Privacy Policy

The important stuff. This policy explains what we collect, why we collect it, and your rights.

Last updated: 12 October 2025
On this page
Introduction Data we collect How we use your data Legal basis Storage & security Retention Sharing Your rights Cookies Children’s privacy Changes Contact

Introduction #

Guest It (“we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use and store information when you use our platform, including Guest It web portals, manager and staff systems, QR-code interfaces, and related services.

For the purposes of UK data protection law (including the UK GDPR), we act as a Data Controller for the data we process to operate the service. In many cases we also process data on behalf of venues (our customers). Where a venue controls the purpose and means of processing, it may act as Data Controller and we act as Data Processor.

Contact: hello@guestit.co.uk
Address: Guest It LTD, Unit 26g-26m Springfield Mill, Bagley Lane, Farsley, West Yorkshire, United Kingdom, LS28 5LY

Data we collect #

We collect information necessary to operate our platform and provide the services you request. This may include:

  • Account and login data: names, usernames, access codes, roles, and authentication data linked to a venue or event.
  • Contact information: email address, telephone number, and other details used for account setup, communications, alerts, or support.
  • Operational data: information entered into checklists, audits, dockets, orders, forms, and logs created through our system (typically on behalf of venues).
  • Usage and technical data: device type, IP address, browser details, diagnostic logs and activity data used for security and performance.
  • Uploaded media: photos and digital signatures where you choose to upload them (for example, audits, dockets, evidence, or forms).

How we use your data #

We use your data to:

  • Provide, operate and maintain the Guest It platform.
  • Authenticate users and manage secure access for staff, managers and authorised users.
  • Record operational data (for example, checklists, audits, orders and reports) and make it available to the venue.
  • Send service messages such as confirmations, alerts and operational notifications (where enabled).
  • Monitor and improve reliability, usability and security.
  • Comply with legal obligations and protect the integrity of our systems.

We do not sell personal data or share it with advertisers.

We process personal data under one or more lawful bases under UK GDPR:

  • Contract: where processing is necessary to provide the services to a venue or user.
  • Legitimate interests: to operate the service securely, prevent misuse, and improve performance.
  • Consent: where you choose to submit data (for example, surveys or guest submissions), and consent is the appropriate basis.
  • Legal obligation: where we must retain or provide information to comply with law.

Storage & security #

We use appropriate technical and organisational measures designed to protect personal data against loss, misuse, and unauthorised access. This includes access controls, encryption in transit where applicable, and security monitoring.

Files such as images or signatures may be stored in secure cloud storage (for example, AWS S3) and linked to the relevant record.

Retention #

We keep personal data only for as long as necessary for the purposes described in this policy, or as required by law. Operational data may be retained for record-keeping and compliance at the request of the venue.

Sharing #

We may share limited personal data:

  • With the venue or organisation that manages your account (for example, managers viewing operational logs).
  • With trusted suppliers who help us deliver the service (hosting, cloud storage, email) under confidentiality and security obligations.
  • If required by law, regulation, or to respond to lawful requests.

Your rights #

Under UK GDPR, you may have the right to:

  • Access your personal data.
  • Request correction of inaccurate data.
  • Request deletion (where applicable).
  • Object to processing based on legitimate interests.
  • Withdraw consent where processing is based on consent.
  • Request data portability (where applicable).

To exercise rights, email hello@guestit.co.uk. We may need to verify your identity before responding.

Cookies #

We use cookies that are necessary for the website and platform to function (for example, authentication and session management). We do not use advertising cookies that track personal behaviour across third-party websites.

Children’s privacy #

Guest It is designed for venue staff, managers and authorised users. We do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact us and we will take steps to delete it.

Changes to this policy #

We may update this Privacy Policy from time to time. Updates will be posted on this page and the “Last updated” date will change accordingly.

Contact #

If you have questions about this policy or your data, contact us:

  • Email: hello@guestit.co.uk
  • Address: Guest It LTD, Unit 26g-26m Springfield Mill, Bagley Lane, Farsley, West Yorkshire, United Kingdom, LS28 5LY
Plain-English promise
If you have a question about privacy, just email us and we’ll explain it clearly — no legal runaround.
Back to top