Privacy Policy
How your information is collected, used, and protected.
1. Introduction
Marcos Kennedy ("we", "us", "our"), operating through the website marcoskennedy.com, is committed to protecting the privacy and personal data of our clients and website visitors. This Privacy Policy explains how we collect, use, store, and protect your personal data.
Scope of Applicability: If you reside within the European Economic Area (EEA), the United Kingdom, or Switzerland, your data is processed strictly in accordance with the General Data Protection Regulation (EU) 2016/679 ("GDPR"). If you reside outside these regions, your data is processed under the terms outlined in this policy, which are designed to provide us with the operational flexibility necessary to offer our services globally.
By submitting a booking enquiry or otherwise providing personal data through our website, you acknowledge that you have read and understood this Privacy Policy.
2. Data Controller
The data controller responsible for your personal data is:
Marcos Kennedy
Website: marcoskennedy.com
For any data protection enquiries, please contact us at the email address listed on our website.
3. Personal Data We Collect
When you submit a booking enquiry through our website, we collect the following categories of personal data:
3.1 Identity and Contact Data
- First name and last name
- Email address
- Telephone number
3.2 Event and Booking Data
- Event date
- Country and city of the event
- Venue type
- Estimated guest count
- Budget range
- Event details (free-text description provided by you)
3.3 Booking Administration Data
- Unique booking reference number
- Booking status (for example: submitted, under review, quoted, confirmed, declined, or cancelled)
- Messages exchanged between you and our team regarding your booking
- Booking status change history and associated notes
3.4 Technical Data
- Timestamps of when your booking was created or updated
- Internal identifiers (customer ID, booking ID) used solely for system administration
4. Purposes and Legal Basis for Processing
For users in the EEA, UK, and Switzerland, we process your personal data for the following purposes, each supported by a lawful basis under Article 6 of the GDPR. For users outside these regions, we process your data based on contractual necessity and our business discretion.
| Purpose | Data Used | Legal Basis (EEA Only) |
|---|---|---|
| Responding to your booking enquiry and providing a quote | Identity, contact, and event data | Performance of a contract or pre-contractual steps (Art. 6(1)(b)) |
| Managing and administering your booking | All booking and administration data | Performance of a contract (Art. 6(1)(b)) |
| Communicating with you about your booking | Identity, contact data, and messages | Performance of a contract (Art. 6(1)(b)) |
| Maintaining internal records and audit trails | Status history, timestamps, and identifiers | Legitimate interest in business administration (Art. 6(1)(f)) |
| Complying with legal or regulatory obligations | All data as required | Legal obligation (Art. 6(1)(c)) |
5. Data Retention
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specifically:
- Confirmed bookings: personal data is retained for the duration of our contractual relationship and for six (6) years thereafter to comply with tax, accounting, and legal obligations.
- Declined or cancelled bookings: personal data is retained for up to two (2) years after the last interaction, after which it is securely deleted or anonymised.
- Booking messages and status history: retained for the same period as the associated booking record.
6. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data to any third party. We may share your data with:
- Hosting and infrastructure providers who store and process data on our behalf, under appropriate data processing agreements.
- Professional advisors (for example, accountants and legal counsel) where necessary for the performance of our services or to comply with legal obligations.
- Law enforcement or regulatory authorities, where required by law.
Where any third-party processor is located outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place for EEA residents, such as Standard Contractual Clauses approved by the European Commission.
7. Data Security
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to:
- Encrypted data storage and transmission (TLS/SSL).
- Access controls limiting data access to authorised personnel only.
- Regular review of our data processing practices and security measures.
Despite our efforts, no online system can be guaranteed 100% secure.
8. Your Privacy Rights
A. If you reside in the EEA, UK, or Switzerland:
Under the GDPR, you have strict statutory rights regarding your personal data:
Right of access (Article 15)
You have the right to request a copy of the personal data we hold about you.
Right to rectification (Article 16)
You have the right to request correction of any inaccurate or incomplete personal data.
Right to erasure (Article 17)
You have the right to request deletion of your personal data, subject to applicable legal retention requirements.
Right to restriction of processing (Article 18)
You have the right to request that we restrict the processing of your data in certain circumstances.
Right to data portability (Article 20)
You have the right to receive your personal data in a structured, commonly used, and machine-readable format.
Right to object (Article 21)
You have the right to object to processing based on our legitimate interests.
Right to withdraw consent
Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing carried out prior to withdrawal.
To exercise any of these rights, please contact us. We will respond to your request within one (1) month, as required by the GDPR.
B. If you reside OUTSIDE the EEA, UK, or Switzerland:
To the maximum extent permitted by applicable law, the strict provisions of the GDPR do not automatically apply to you. By using our website and services, you agree to the following limitations:
- Processing Discretion: We process your personal data primarily to facilitate your booking and support our business operations. The strict legal bases defined under European law do not bind our operations regarding your data.
- Privacy Requests: While we respect your privacy, requests to access, modify, or delete your data will be fulfilled at our sole discretion, unless a specific local law strictly mandates otherwise.
- Response Timelines: We are not bound by the strict 30-day response timelines mandated by the GDPR and will respond to inquiries within a commercially reasonable timeframe.
9. International Data Transfers
As we process bookings from clients located globally, your personal data may be transferred to and processed in jurisdictions outside your home country.
For EEA Users: Where such transfers occur outside the EEA, we ensure adequate safeguards are in place in accordance with Chapter V of the GDPR.
For Non-EEA Users: By using our website and providing your information, you explicitly consent to the transfer, storage, and processing of your personal data in the EEA and other regions where we or our service providers operate, recognizing that these regions may have data protection laws that are different or less protective than those in your country of residence.
10. Cookies and Website Tracking
For information about cookies and any tracking technologies used on marcoskennedy.com, please refer to our Cookie Policy (if applicable). This Privacy Policy covers only the personal data collected through our booking system.
11. Children's Data
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete it promptly.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Any material changes will be communicated by posting the updated policy on marcoskennedy.com with a revised effective date. We encourage you to review this page periodically.
13. Automated Decision-Making
We do not use automated decision-making or profiling that produces legal or similarly significant effects.
14. Complaints
If you reside in the EEA, UK, or Switzerland and believe that your data protection rights have been infringed, you have the right to lodge a complaint with a supervisory authority. You may contact the supervisory authority in the EU member state of your habitual residence, place of work, or place of the alleged infringement.
15. Contact Us
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us through the contact information provided on marcoskennedy.com.
16. Governing Law & Dispute Resolution
If you reside within the EEA: You may have statutory rights under local consumer and data protection laws that apply regardless of this clause.
If you reside outside the EEA: To the maximum extent permitted by applicable law, this Privacy Policy and any processing of your data shall be governed by and construed in accordance with the laws of the Netherlands. You expressly agree that any disputes arising from this policy or our data processing activities shall be subject to the exclusive jurisdiction of the competent courts of the Netherlands.