Terms & Policies

At Sideways 6, we treat your privacy seriously and only use your personal data to improve our product offering and keep you up to date about our events. This policy was updated as of 22nd March 2023. 

1. Data Protection Act 1998 

The Data Protection Act 1998 describes how organisations must collect, handle and store personal information. The act is based on the following principles regarding personal information: 

• Personal data must be processed fairly and lawfully and shall not be processed unless certain conditions are satisfied.  
• Personal data must be obtained and processed for specific and lawful purposes. It must also only be processed for purposes which are compatible with those for which it was obtained.  
• Personal data must be adequate, relevant and not excessive for the purposes it is being processed for.  
• Personal data must be accurate and (where necessary) up to date.  
• Personal data must not be kept for longer than is necessary.  
• Personal data shall be processed in accordance with the rights of data subjects.  
• Personal data shall be protected by appropriate technical and organisational measures against unauthorised or unlawful processing and against accidental loss, destruction or damage. 

• Personal data shall not be transferred outside the European Economic Area without adequate protection for the rights and freedoms of data subjects in relation to personal data. 

2. CCPA 

The California Consumer Privacy Act takes the position that consumers own their data and provides them with five general rights regarding their PII. California-based consumers therefore have the right to:  

• Know what personal information is collected about them.  
• Know whether and to whom their personal information is sold/disclosed, and to opt-out of its sale, where sale means any transfer in exchange for a monetary or other compensation. We will never sell your data.  
• Access their personal information that has been collected over the last 12 months. Once the request is made, businesses must disclose the requested information free of charge within 45 days. We can provide a copy of the data in XLS/CSV format if requested at privacy@sideways6.com.  
• Have a business delete their personal information, excluding information under legal hold (until the matter is adjudicated or until the hold is released) and for information that must be retained per legal or regulatory record keeping requirements. If a data deletion request is made by emailing privacy@sideways6.com, we will delete all data that pertains to you not related to the subject of your employment or as is otherwise legally required.  
• Not be discriminated against for exercising their rights under the CCPA.  
• Data protection principles   

3. GDPR 

Article 5 of the GDPR requires that personal data shall be:  

• Processed lawfully, fairly and in a transparent manner,  
• Collected for specified, explicit and legitimate purposes; further processing for statistical purposes shall not be considered incompatible with initial purposes,  
• Adequate, relevant and limited to what is necessary in relation to the purposes they were processed,  
• Accurate, and where necessary kept up to date; every reasonable effort must be taken to ensure that any inaccurate personal data are erased or rectified,  
• Kept in a form that permit identification of data subjects for no longer than is necessary for the purpose they were processed,  
• Processed in a manner that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and accidental loss or damage.   

4. Responsibilities 

Each team that handles personal data must ensure that it is handled and processed in line with this policy and data protection principles. More specifically: 

 The Board of Directors are responsible for ensuring that Sideways 6 meets its legal obligations. 

The Data Protection Officer is responsible for keeping the leadership team updated about data protection responsibilities, risks and issues. Reviewing all policies, arranging training, dealing with Subject Access Requests and checking all contracts and agreements that may handle sensitive data.   

The CTO is responsible for ensuring all systems and tools meet our security standards and carrying out regular checks. 

 The Marketing Team is responsible for approving any communications regarding data protection and responding to any data queries from the media.  

The Wider Team is responsible for ensuring all information is kept safe and confidential. They will have training, take sensible precautions.  

5. Subject Access Requests 

Everyone who are the subjects of personal data held by Sideways 6 are entitled to: 

• Ask what information we hold and why 
• Ask how to gain access to it 
• Be informed how to keep it up to data  
• Be informed how the company is meeting its data protection obligations  

We are a data processor and your company is the data controller. If you have any questions you can contact your employer or Sideways 6 via privacy@sideways6.com. Any requests to Sideways 6 should be made by email and once we have verified the identify of anyone making a request we will respond within one calendar month.  

You can also complain to the ICO if you are unhappy with how we have used your data. 

The ICO’s address:             

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
Wilmslow 
Cheshire 
SK9 5AF 

Helpline number: 0303 123 1113 

ICO website: https://www.ico.org.uk 

6. Disclosing data for other reasons 

In certain instances, the Data Protection Act allows personal data to be disclosed to law enforcement without consent of the data subject. Under these circumstances, Sideways 6 or your employer will disclose requested data. However, we will ensure the request is legitimate.