Privacy policy

1. Who we are

TurnKey I.T Solutions Ltd (“we”, “us”) operates Your Tour Plan, the web application used to plan and run live events (the “Service”). For UK data protection law, we are the data controller for personal data processed through the Service unless we tell you otherwise (for example where we process purely on behalf of your organisation under a written agreement).

Contact for privacy and data protection queries: support@turnkeyit.co.uk.

2. What personal data we process

Depending on how you use the Service, we may process:

• Account data: name, email address, password hash, verification status, team membership, and similar authentication fields.
• Event & tour data: show titles, venues, dates, time zones, promoter contacts, guest lists, crew lists, itineraries, notes, and related logistics you enter.
• Travel & booking data: search parameters, selected offers, booking references, passenger names, contact numbers, passport or travel-document details where you choose to store them for bookings, and loyalty programme identifiers you supply.
• Communications: emails sent through the Service (for example itinerary sends or guest-list confirmations) and delivery metadata our email provider logs.
• Technical data: HTTP logs, security telemetry, and similar information needed to operate and protect the Service.

3. Purposes and lawful bases

We use personal data to:

• Provide and secure the Service, authenticate users, and enforce our terms — typically under contract (Article 6(1)(b) UK GDPR) and legitimate interests in running a reliable SaaS platform (Article 6(1)(f)), balanced against your rights.
• Send service and security messages (for example password resets) — contract and, where applicable, legitimate interests.
• Meet legal obligations (for example tax or regulatory requests where they apply) — legal obligation (Article 6(1)(c)).

4. Cookies and similar technologies

We use strictly necessary cookies (for example an HttpOnly session cookie) so you can stay signed in and so we can protect accounts. We do not use third-party advertising or analytics cookies in the default product. If we introduce non-essential cookies later, we will update this policy and, where required, obtain consent before setting them.

5. Processors and international transfers

We use trusted infrastructure and service providers (for example hosting, email delivery, and where enabled, travel-booking connectivity) to run the Service. They process data only on our instructions and under appropriate contractual safeguards.

Some providers may be located outside the United Kingdom. Where personal data is transferred internationally, we use mechanisms recognised under UK data protection law (for example the UK International Data Transfer Agreement or adequacy regulations), supplemented by risk assessments where required.

When you book flights or hotels through integrated providers, passenger and booking data is transmitted to airlines, hotels, and their ticketing systems so they can fulfil the reservation. Those parties act under their own privacy notices; you should share their materials with travellers where your role requires it.

6. Retention

We keep personal data only as long as needed for the purposes above, including to meet legal, accounting, or reporting requirements. Account and event data are generally retained while your account is active; after closure or deletion we remove or anonymise data within a reasonable period unless a longer period is required by law.

7. Your rights

Under UK GDPR and the Data Protection Act 2018 you may have the right to: access, rectify, erase, restrict processing, object to certain processing, and data portability in respect of your personal data, subject to conditions and exemptions.

To exercise these rights, contact us using the details in section 1. You may also lodge a complaint with the UK Information Commissioner's Office (ICO).

8. Automated decision-making

We do not use solely automated decision-making that produces legal or similarly significant effects on you in the meaning of UK GDPR Article 22.

9. Children

The Service is intended for professionals organising live events and is not directed at children. We do not knowingly collect personal data from anyone under 16; if you believe we have, please contact us and we will delete it.

10. Changes

We may update this policy from time to time. We will post the revised version on this page and adjust the “Last updated” date. Material changes may also be communicated by email or in-product notice where appropriate.