Privacy Policy

This Privacy Policy applies to personal data we process in connection with:

• venue finding services;
• corporate accommodation and serviced apartment sourcing;
• emergency accommodation and decant services;
• planned maintenance relocation support;
• supplier and accommodation provider management;
• client enquiries and booking administration;
• website forms and communications;
• business development and account management;
• invoicing, reporting and contract administration.

This policy may apply to clients, corporate contacts, public sector contacts, housing association contacts, supplier contacts, venue contacts, apartment provider contacts, guests, residents, service users, authorised representatives, staff contacts and other individuals involved in our services.

Depending on the service or enquiry, we may collect and process:

• name;
• job title;
• organisation;
• business email address;
• telephone number;
• address or location information where relevant;
• booking details;
• accommodation dates;
• venue or accommodation requirements;
• guest, resident or household information where necessary;
• communication records;
• enquiry details;
• invoicing and payment administration details;
• supplier, venue or accommodation provider information;
• operational notes required to deliver the service.

For emergency accommodation, decant, relocation or welfare-related projects, we may also process limited information about accessibility, mobility, disability, health, vulnerability, safeguarding, household composition or welfare requirements where this is necessary to arrange suitable accommodation or support service delivery.

We may collect personal data:

• directly from you;
• from your employer or organisation;
• from a client instructing us;
• from housing associations, local authorities, insurers or other organisations;
• from authorised representatives;
• from suppliers, venues, serviced apartment providers or accommodation partners;
• through website forms, email, telephone calls and business communications;
• through booking, enquiry, project-management and reporting processes.

We use personal data to:

• respond to enquiries;
• source venues, hotels, serviced apartments and accommodation;
• arrange bookings and accommodation placements;
• manage emergency accommodation, decant or relocation projects;
• communicate with clients, suppliers, venues and accommodation providers;
• assess accommodation or service requirements;
• support accessibility, welfare or safeguarding needs where relevant;
• manage contracts, suppliers and service delivery;
• produce operational reports;
• process invoices and maintain business records;
• manage complaints, disputes or incidents;
• comply with legal, regulatory, accounting and insurance obligations;
• protect our business, clients, suppliers, residents and service users.

We process personal data under one or more of the following lawful bases:

• performance of a contract;
• steps taken before entering into a contract;
• legitimate interests;
• compliance with a legal obligation;
• consent, where appropriate;
• vital interests, in exceptional emergency situations.

Where special category data is processed, such as health, disability, accessibility or welfare-related information, we will only process it where a lawful basis and an additional UK GDPR condition applies. This may include employment/social protection law, substantial public interest, vital interests, explicit consent where appropriate, or where processing is necessary for the establishment, exercise or defence of legal claims.

Jigsaw Conferences Ltd only processes special category or enhanced-risk personal data where it is necessary and proportionate. This may include limited information relating to health, disability, mobility, accessibility, vulnerability, safeguarding or welfare needs where such information is required to arrange suitable accommodation, support emergency accommodation, manage decant requirements or protect individuals.

We apply additional care to such information, including minimisation, restricted access, confidentiality and secure handling.

We may share personal data where necessary with:

• clients and authorised client representatives;
• venues;
• hotels;
• serviced apartment providers;
• accommodation suppliers;
• landlords, managing agents or property operators where relevant;
• transport or logistics providers where required;
• professional advisers;
• insurers;
• IT, cloud, CRM, email and business-system providers;
• regulators, law enforcement or public authorities where legally required.

We only share personal data where there is a legitimate need, lawful basis or contractual/legal requirement to do so.

Where third parties process personal data on our behalf, we require appropriate contractual, confidentiality, security and data protection safeguards. Suppliers must only process personal data for authorised purposes and must protect it against unauthorised access, loss, misuse or disclosure.

For apartment suppliers, accommodation partners and similar providers, additional data processing terms may apply through supplier framework agreements or data processing schedules.

Jigsaw Conferences Ltd may store and process personal data within secure cloud-hosted systems, including Microsoft 365, Amazon Web Services (AWS), approved CRM systems, project-management tools and other approved business systems.

These systems may be used for secure hosting, storage, backup, resilience, operational administration, email, document management and contract delivery. Access is restricted to authorised personnel and protected through appropriate technical and organisational measures, which may include access controls, authentication controls, encryption in transit, secure storage, logging, monitoring, backup procedures, retention/deletion controls and incident response processes.

Jigsaw Conferences Ltd may use AI-assisted tools and automated systems to support parts of our service delivery, including venue matching, accommodation search, enquiry triage, proposal preparation, supplier comparison, operational workflow support, reporting, quality control and internal administration.

AI tools are used to support human decision-making and improve speed, accuracy and service quality. We do not use AI to make solely automated decisions about individuals that produce legal or similarly significant effects without appropriate safeguards and human oversight.

Where AI-assisted tools process personal data, we apply appropriate data protection controls, including data minimisation, access controls, confidentiality, security checks, supplier due diligence and review of outputs by authorised personnel where appropriate.

We do not intentionally use client, guest, resident, service-user or supplier personal data to train public AI models. Staff and suppliers must not enter personal data into public or unauthorised AI tools unless expressly approved and appropriate safeguards are in place.

Where AI is used to assist venue or accommodation recommendations, the output is treated as decision-support only. Final recommendations, booking decisions, suitability considerations and client communications remain subject to human review and operational judgement.

Where special category or enhanced-risk data is involved, such as health, disability, accessibility, vulnerability, safeguarding or welfare-related information, AI use will be limited, controlled and subject to additional safeguards where required.

Where personal data is transferred or made accessible outside the UK, we will ensure that appropriate safeguards are in place. These may include UK adequacy regulations, the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, supplier contractual controls and transfer risk assessments where required.

We use appropriate technical and organisational measures to protect personal data. These may include:

• access control;
• least-privilege permissions;
• staff confidentiality obligations;
• secure email and business systems;
• multi-factor authentication where available;
• encryption in transit;
• secure storage;
• endpoint protection;
• supplier due diligence;
• breach reporting procedures;
• retention and deletion controls.

We keep personal data only for as long as necessary for the purposes for which it was collected, including service delivery, contract management, reporting, accounting, legal, insurance, regulatory or dispute-resolution requirements.

Retention periods may vary depending on the nature of the service, the client contract, legal requirements and operational need. When personal data is no longer required, it will be securely deleted, anonymised or archived in accordance with our retention procedures.

Individuals have rights under UK data protection law, including the right to:

• access their personal data;
• request correction of inaccurate data;
• request deletion of personal data in certain circumstances;
• request restriction of processing;
• object to processing;
• request data portability where applicable;
• withdraw consent where processing is based on consent;
• complain to the Information Commissioner’s Office.

To make a data protection request, contact it@jigsawconferences.co.uk.

If you have a concern about how we handle personal data, please contact us first at it@jigsawconferences.co.uk so we can review and respond to your concern.

You also have the right to complain to the Information Commissioner’s Office.

Our website may use cookies and analytics tools to understand website usage, improve performance, support security and manage enquiries. Where required, cookie choices will be presented through the website cookie controls.

Please see our Cookie Policy for further details.

We may send business-to-business communications where permitted by law and where relevant to our services. Individuals can opt out of marketing communications at any time by following the unsubscribe instructions in the communication or contacting us.

We may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, systems or data protection practices. The latest version will be published on this page.

Email: it@jigsawconferences.co.uk
Telephone: +44 (0)800 121 4470