Privacy

Privacy Policy

Jonas Event Technology (“JET”, “we”, “us”, “our”), part of the Vesta Software Group, is committed to protecting your privacy. You might interact with JET in various ways, and the information you provide when doing so allows us to improve our services.

This website, our related websites and any mobile site or mobile application that links to this Privacy Policy (collectively, the “Site” and “Sites”) are owned and operated by Jonas Event Technology, registered in England and Wales under company number 7864900, VAT number GB 484 0292 85, with its registered office and principal place of business at Stables 1, Howbery Park, Wallingford, Oxfordshire, England, OX10 8BA.

This Privacy Policy applies to Jonas Event Technology and its subsidiaries and affiliates and covers our processing activities as a data controller. It explains:

  • what information we collect, and why we collect it;
  • how we use that information;
  • how we protect that information;
  • how you can control your information, including accessing, updating and deleting what we store; and
  • how we share information collected.

Data protection laws we comply with

We process personal data in accordance with applicable data protection laws, including: (i) the UK General Data Protection Regulation (“UK GDPR”) and the Data Protection Act 2018; (ii) where we process personal data of individuals in the European Economic Area (“EEA”), the EU General Data Protection Regulation (EU) 2016/679 (“EU GDPR”); (iii) the Privacy and Electronic Communications Regulations 2003 (“PECR”) in respect of cookies and electronic marketing; and (iv) any applicable decisions, guidelines, guidance notes and codes of practice issued from time to time by courts, supervisory authorities (including the Information Commissioner’s Office (“ICO”)) and other applicable government authorities, in each case together with all laws implementing, replacing or supplementing the same.

Children

We do not sell our services to children and the Sites are not intended for or directed at children under the age of 16. As such, our Sites are designed for adult user interaction. We do not intentionally collect personal data from children under the age of 16. If you believe that we may have collected personal data from a child under 16, please contact us using the details below.

Data Protection Contact

We have appointed a Data Protection Contact who you can reach about any queries you may have in relation to this Privacy Policy.

Contacting us

If you have any questions about this Privacy Policy or your information, or wish to exercise any of your rights as described in this Privacy Policy or under data protection laws, you can contact us as follows:

  • By post: Jonas Event Technology, The Thames Wing, Howbery Park, Wallingford, OX10 8FD
  • By telephone: 01865 893 560
  • By email: hello@jonas.events

You can also contact the Vesta Software Group privacy team at Privacy@VestaSoftwareGroup.com.

Information we collect

Information you give us

We may collect or record basic personal information which you voluntarily provide through completing forms on our Site, through email you send to us, or through other means of communication between you and us. The categories of personal information you provide may include:

  • first and last name;
  • job title and company name;
  • email address;
  • phone number;
  • mailing address;
  • password to register with us;
  • your personal or professional interests; and
  • any other identifier that permits us to make contact with you.

We do not generally seek to collect sensitive personal information (for example government ID numbers, payment card details, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, health or sex life, sexual orientation, or genetic or biometric information) through our Site. If we do, we will ask for your explicit consent to our proposed use of that information at the time of collection. Any such information will be collected, stored, accessed and processed in a secure manner.

Information we collect from you

We collect, store and use information about your visits to the Sites and about the computer, tablet, mobile or other device through which you access the Sites. This includes:

  • technical information, including the Internet protocol (IP) address, source domain names, browser type, internet service provider, device identifier, your login information, time zone setting, browser plug-in types and versions, operating system and platform, and geographical location;
  • information about your visits and use of the Site, including the full Uniform Resource Locators (URL), clickstream to, through and from our Site, pages you viewed and searched for, page response times, length of visits to certain pages, referral source/exit pages, page interaction information (such as scrolling, clicks and mouse-overs), and website navigation and search terms used; and
  • information about individual contacts at our customers (“Business Contact Information”) collected in the ordinary course of our business for managing and maintaining customer relationships, which may include name, address, invoice information (including bank account information) and order information.

Employee and applicant information

We also collect personal information from our employees and from job applicants in connection with the administration of our human resources programs and functions, including job applications and hiring, compensation and benefits, performance appraisals, training, access to our facilities and computer networks, employee profiles and directories, human resources recordkeeping, and other employment-related purposes. It is our policy to keep all past and present employee information private from disclosure to third parties, subject to the following business-related exceptions:

  • to comply with legal obligations;
  • third parties with which we have contractual agreements to assist in the administration of company-sponsored benefits;
  • inquiries from third parties with a signed authorisation from the employee to release the information, which will be handled on a confidential basis by the human resources or payroll department; and
  • requests from prospective employers for written verification of employment. As it may not be reasonable for us to seek consent from past employees on every occasion we receive a reference request, past employees should let us know if they object to us processing their data for this purpose. Such requests will be handled on a confidential basis by the human resources or payroll department.

How we use your information

As a data controller, we will only use your personal information where we have a legal basis for doing so. The purposes for which we use and process your information, and the legal basis on which we carry out each type of processing, are explained in the table below. Note that we may process your personal data on more than one lawful ground where the data is used for several purposes.

Purpose for which we process the information Type of data Legal basis for the processing
To provide you with information and materials that you request from us.

(a) Identity

(b) Contact

It is in our legitimate interests to respond to your queries and provide any information and materials requested in order to generate and develop business. We consider this use to be proportionate and it will not be prejudicial or detrimental to you.
To personalise our services, products and the Sites to you.

(a) Identity

(b) Contact

(c) Technical

It is in our legitimate interests to improve the Site in order to enhance your experience, to facilitate system administration and to better our services. If you do not wish to receive tailored or personalised information from us, please contact us as set out in “Contacting us”.
To update you on services, products and benefits we offer.

(a) Identity

(b) Contact

(c) Profile

(d) Usage

(e) Marketing and Communications

(f) Technical

It is in our legitimate interests to market our services and products. You can opt out of direct marketing at any time by contacting us or by using the unsubscribe link in any marketing email you receive.
To send you information regarding changes to our policies, other terms and conditions and other administrative information.

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

It is in our legitimate interests to ensure that any changes to our policies and other terms are communicated to you.
To administer our Sites, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and to keep our Sites safe and secure.

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

It is in our legitimate interests to continually monitor and improve our services and your experience of the Sites and to ensure network security.
To measure or understand the effectiveness of any marketing we provide to you and others, and to deliver relevant marketing to you.

(a) Identity

(b) Contact

(c) Technical

(d) Usage

(e) Profile

It is in our legitimate interests to continually improve our offering and to develop our business.
To enforce the terms and conditions and any contracts entered into with you.

(a) Identity

(b) Contact

It is in our legitimate interests to enforce our terms and conditions of service and to establish, exercise or defend legal claims.
To perform direct sales activities.

(a) Identity

(b) Contact

It is in our legitimate interests to engage in sales activity for our services and products where there is a mutual interest. You can opt out of direct sales communications at any time by contacting us or by using the unsubscribe link in any email you receive.

If you do not wish to provide us with your personal data and processing such data is necessary for the performance of a contract with you, we may not be able to perform our obligations under the contract between us.

Where you provide consent, you can withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. You can update your details or change your privacy preferences by contacting us as set out in “Contacting us” above.

Where we rely on legitimate interests as a lawful basis, we carry out a balancing test to ensure that your interests, rights and freedoms do not override our legitimate interests. If you want further information on the balancing test we have carried out, you can request this by contacting us.

Marketing

We strive to provide you with choices regarding certain personal data uses, particularly around marketing and advertising. We do not share personal data with any company outside the Vesta Software Group and Jonas group of companies for marketing purposes.

Opting out

You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you, or by contacting us at any time.

Change of purpose

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal information for an unrelated purpose, we will notify you in a timely manner and explain the legal basis which allows us to do so.

Jonas Event Technology as data processor

In certain cases, we also operate as a data processor: we collect and process personal information on behalf of our business customers (for example event organisers) in the provision of our services and products, including event registration. In these circumstances, JET is acting as a data processor and our business customers remain the data controller in respect of personal information they provide to us.

To the extent that we are acting as a data processor, we act in accordance with the instructions of our customers regarding the collection, processing, storage, deletion and transfer of customer information, as well as other matters such as the provision of access to and rectification of personal information. We will only use such personal information for the purposes of providing the services and products for which our business customers have engaged us.

Our business customers are responsible for ensuring that these individuals’ privacy is respected, including communicating in their own privacy policies who their personal information is being shared with and processed by. Where JET is acting as a data processor, we will refer any request from an individual for access to personal information which we hold about them to our customer, and we will not respond directly to the request.

As a data processor, we may share personal information where instructed by our business customer. Where authorised by the business customer, we may also share personal information with third party service providers who work for us and who are subject to security and confidentiality obligations.

We will retain personal information which we process on behalf of our customers for as long as needed to provide services and products to our customers and in accordance with any agreement in place with our customers.

Disclosure of your personal data to third parties

We will not sell, rent, lease or otherwise share your personal information other than as outlined in this Privacy Policy, or without obtaining your consent beforehand.

Internal third parties

We may share your personal information with our group companies, affiliates, subsidiaries or contractors as necessary to carry out the purposes for which the information was supplied or collected (that is, to provide the services and products you have requested from us).

External third parties

Personal information will also be shared with our third party service providers and business partners who assist with the running of the Sites and our services and products, including hosting providers, email service providers, SMS providers and our CRM provider. Our third party service providers and business partners are subject to security and confidentiality obligations and are only permitted to process your personal information for specified purposes and in accordance with our instructions.

We may also post links to third party websites as a service to you. These third party websites are operated by companies outside of our control, and your activities at those websites will be governed by the policies and practices of those third parties. We encourage you to review the privacy policies of these third parties before disclosing any information, as we are not responsible for the privacy policies of those websites.

In addition, we may disclose information about you when we believe, in good faith, that such use or disclosure is reasonably necessary to:

  • comply with any legal or regulatory obligation;
  • enforce or apply the terms of any of our user agreements or our terms and conditions;
  • protect our rights, property or safety, or the rights, property or safety of our users or others, or the vital interests of a person;
  • establish, exercise or defend the rights of Jonas Event Technology, our staff, customers or others; and
  • implement a business divestiture, change of control, sale, merger or acquisition of all or part of our business, in which case we may disclose your personal information to the prospective seller or buyer of such business or assets. If all or substantially all of our assets are acquired by a third party, personal information held about our customers will be one of the transferred assets.

International transfers

Transfers from the UK

We share personal data within the Vesta Software Group and the wider Jonas group of companies. This may involve transferring your data outside the UK, including to the EEA. Some of our external third party service providers and business partners are also based outside the UK, so their processing of your personal data may involve a transfer of data outside the UK.

Personal data may flow freely from the UK to the EEA and to other countries covered by UK adequacy regulations. Whenever we transfer your personal data outside the UK to a country that is not covered by UK adequacy regulations, we ensure a similar degree of protection is afforded to it by putting in place appropriate safeguards, namely the ICO’s International Data Transfer Agreement (IDTA) or the UK Addendum to the European Commission’s Standard Contractual Clauses.

Transfers from the EEA

Where we process personal data of individuals in the EEA and transfer it outside the EEA to a country that has not been deemed by the European Commission to provide an adequate level of protection for personal data, we use the Standard Contractual Clauses approved by the European Commission under Article 46(2)(c) EU GDPR. The UK benefits from a European Commission adequacy decision, so personal data may flow freely from the EEA to the UK.

You can contact us as set out in “Contacting us” above if you want further information on the specific mechanism used by us when transferring your personal data.

Security of your personal data

The security of your personal information is important to us. We follow generally accepted industry standards to protect the personal information submitted to us, both during transmission and once we receive it. Jonas Event Technology is certified to ISO 27001.

We use appropriate measures to safeguard personal information, which are appropriate to the type of information maintained, and we follow applicable laws regarding the safeguarding of any such information under our control. In some areas of our Sites we use encryption technology to enhance information privacy and help prevent loss, misuse or alteration of the information under our control. We also employ industry-standard measures and processes for detecting and responding to inappropriate attempts to breach our systems.

No method of transmission over the internet, or method of electronic storage, can be 100% secure, and we therefore cannot guarantee the absolute security of your information. We encourage you to use caution when disclosing information online. You are responsible for protecting your username and password from third party access, and for selecting passwords that are secure. If you have any questions about security on our Site, you can contact us as set out in “Contacting us” above.

Data retention: how long we keep your personal data

When you contact us, we may keep a record of your communication to help solve any issues that you might be facing. Your information may be retained for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirement.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

Details of retention periods for different aspects of your personal data are available in our retention policy, which you can request by contacting us.

Your rights

Subject to certain limitations, you have rights under data protection laws in relation to your personal data. These include the rights to:

  • Request access to your personal data (commonly known as a “data subject access request”). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
  • Request correction of your personal data. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
  • Request erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note that we may refuse a request for erasure where the processing is necessary to comply with a legal obligation or for the establishment, exercise or defence of legal claims.
  • Request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it, as you need it to establish, exercise or defend legal claims; or (d) where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
  • Request transfer of your personal data. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies where your personal data is processed by us with your consent or for the performance of a contract, and where processing is carried out by automated means.
  • Withdraw consent. You can withdraw your consent at any time where we are relying on consent to process your personal data. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

Note that we may refuse to comply with a request if it is manifestly unfounded or excessive, or repetitive in nature.

Your right to object

Direct marketing

You have the right to object where we are processing your personal data for direct marketing purposes.

Where we process your information based on our legitimate interests

You also have the right to object, on grounds relating to your particular situation, at any time to processing of your personal information which is based on our legitimate interests. Where you object on this ground, we shall no longer process your personal information unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the establishment, exercise or defence of legal claims.

Exercising your rights

If you wish to exercise any of the rights set out above, including withdrawing consent, please contact us giving specific details of the right you wish to exercise.

No fee usually required

You will not have to pay a fee to access your personal data or to exercise any of your other rights. However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask for further information in relation to your request to speed up our response.

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated. Please direct any questions about your information to the Data Protection Contact identified above.

Cookies, IP addresses and aggregate information

Cookies

We use small files commonly known as “cookies” and similar technologies on the Sites. A cookie is a small amount of data, which often includes a unique identifier, that is sent to your computer or mobile device (your “device”) from the Sites and is stored on your device’s browser or hard drive.

We only set cookies that are not strictly necessary for the operation of the Sites with your consent. When you first visit the Sites, you will be presented with a cookie consent banner that allows you to accept or reject non-essential cookies by category. Strictly necessary cookies, which are essential for the basic functioning and security of the Sites (including recording your cookie preferences), are set without consent as permitted by law.

The cookies we use fall into the following categories:

  • Strictly necessary cookies – essential for the operation and security of the Sites, including recording your consent preferences;
  • Functional cookies – enable certain functionality, such as embedded video and scheduling tools;
  • Performance and analytics cookies – help us understand how visitors use the Sites so that we can improve them, including services such as Google Analytics, Microsoft Clarity and Hotjar;
  • Advertising cookies – used to measure the effectiveness of our marketing and to deliver relevant advertising, including services such as Google, Microsoft Advertising, LinkedIn and Salesforce Marketing Cloud Account Engagement (Pardot).

A full, up-to-date list of the specific cookies set on the Sites, including their provider, purpose and duration, is available in the cookie declaration within the “Cookie Settings” panel on the Sites. You can change or withdraw your cookie consent at any time via the “Cookie Settings” link on the Sites. You can also set your browser to block or alert you about cookies, although if you block cookies some features of the Sites may not function as a result. You can find more information about how to manage cookies for all commonly used internet browsers by visiting www.allaboutcookies.org, which also explains how to delete cookies already stored on your device.

Google Analytics

The Sites use Google Analytics, a web analytics service provided by Google. Google Analytics uses cookies to help us analyse how users use the Sites. The information generated about your use of the Sites will be transmitted to and stored by Google on servers which may be located outside the UK, including in the United States. Google uses this information to evaluate your use of the Sites, compile reports on website activity and provide other services relating to website activity and internet usage. Google may also transfer this information to third parties where required to do so by law, or where such third parties process the information on Google’s behalf. Google Analytics cookies are only set with your consent, which you can withdraw at any time via the “Cookie Settings” link on the Sites.

IP addresses and aggregate information

An Internet Protocol (“IP”) address is associated with your device’s connection to the internet. We may use your IP address to help diagnose problems with our server, to administer the Site and to maintain contact with you as you navigate through the Site. Aggregate information is used to measure visitors’ interest in, and use of, various areas of the Site. We rely upon aggregate information, which is information that does not identify you, such as statistical and navigational information, to undertake statistical and other summary analyses of visitors’ behaviours and characteristics. Although we may share this aggregate information with third parties, none of this information will allow anyone to identify you.

Links

The Sites may, from time to time, contain links to and from the websites of our business partners and affiliates. If you follow a link to any of these websites, please note that these websites have their own privacy policies and we do not accept any responsibility or liability for those policies. Please check these policies before you submit any personal information to those websites.

Social media and online engagement

We use a variety of technologies and social media options to communicate and interact with customers, potential customers, employees and potential employees, including LinkedIn, X (formerly Twitter), Instagram, Facebook and YouTube. These third-party platforms are not operated or controlled by us. When interacting on those platforms, you may reveal certain personal information to us or to third parties. Other than when used by our employees for the purpose of responding to a specific message or request, we will not use, share or retain your personal information from these platforms.

  • The LinkedIn privacy policy is available at: https://www.linkedin.com/legal/privacy-policy
  • The X privacy policy is available at: https://x.com/en/privacy
  • The Meta (Facebook and Instagram) privacy policy is available at: https://www.facebook.com/privacy/policy
  • The Google (YouTube) privacy policy is available at: https://policies.google.com/privacy

Complaints

You have the right to make a complaint at any time to a supervisory authority. In the UK, the supervisory authority is the Information Commissioner’s Office (ICO), which may be contacted at https://ico.org.uk/concerns/ or by telephone on 0303 123 1113. If you are in the EEA, you may complain to the supervisory authority in the EEA state where you work, normally live or where any alleged infringement of data protection laws occurred.

If we receive formal written complaints, we will follow up with the person making the complaint. We work with the appropriate regulatory authorities to resolve any complaints that cannot be resolved directly. We would, however, appreciate the chance to deal with your concerns before you approach the ICO, so please contact us in the first instance.

Changes to this Policy

We regularly review our compliance with this Privacy Policy. We may change this Privacy Policy from time to time. If it changes, the revised Privacy Policy will be posted at the “Privacy Policy” link on the Site’s home page. In the event that the change is significant or material, we will notify you of such a change by revising the link on the home page to read “Newly Revised Privacy Policy”. Please check this Privacy Policy frequently. Your continued use of the Site constitutes acceptance of changes to this Privacy Policy, except where further steps are required by applicable law. This Privacy Policy was last updated on the date set out below.

LAST UPDATED: 11 June 2026