. It also tells you about the rights you have under the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

We are committed to keeping your personal data safe and using it only in ways you would reasonably expect.

2. Who we are

Data controller: Side Quest Events Ltd, a company registered in England and Wales (company number to be confirmed), with registered address in the United Kingdom.

Contact: hello@sidequestevents.co.uk.

3. What information we collect

We only collect what we need. Depending on how you use the site, this may include:

  • Identity and contact data: first name, email address and (optionally) mobile phone number when you join the early list, contact us, or apply to vendor.
  • Vendor data: business name, business category, target events and message content if you submit a vendor application.
  • Preferences: which cities you ticked when joining the early list, your cookie consent choices.
  • Technical data: IP address, browser type and version, time zone, device information and pages visited. Collected automatically by our hosting and analytics providers.

We do not knowingly collect data from anyone under 16. If you are under 16, please do not submit personal data without a parent or guardian.

4. How we use your data and our legal basis

Under UK GDPR we must have a lawful basis to use your data. The bases we rely on are:

  • Consent – for sending you launch updates, prize-draw entry confirmations and marketing emails or texts. You can withdraw consent at any time.
  • Legitimate interests – for running and improving the site, responding to enquiries, preventing fraud and abuse, and reviewing vendor applications. Our interests do not override your rights and freedoms.
  • Contract – if you become a vendor or buy a ticket once tickets are on sale, to deliver what you booked.
  • Legal obligation – for accounting, tax and compliance with applicable law.

5. Who we share data with

We do not sell your personal data. We share it only with trusted third parties acting as data processors on our behalf, including:

  • Hosting and infrastructure providers (e.g. our website host and CDN).
  • Email and SMS delivery providers used to send the messages you've consented to receive.
  • Analytics providers (only when you have given consent for analytics cookies).
  • Professional advisers (lawyers, accountants) where strictly necessary.
  • Authorities or regulators where required by law.

All processors are contractually required to protect your data and use it only for the purpose we instruct.

6. International transfers

Some of our processors may be based outside the UK. Where this happens, we ensure an appropriate safeguard is in place, such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or transfers to a country the UK considers to provide an adequate level of protection.

7. How long we keep your data

We keep personal data only as long as we need it:

  • Early-list signups: until you unsubscribe, plus a short suppression period to ensure we don't email you again by mistake.
  • Contact-form messages: up to 24 months from your last exchange with us.
  • Vendor applications: for the lifetime of the working relationship plus 6 years for tax and accounting records.
  • Anonymous analytics: in line with the retention set by the analytics provider, generally up to 26 months.

8. Your rights

Under UK GDPR you have the right to:

  • Be informed about how we use your data (this policy).
  • Access a copy of the personal data we hold about you.
  • Rectify data that is inaccurate or incomplete.
  • Erase your personal data in certain circumstances (the “right to be forgotten”).
  • Restrict our processing of your data.
  • Object to processing based on legitimate interests, and to direct marketing at any time.
  • Data portability: receive your data in a structured, machine-readable format.
  • Withdraw consent at any time where we rely on consent.

To exercise any of these rights, email hello@sidequestevents.co.uk. We will respond within one month. Identity verification may be required.

9. Cookies and similar technologies

We use cookies and browser storage to make the site work and, with your consent, for analytics and marketing. See our Cookie Policy for the full list and how to manage your choices.

10. Security

We use appropriate technical and organisational measures to protect your data, including encryption in transit (HTTPS), access controls and supplier vetting. No system is completely secure, so we also keep collection minimal and retention short.

11. Complaints

If you have a concern about how we handle your data, please contact us first so we can try to resolve it. You also have the right to complain to the Information Commissioner's Office (ICO), the UK regulator for data protection:

12. Changes to this policy

We may update this policy from time to time. The date at the top of this page shows when it was last revised. Significant changes will be flagged on the website or by email where appropriate.