Privacy Policy

Privacy Policy

Last updated: March 18, 2026

This Privacy Policy describes how PDA Technical Limited ("the Company", "we", "us", or "our"), trading as GigRun, collects, uses, stores, and discloses your personal information when you use the GigRun platform ("the Service"). It also explains your privacy rights and how the law protects you.

We use your personal data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy.

For detailed information about our compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, please see our GDPR Statement.


Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalised have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

  • Account means a unique account created by you to access our Service or parts of our Service.

  • Company (referred to as either "the Company", "we", "us" or "our" in this agreement) refers to PDA Technical Limited, Company Number 12060282, VAT Number GB444008031.

  • Service (referred to as either "the Service", "our Service", "the Product", or "Product") refers to the GigRun platform, accessible from https://gigrun.co.uk.

  • Organisation refers to a business, company, or entity that uses GigRun to manage events, tours, or festivals. Organisations operate on their own subdomain within the platform.

  • Project refers to an event, tour, festival, or other activity managed within an Organisation on the platform.

  • Cookies are small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses.

  • Country refers to England, United Kingdom.

  • Data Controller, for the purposes of the UK GDPR, refers to us as the legal person which alone or jointly with others determines the purposes and means of the processing of Personal Data.

  • Device means any device that can access the Service such as a computer, a mobile phone, or a digital tablet.

  • Personal Data is any information that relates to an identified or identifiable individual. For the purposes of UK GDPR, Personal Data means any information relating to you such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity.

  • Service Provider means any natural or legal person who processes the data on behalf of the Company. It refers to third-party companies or individuals employed by the Company to facilitate the Service, to provide the Service on behalf of the Company, to perform services related to the Service, or to assist the Company in analysing how the Service is used. For the purpose of the UK GDPR, Service Providers are considered Data Processors.

  • Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

  • You means the individual accessing or using the Service, or the company or other legal entity on behalf of which such individual is accessing or using the Service, as applicable. Under the UK GDPR, you can be referred to as the Data Subject or as the User as you are the individual using the Service.


Collecting and Using Your Personal Data

Types of Data Collected

Account Data

When you create an account, we collect:

  • Full name, email address, alternate email address, profile photograph
  • Phone numbers (primary and WhatsApp)
  • Organisation membership and role information
  • Authentication credentials (passwords are hashed and never stored in plain text)

Profile Data

You may choose to provide additional profile information:

  • Contact details (address, phone numbers, emergency contact information)
  • Travel preferences and requirements
  • Catering and dietary requirements
  • Swag and sizing information
  • Profile field visibility settings (you control which fields are visible to other team members — see "Data Sharing" below for how organisations access your data)

Project and Operational Data

When you use the Service within an organisation, we collect:

  • Project details, schedules, requirements, locations, and venue information
  • Team memberships, team roles, accreditation passes, induction records
  • Event control logs, incident reports, staffing information
  • Form submissions and custom form responses
  • Device configurations and assignments
  • Setlists, vehicle information, announcements

Usage Data

Usage Data is collected automatically when using the Service. This may include:

  • Your device's Internet Protocol address (e.g. IP address)
  • Browser type and version, operating system
  • The pages of our Service that you visit, the time and date of your visit, the time spent on those pages
  • Unique device identifiers and other diagnostic data

When you access the Service by or through a mobile device, we may collect certain information automatically, including the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, and other diagnostic data.

Communication Data

  • Notification preferences (email, SMS, WhatsApp)
  • Contact form submissions
  • Announcement and comment content

Bug Reports

If you submit a bug report through the platform, we collect:

  • Page URL and browser information
  • Your description of the issue
  • Your account information at the time of submission

Payment Data

Subscription and billing information is processed by our third-party payment processor (Lemon Squeezy / Paddle). We do not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council.


Cookies and Tracking

We use strictly necessary cookies to operate the platform:

  • Session Cookies (essential): These cookies are required to provide you with services available through the Service and to enable you to use its features. They handle session management, CSRF protection, and authentication. Without these cookies, the services you have asked for cannot be provided.

We do not use tracking cookies, advertising cookies, or third-party analytics cookies.

We use Fathom Analytics for privacy-focused, cookieless website analytics. Fathom does not use cookies, does not track personal data, and is fully compliant with UK GDPR, ePrivacy, PECR, and CCPA. Their Privacy Policy can be viewed at https://usefathom.com/privacy/.

You can learn more about cookies at the ICO website.


Use of Your Personal Data

We use your personal data to:

  • Provide, operate, and maintain the GigRun platform and its features
  • Create and manage user accounts and organisation memberships
  • Process and fulfil subscription payments
  • Send transactional notifications (schedule changes, team invitations, accreditation passes, induction assignments, announcements, emergency alerts)
  • Provide customer support and respond to enquiries
  • Monitor and improve platform performance, security, and reliability
  • Comply with legal and regulatory obligations
  • Detect, prevent, and address technical issues, fraud, and security incidents

Data Sharing

We may share your personal data with the following categories of recipients:

  • Sub-processors: Infrastructure providers (hosting, email delivery, SMS/WhatsApp messaging) that process data on our behalf under Data Processing Agreements.

  • Payment processors: Lemon Squeezy / Paddle for subscription billing (PCI-DSS compliant).

  • Analytics: Fathom Analytics for privacy-focused, cookieless website analytics.

  • Organisations you work with: When you are added to an organisation or invited to a project team on GigRun, your personal data — including your name, email address, phone numbers, profile photo, and profile details (contact information, travel, catering, emergency contacts, and sizing) — is automatically shared with that organisation as necessary for project coordination and duty of care. This applies whether you join an organisation directly or are invited to a project team belonging to an organisation you are not otherwise a member of. Profile field visibility settings control what other team members can see, but organisation administrators always have access to your full profile data. You will be shown a data sharing notice and asked to acknowledge this before accessing the organisation's projects. Platform-level data such as your memberships or activity in other organisations, projects in other organisations, or any data outside that organisation's scope is never shared. If you have concerns about sharing your data with the organisation managing the project, you should not proceed and should contact your organisation directly to discuss your data sharing concerns before continuing.

  • Law enforcement: Where required by law, court order, or to protect our legal rights.

Your data is held by GigRun (operated by PDA Technical Limited) and shared only with organisations that are engaging you via the GigRun platform. We do not sell your personal data to third parties.

Business Transactions

If the Company is involved in a merger, acquisition, or asset sale, your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.


International Data Transfers

Your data is primarily processed and stored within the United Kingdom and the European Economic Area. Where data is transferred outside the UK/EEA (for example, to infrastructure providers), we ensure appropriate safeguards are in place, including:

  • UK International Data Transfer Agreements (IDTAs)
  • Standard Contractual Clauses (SCCs) approved by the Information Commissioner's Office (ICO)
  • Adequacy decisions where applicable

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

  • Account data: Retained for the duration of your account. Upon account deletion, personal data is removed within 30 days, except where retention is required by law.
  • Project data: Retained for the duration of the project and the organisation's subscription. Organisations may delete projects and associated data at any time.
  • Usage and technical data: Retained for up to 12 months for security and performance analysis.
  • Payment records: Retained for up to 7 years to comply with UK tax and accounting legislation.
  • Bug reports: Retained until resolved and for up to 12 months thereafter.
  • Communication records: Contact form submissions are retained for up to 24 months.
  • Consent records: Timestamps, IP addresses, and descriptions of what was consented to are retained indefinitely as permitted under GDPR Article 7(1) to demonstrate that valid consent was obtained.

If you wish to request removal of your personal data, please contact hello@pda-tech.com. We will process your request within 30 days.


Data Security

The security of your Personal Data is important to us. We implement appropriate technical and organisational measures to protect your personal data, including:

  • Encryption of data in transit (TLS/HTTPS) and at rest
  • Hashed password storage using industry-standard algorithms
  • Role-based access controls and organisation-level data isolation (multi-tenancy)
  • Regular security reviews and monitoring
  • Access logging and audit trails
  • Secure backup procedures

While we strive to use commercially acceptable means to protect your Personal Data, no method of transmission over the Internet or method of electronic storage is 100% secure.


Your Rights Under UK GDPR

Under the UK GDPR and the Data Protection Act 2018, you have the following rights:

  • Right of Access (Article 15): You have the right to request a copy of the personal data we hold about you. We will respond within one month of receiving your request.
  • Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data. You can update most of your information directly within your account settings.
  • Right to Erasure (Article 17): You have the right to request deletion of your personal data where there is no compelling reason for us to continue processing it. This right does not apply where we are required to retain data for legal or contractual obligations.
  • Right to Restriction of Processing (Article 18): You have the right to request that we restrict the processing of your personal data in certain circumstances.
  • Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, machine-readable format and to transmit it to another controller where technically feasible.
  • Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will stop processing immediately.
  • Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time. This does not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at hello@pda-tech.com. We may ask you to verify your identity before responding. We will respond as soon as possible and within one month.

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: https://ico.org.uk
  • Telephone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Children's Privacy

GigRun is not directed at individuals under the age of 16. We do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16 without appropriate consent, we will take steps to delete that data promptly.


Links to Other Websites

Our Service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services.


Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date above.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.


Contact Us

If you have any questions about this Privacy Policy, you can contact us:

  • Email: hello@pda-tech.com
  • Company: PDA Technical Limited
  • Address: England, United Kingdom

For detailed information on how we comply with UK GDPR, please see our GDPR Statement.

Back to Dashboard