PRIVACY

Who is responsible for your data?

The data controller is EYUP EVENTS UK LTD, Company number 17186451. Registered office: 66 Paul Street, London, England, EC2A 4NA.

Data we collect through the contact form

When you use “Send Us a Message” on our contact page, we ask for the information needed to understand your enquiry and reply. Depending on what you enter, this may include:

• Identity and contact details: first name, last name, email address, telephone number.
• Event details: event type, which services interest you, event date, expected guest numbers, venue or location (if provided), and anything you type in additional details.
• Technical metadata added by the website: form_source (to identify enquiries from this site) and a form_timestamp (when the form was prepared).
• Marketing preference: whether you tick “Keep me updated with news and special offers”.
• Optional: how you heard about us, if you select an option.

Your phone number may be normalised on your device before sending (for example, UK mobiles starting 07 may be formatted with an international +44 prefix) so we receive a consistent format.

What happens when you submit the form (data transfer)

Submitting the form sends your answers from your browser to our systems using an automated workflow tool provided by n8n (hosted on n8n’s cloud infrastructure). The request is sent as a POST request with URL-encoded form data (standard application/x-www-form-urlencoded content).

That means the information listed above is transmitted over the internet to n8n’s servers, where our configured workflow receives it. From there, data is handled according to how we have set up that workflow (for example, delivering the enquiry to our email or CRM so we can respond). n8n acts as a data processor on our instructions. Their handling of personal data is governed by their own terms and privacy documentation, which we review when using their service.

Because the browser uses a restricted request mode for this submission, we may not receive a detailed success response from the server in the page itself; we still treat the transfer as occurring at the point you submit.

Why we use this data (lawful bases)

• Responding to your enquiry — we process your contact and event details as necessary to take steps at your request before a contract, and for our legitimate interests in operating a booking and enquiries service (Article 6(1)(b) and (f) UK GDPR).
• News and offers — if you tick the marketing box, we rely on your consent (Article 6(1)(a)). You can withdraw consent at any time by emailing us.
• Website analytics — see below; where required we rely on consent or legitimate interests as appropriate to the tool and configuration.
• Customer booking portal — we process sign-in identifiers (typically your email address, name where shown, and portal session/token data) where you choose to access the portal so we can perform our contract with you and pursue our legitimate interests in securely offering account features (Article 6(1)(b) and (f) UK GDPR). If you authenticate with Google, we additionally rely on the processing described below in connection with Google’s sign-in service.

Customer booking portal — email sign-in and Google Sign-In

You may access parts of our site dedicated to booked customers—such as the sign-in hub and customer dashboard—with the email address and password we associate with your portal profile, after passing any anti-abuse checks we configure (typically Cloudflare Turnstile, comparable to use on our contact flows).

Where we offer “Continue with Google”, Google Identity Services (Google Sign-In / Google Accounts) operates in your browser. Google may collect or process technical information and identifiers in line with Google’s own notices; please read Google’s Privacy Policy.

When you complete Google sign-in, Google issues a credential (typically a short-lived authentication token referred to technically as an ID token) to our web page. Your browser sends that credential to our service at requests.eyupevents.uk (alongside any verification token Turnstile provides). Our servers verify it with Google’s validation services before we treat you as signed in.

We only use Google sign-in to match you to an existing customer portal account whose verified email matches what Google asserts in the validated token; sign-in succeeds only after our server verifies that token with Google.

The credential is transmitted to our portal API over HTTPS only for verification to complete sign-in, not embedded in unrelated marketing scripts on the page.

After verification we issue access tokens handled by our site (typically stored locally in your browser session for convenience). Signing out clears that local session.

Analytics and other website technology

We use Google Analytics (Google tag / gtag) to understand how visitors use the site (for example, pages viewed and rough location/network information as collected by Google). Google acts as a processor and may transfer or process data in accordance with Google’s policies. You can read more at Google’s Privacy Policy and manage ad personalisation via Google’s tools where available.

We load fonts from Google Fonts; when you load a page, your browser may contact Google’s servers, which can involve technical data such as IP address as described in Google’s privacy policy.

Our contact form and relevant portal sign-in pages may use Cloudflare Turnstile to reduce abuse. When you complete the check, your browser loads scripts from Cloudflare and sends verification data to Cloudflare as described in Cloudflare’s Privacy Policy.

Retention

We keep enquiry and booking-related messages only as long as needed to handle your request, manage any follow-up, meet legal or accounting obligations, and resolve disputes. Marketing consents are refreshed or removed in line with your choices and our practices.

Sharing and international transfers

We do not sell your personal data. We share it with service providers who help us run the website, enquiries, and portal authentication (such as n8n, Google for analytics/fonts and—for users who choose it—identity services for Google Sign-In as described above, plus Cloudflare Turnstile), and where required by law.

Some providers may process data outside the UK. Where that happens, we aim to ensure appropriate safeguards (such as UK-approved standard contractual clauses or adequacy regulations) apply as required by UK law.

Your rights

Under UK data protection law you may have rights including: access, rectification, erasure, restriction, objection, and data portability, and the right to withdraw consent where we rely on it. You may also complain to the Information Commissioner’s Office (ICO). To exercise your rights, email [email protected].

Updates

We may update this policy from time to time. The latest version will always be on this page with an updated effective date.

Effective date: 17 May 2026.