Privacy Policy
Introduction
Look here friends, the only reason I, Hristo, am doing this is because if I don't then someone is inevitably going to be a wise guy and do the "Ohhh but isn't your job personal data, how come you don't have a Privacy Policy hahahah" joke. Surprise, we got a Privacy Policy! The aim will be to describe, in less than certain terms, what personal data Hristo, Zhaki and other people working on the wedding (together, "the Wedding Team") will be processing, why we'll be doing that, and what you can do if you don't like it (does not involve shoving anything up anything).
Who's who
This Privacy Policy concerns the processing of personal data by the Wedding Team, an entity incorporated (in spirit) in Bulgaria that will act as a controller of your personal data and will determine the "means", "purposes" and "levels of chaos" of the processing activities.
I, Hristo, have appointed myself as the Data Protection Officer ("DPO") because:
(a) I work in the privacy field yet I might never actually become a DPO, and
(b) considering my physicality, this may be my only chance of becoming an "officer" of any kind.
If you have data-related queries, do feel free to contact me, the DPO, at svatbahristoizhaklin@gmail.com again. If you want to have me crying before the wedding has started, ask me to show you my license.
Btw we've included some third-party links on our website and if you click on them you get sent to, like, Pinterest. I've only heard delightful things about Pinterest but they might collect and share your data on their own accord and then you have to read their Privacy Policy to decide if that's okay or not. And it is okay but apparently we have to mention it.
What, Why, How we collect
Okay, guys, I'm going to level with you, we do collect some stuff. From the top of my head that's your name, telephone number, email/physical address and potentially photos and videos from the wedding day. We also collect some more quirky and "less personal" data like dietary preference, Taste in music, relationship status and sense of humour. But that's okay. We have:
Reasons
Quick answer - to organise the best wedding possible, nothing more, nothing less.
Long(er) answer - to send you invites, book accommodation, make sure you don't get food poisoning when ingesting, deny you access to the mic in case of bad jokes, etc. etc.
So okay, it's obvious we have good Reasons. But the real question about collecting your personal (and less personal) data is:
How
We send you Google form questionnaires, you fill them out, we see your response, not some crazy secret. Also sometimes we text you at concerning hours on like Instagram or WhatsApp to make sure you haven't changed your main email address (or your legal name) in the last 10 years.
Legal basis
All jokes aside, we actually do have to comply with the law when processing your personal data. The Wedding Team is transparent about the fact that all processing activities are based on:
Consent
You can decide to provide your personal data so you help us out a bit with planning and organising the wedding - it's just one of those things that people only notice when you don't do them, but you still do them because you're a good person. Although sometimes your details are processed for:
Performance of a (metaphorical) contract
If you have provided your name in order to be counted as a guest to the wedding, but then later you feel kinda weird about it and want to have it erased, BAD NEWS. We can delete it, but you cannot join the wedding. It's a guestlist - a list of guest names - not the part of the end credits of a movie where extras are mentioned and everyone switches the channel.
International transfers
So okay, we transfer your personal data outside of the EU (UK) because a certain Great island country (UK) just could not live with the rest of us (UK). We rely on the EU-UK Adequacy decision because that makes sense, but also because we "can't be arsed" to write out standard contractual clauses (SCCs).
Security measures
I wanna sayyyy we have some? Like, we don't give access to our files outside of the Wedding Team which is a start. We are not yet ISO certified but as a DPO I can file an application for the company. I won't but it is a possibility in the broadest sense of the word.
Retention policy
Listen, we have no interest in retaining most of your data any longer after the wedding's over, so we'll make sure to delete it, or at least claim we deleted it, forget about it and leave it on a dormant file that leaks ten years later inexplicably with particularly perilous consequences for everybody.
The wedding photos and videos are a different story though, we hope to keep those in perpetuity throughout the universe, so please don't ask us to delete them.
In either case, text us and we'll undoubtedly figure something out.
You have rights
Did you know you have rights? The GDPR says you do!
We already mentioned you can ask us to delete some of your data, but you can also ask us to correct it (e.g. we gave you an "Iban" nametag instead of "Ivan") or to see what data we have about you ("Did I really ask the photographer to shoot me with the fake moustache on instead of actually shooting me?") You can also challenge us on this Privacy Policy which will certainly go over well with the DPO, will not create conflict at all and will be a real opportunity to grow.