ITO tours Sports & Events
ITO tours Sports & Events
  • Home
  • Ticket only
  • Our events
    • Formula 1
    • Golf Packages sample
    • Concerts
    • Football
    • Harry Potter Packages
    • Abba Voyage
    • Abba Voyage Valentines
  • Our offices
  • News Letters / Blog
  • Reviews
  • More
    • Home
    • Ticket only
    • Our events
      • Formula 1
      • Golf Packages sample
      • Concerts
      • Football
      • Harry Potter Packages
      • Abba Voyage
      • Abba Voyage Valentines
    • Our offices
    • News Letters / Blog
    • Reviews

  • Home
  • Ticket only
  • Our events
    • Formula 1
    • Golf Packages sample
    • Concerts
    • Football
    • Harry Potter Packages
    • Abba Voyage
    • Abba Voyage Valentines
  • Our offices
  • News Letters / Blog
  • Reviews

Data Protection Policy for ITO Tours Sports & Events

Data Protection Policy for ITO Tours Sports & Events

Introduction

ITO Tours Sports & Events is committed to protecting the privacy and security of personal data. This Data Protection Policy outlines our practices and procedures for handling personal information in compliance with the UK's Data Protection Act 2018 and the General Data Protection Regulation (GDPR). We aim to process personal data respectfully, lawfully, and transparently.

Scope

This policy applies to all ITO Tours Sports & Events employees, contractors, and partners who have access to personal data collected by the organization.

Principles

ITO Tours Sports & Events adheres to the following data protection principles:

  • Lawfulness, fairness, and transparency: Personal data shall be processed lawfully, fairly, and transparently.
  • Purpose limitation: Data is collected for specified, explicit, and legitimate purposes and not further processed in an incompatible manner.
  • Data minimization: Only data necessary for the purposes it is processed is collected.
  • Accuracy: Every reasonable step must be taken to ensure accurate personal data is erased and rectified immediately.
  • Storage limitation: Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary.
  • Integrity and confidentiality: Personal data shall be processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and accidental loss, destruction, or damage.

Data Subject Rights

Individuals have the following rights regarding their data:

  • The      right to be informed
  • The      right of access
  • The      right to rectification
  • The      right to erasure
  • The      right to restrict processing
  • The      right to data portability
  • The      right to object
  • Rightsabouto automated decision-making and profiling

Data Protection Measures

ITO Tours Sports & Event implement appropriate technical and organizational measures to ensure and demonstrate that this policy performs data processing. Measures include:

  • Data      protection impact assessments
  • Integrating data protection      into internal documents
  • Regularly training staff on      data protection
  • Periodically testing the      effectiveness of security practices

Data Breach Procedure

In the event of a data breach, ITO Tours UK will promptly evaluate the risk to individuals' rights and freedoms and report this breach to the appropriate supervisory authority within 72 hours, where feasible.

Policy Review and Update

This policy will be regularly reviewed and updated to ensure data protection laws and regulations compliance.

Contact Information

For any inquiries regarding this policy or data protection practices, please contact our Data Protection Officer (DPO) 

   

Data Subject Access Request (DSAR) Policy

 1. Purpose This policy outlines the process by which [ITO Tours Sports & Events] ("we," "us," "our") handles Data Subject Access Requests (DSARs) from individuals ("data subjects") seeking access to their data processed by us, by the General Data Protection Regulation (GDPR) and other applicable data protection laws.

2. Scope This policy applies to all personal data processed by [ITOtours], regardless of the format in which it is held. All employees and contractors of [Organization Name] must adhere to this policy when handling DSARs.

3. Identifying a DSARA DSAR may be received by any part of our organization and can be made verbally or in writing. A request must not be officially labelled as a DSAR to warrant a response under this policy.

4. Submitting DSARData subjects may submit a DSAR to [Designated Contact Information, e.g., email, postal address]. Requests should include sufficient information to identify the requester (e.g., full name, contact details) and any specific data or processing activities to which the request relates.

5. Verification of Identity Upon receiving a DSAR, we will take reasonable steps to verify the requester's identity to ensure that personal data is not disclosed to unauthorized individuals. This may involve requesting additional information or documentation.

6. Processing a DSAR

  • Timeline: We aim to respond to DSARs within one month of receipt. Depending on the complexity and number of requests, this period may be extended by two more months.
  • Fees: Access requests are generally free of charge. However, we may charge a reasonable fee for additional copies or if the request is manifestly unfounded or excessive.

7. Responding to a DSAROur response will include the following information:

  • Confirmation of whether or not personal data concerning the data subject is being processed.
  • A copy of the personal data being processed, along with details of the processing purposes, categories of personal data, and recipients of the data.
  • This includes information on the data subject's rights, including the rights to rectification, erasure, restriction of processing, and object to processing.

8. Exemptions and Limitations Certain exemptions and limitations to a DSAR may apply under specific circumstances or legal requirements. If any such exemptions apply, the data subject will be informed accordingly.

9. Training and Awareness: All staff handling personal data will receive training on this policy and handling DSARs effectively and in compliance with our data protection obligations.

10. Policy Review and Updates This policy will be reviewed regularly and updated as necessary to ensure ongoing compliance with data protection laws and regulations.

Critical Incident Response Plan (CIRP) Policy

1. Policy Statement

ITO Tours Sports & Events is committed to ensuring the safety and well-being of our guests and staff and operational integrity. Our Critical Incident Response Plan (CIRP) is designed to provide a structured and effective response to incidents that could impact our operations, reputation, or the communities we serve. This policy outlines our approach to preparing for, managing, and recovering from such incidents.

2. Scope

This policy applies to all employees, contractors, and partners involved in the operations of ITO Tours Sports & Events, encompassing all services provided, including hotel allocations, transportation, and custom tour programs.

3. Objectives

  • To ensure a swift and effective response to any critical incident.
  • To minimize the impact of incidents on operations and stakeholders.
  • To safeguard the health and safety of guests and staff.
  • To maintain clear and effective communication with all stakeholders.
  • To facilitate a timely recovery and return to normal operations.

4. Identification of Critical Incidents

Critical incidents may include but are not limited to natural disasters, health crises, accidents, security threats, and significant operational failures. Each type of incident requires specific response strategies outlined in our detailed response procedures.

5. Roles and Responsibilities

  • CIRP Coordinator: Oversees the implementation of the CIRP, coordinates the response efforts, and serves as the primary point of contact.
  • Communication Officer: Manages all internal and external communications.
  • Safety Officer: Ensures the implementation of safety protocols and first aid measures.
  • Recovery Officer: Coordinates efforts to return to normal operations post-incident.

6. Communication Plan

The Communication Officer will manage communications, including notifying affected parties, coordinating with external agencies, and handling media inquiries. 

7. Response Procedures

Detailed response procedures will be developed for identified critical incidents, including evacuation plans, emergency contact numbers, coordination with local emergency services, and specific action steps for staff.

8. Review and Improvement

The CIRP will be reviewed annually or following a significant incident to incorporate lessons learned and emerging best practices.

9. Policy Approval and Implementation

The management of ITO Tours Sports & Events approves this policy and is effective immediately. All staff are required to familiarize themselves with the CIRP and participate in related training and drills.

Vendor/Third Party Risk Management Policy

 1. Purpose and Scope

This policy establishes a standardized framework for managing and mitigating risks associated with third-party vendors and service providers. It applies to all departments and employees involved in selecting, engaging, and managing third-party entities across the organization.

2. Policy Statement

The organization is committed to ensuring that all third-party engagements are conducted to minimise risk to our operations, reputation, and compliance obligations. We will systematically assess, monitor, and manage third-party risks through the lifecycle of the vendor relationship.

3. Definitions

  • Third-Party Vendor: Any external organization or individual that provides goods or services to the company.
  • Risk Management is the process of identifying, assessing, and controlling threats to an organization's capital and earnings.

4. Roles and Responsibilities

  • Senior Management: Ensure the policy is aligned with the organization's strategic goals.
  • Procurement Department: Lead the vendor selection process, ensuring all checks and balances are in place.
  • Risk Management Team: Conduct risk assessments,      monitor vendor performance, and manage risk mitigation strategies.
  • Legal and Compliance: Ensure vendor agreements comply with applicable laws and regulations.
  • IT Department: Assess and manage technology-related risks from third-party vendors.

5. Vendor Selection Process

  • Pre-Assessment: Initial screening of vendors to ensure they meet the organization's minimum requirements.
  • Risk Assessment: Detailed evaluation of      potential risks associated with a vendor, including financial stability,      cybersecurity measures, and compliance practices.
  • Selection Criteria: Vendors must meet criteria related to reputation, reliability, cost-effectiveness, and alignment with      organizational values.

6. Vendor Risk Assessment and Monitoring

  • Continuous Monitoring: Regular reviews of vendor performance, risk exposure, and compliance with contractual obligations.
  • Risk Mitigation Strategies: Developing and implementing action plans to address identified risks.
  • Reporting and Documentation: Maintaining comprehensive records of risk assessments, monitoring activities, and mitigation measures.

7. Compliance and Legal Considerations

Ensuring all vendor agreements include provisions for compliance with relevant laws, regulations, and standards. This includes data protection, cybersecurity, and industry-specific requirements.

8. Training and Awareness

Providing training for employees involved in the vendor management process to ensure they understand the risks and procedures associated with third-party engagements.

9. Policy Review and Update

Regularly reviewing and updating the policy to reflect changes in the regulatory landscape, industry practices, and organizational priorities.

10. Enforcement

Failure to comply with this policy may result in disciplinary action, including termination of employment for individuals and termination of vendor contracts.

Copyright © 2024 ITO Tours Sports & Events - All Rights Reserved.

Powered by ITO Tours UK

  • Formula 1
  • Golf Packages sample
  • Concerts
  • Football
  • Our offices
  • T&C
  • Privacy Policy
  • Policies
  • News Letters / Blog
  • Maastricht 24-25

This website uses cookies.

We use cookies to analyze website traffic and optimize your website experience. By accepting our use of cookies, your data will be aggregated with all other user data.

DeclineAccept

Sign up to our newsletter

sign up