GDPR Statement

GDPR Statement

Last updated: March 18, 2026

This GDPR Statement explains how PDA Technical Limited ("the Company", "we", "us", or "our"), trading as GigRun, collects, processes, stores and protects personal data in compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. This statement should be read alongside our Privacy Policy.

Data Controller: PDA Technical Limited Company Number: 12060282 VAT Number: GB444008031 Email: hello@pda-tech.com


Lawful Basis for Processing

We process personal data under the following lawful bases as defined by Article 6 of the UK GDPR:

  • Contract performance (Article 6(1)(b)): Processing is necessary to fulfil the contract between us and you when you use the GigRun platform — including account creation, organisation management, project coordination, team management, accreditation, scheduling, and all related service functionality.

  • Legitimate interests (Article 6(1)(f)): We process data where it is necessary for our legitimate business interests, provided those interests are not overridden by your rights. This includes platform security, fraud prevention, service improvement, analytics, and bug reporting.

  • Consent (Article 6(1)(a)): Where we rely on consent (for example, marketing communications or progress update subscriptions), you may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

  • Legal obligation (Article 6(1)(c)): We process certain data to comply with legal obligations, including tax, accounting, and regulatory requirements.


Personal Data We Collect

We collect and process the following categories of personal data:

Account Data

  • Full name, email address, alternate email address, profile photograph
  • Phone numbers (primary and WhatsApp)
  • Organisation membership and role information
  • Authentication credentials (passwords are hashed and never stored in plain text)

Profile Data

  • Contact details (address, phone numbers, emergency contact information)
  • Travel preferences and requirements
  • Catering and dietary requirements
  • Swag and sizing information
  • Profile field visibility settings (you control which fields are visible to other team members — see "Data Sharing" below for how organisations access your data)

Project & Operational Data

  • Project details, schedules, requirements, locations, and venue information
  • Team memberships, team roles, accreditation passes, induction records
  • Event control logs, incident reports, staffing information
  • Form submissions and custom form responses
  • Device configurations and assignments
  • Setlists, vehicle information, announcements

Technical & Usage Data

  • IP address, browser type and version, operating system
  • Pages visited, time and date of visits, time spent on pages
  • Device identifiers and diagnostic data
  • Bug reports (including page URL, browser information, and user-provided descriptions)

Communication Data

  • Notification preferences (email, SMS, WhatsApp)
  • Contact form submissions
  • Announcement and comment content

Payment Data

  • Subscription and billing information is processed by our third-party payment processor (Lemon Squeezy / Paddle). We do not store payment card details.

How We Use Your Data

We use your personal data to:

  • Provide, operate and maintain the GigRun platform and its features
  • Create and manage user accounts and organisation memberships
  • Process and fulfil subscription payments
  • Send transactional notifications (schedule changes, team invitations, accreditation passes, induction assignments, announcements, emergency alerts)
  • Provide customer support and respond to enquiries
  • Monitor and improve platform performance, security, and reliability
  • Comply with legal and regulatory obligations
  • Detect, prevent and address technical issues, fraud, and security incidents

Data Sharing and Third Parties

We may share your personal data with the following categories of recipients:

  • Sub-processors: Infrastructure providers (hosting, email delivery, SMS/WhatsApp messaging) that process data on our behalf under Data Processing Agreements
  • Payment processors: Lemon Squeezy / Paddle for subscription billing (PCI-DSS compliant)
  • Analytics: Fathom Analytics for privacy-focused, cookieless website analytics
  • Organisations you work with: When you are added to an organisation or invited to a project team on GigRun, your personal data — including your name, email address, phone numbers, profile photo, and profile details (contact information, travel, catering, emergency contacts, and sizing) — is automatically shared with that organisation as necessary for project coordination and duty of care. This applies whether you join an organisation directly or are invited to a project team belonging to an organisation you are not otherwise a member of. Profile field visibility settings control what other team members can see, but organisation administrators always have access to your full profile data. You will be shown a data sharing notice and asked to acknowledge this before accessing the organisation's projects. Platform-level data such as your memberships or activity in other organisations, projects in other organisations, or any data outside that organisation's scope is never shared. If you have concerns about sharing your data with the organisation managing the project, you should not proceed and should contact your organisation directly to discuss your data sharing concerns before continuing.
  • Law enforcement: Where required by law, court order, or to protect our legal rights

Your data is held by GigRun (operated by PDA Technical Limited) and shared only with organisations that are engaging you via the GigRun platform. We do not sell your personal data to third parties.


International Data Transfers

Your data is primarily processed and stored within the United Kingdom and the European Economic Area. Where data is transferred outside the UK/EEA (for example, to infrastructure providers), we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTAs)
  • Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office (ICO)
  • Adequacy decisions where applicable

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: Retained for the duration of your account. Upon account deletion, personal data is removed within 30 days, except where retention is required by law.
  • Project data: Retained for the duration of the project and the organisation's subscription. Organisations may delete projects and associated data at any time.
  • Usage and technical data: Retained for up to 12 months for security and performance analysis.
  • Payment records: Retained for up to 7 years to comply with UK tax and accounting legislation.
  • Bug reports: Retained until resolved and for up to 12 months thereafter.
  • Communication records: Contact form submissions are retained for up to 24 months.
  • Consent records: Timestamps, IP addresses, and descriptions of what was consented to are retained indefinitely as permitted under GDPR Article 7(1) to demonstrate that valid consent was obtained.

We retain data as permitted under GDPR and applicable UK law. If you wish to request removal of your personal data, please contact hello@pda-tech.com. We will process your request within 30 days.


Data Security

We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Hashed password storage using industry-standard algorithms
  • Role-based access controls and organisation-level data isolation (multi-tenancy)
  • Regular security reviews and monitoring
  • Access logging and audit trails
  • Secure backup procedures

Your Rights Under UK GDPR

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

Right of Access (Article 15)

You have the right to request a copy of the personal data we hold about you. We will respond within one month of receiving your request.

Right to Rectification (Article 16)

You have the right to request correction of inaccurate or incomplete personal data. You can update most of your information directly within your account settings.

Right to Erasure (Article 17)

You have the right to request deletion of your personal data where there is no compelling reason for us to continue processing it. This right does not apply where we are required to retain data for legal or contractual obligations. To request removal of your personal data, contact hello@pda-tech.com. We will process your request within 30 days, retaining only data required by law or necessary to demonstrate that prior consent was obtained.

Right to Restriction of Processing (Article 18)

You have the right to request that we restrict the processing of your personal data in certain circumstances, such as while we verify the accuracy of contested data.

Right to Data Portability (Article 20)

You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.

Right to Object (Article 21)

You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing immediately.

Right to Withdraw Consent

Where processing is based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.

Right to Lodge a Complaint

You have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: https://ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Cookies

We use strictly necessary cookies to operate the platform (session management, CSRF protection, authentication). We use Fathom Analytics, which does not use cookies and does not track personal data.

For full details, please refer to our Privacy Policy.


Data Protection Officer

For any questions, concerns, or requests relating to this GDPR Statement or your personal data, please contact us:

  • Email: hello@pda-tech.com
  • Company: PDA Technical Limited
  • Address: England, United Kingdom

We aim to respond to all data protection enquiries within one month. In complex cases, we may extend this by a further two months, and we will inform you if this is necessary.


Children's Data

GigRun is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that data promptly.


Changes to This Statement

We may update this GDPR Statement from time to time. We will notify you of any material changes by posting the updated statement on this page and updating the "Last updated" date above. We encourage you to review this statement periodically.

Back to Dashboard