Privacy Policy
Bent's Limited ("we", "us", or "our") is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and protect personal data when you use Tality, our web app for venue management (the "Service"). We are the data controller for your personal data under the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018.
This policy is layered for ease of use. Select the relevant section below to learn more about specific processing activities.
Contents
1. When You Create an Account or Sign Up
| What data do we collect? | Names, email addresses, full addresses, and any other details you provide during signup. |
|---|---|
| Why do we process it? | To create and manage your account, verify your identity, and provide access to the Service. |
| Legal basis: | Necessary for the performance of a contract with you (UK GDPR Article 6(1)(b)). |
| Who do we share it with? | No sharing with third parties, except our hosting provider (Render) as a processor. |
| Retention: | As long as your account is active, plus 6 years for legal purposes. |
2. When You Use the Service (e.g., Staff Management, Stock Tools)
| What data do we collect? | Employment details (e.g., roles, rota times), salary details (for venue owners/HR access only), supplier notes, and other venue-related data you input. Staff users see only their own HR information; venue owners delegate access to groups. |
|---|---|
| Why do we process it? | To deliver features like rostering, stock management, cash tools, pricing, and supplier management. This includes limiting access based on user roles for security. |
| Legal basis: | Necessary for the performance of a contract (for core features) or legitimate interests (for delegated access and app functionality, balanced against your rights) (UK GDPR Article 6(1)(b) and (f)). Salary data is sensitive and processed only with explicit consent where required, or as necessary for employment-related contracts. |
| Who do we share it with? | No external sharing. Data is stored on Render servers. |
| Retention: | Active data retained while in use; deleted 12 months after account closure, unless longer for tax/legal reasons (up to 7 years). |
3. International Transfers and Processors
Your data is hosted on Render servers in Oregon, USA, which involves transfers outside the UK. We rely on Render's Data Processing Addendum (DPA), which incorporates UK-approved safeguards such as Standard Contractual Clauses (SCCs) or the UK-US Data Privacy Framework to ensure adequate protection.
Render acts as our processor and implements security measures like encryption and access controls. No other sub-processors are used for personal data. For details, see Render's DPA at render.com/dpa. We do not share data with suppliers or others.
4. Your Data Protection Rights
Under UK GDPR, you have rights including:
Access
Request a copy of your data.
Rectification
Correct inaccurate data.
Erasure
Request deletion in certain cases (e.g., if no longer needed).
Restriction
Limit processing.
Objection
Object to processing based on legitimate interests.
Portability
Receive data in a transferable format.
Withdraw Consent
Where applicable (e.g., for future cookies).
To exercise rights, email info@bentsbh.com. We respond within 1 month. No automated decisions are made.
5. Data Security and Retention
We use SSL encryption for data in transit and Render's secure infrastructure (e.g., firewalls, encryption at rest). Access is role-based and limited. We retain data only as long as necessary (see above sections), then securely delete it.
SSL Encrypted
Data in transitEncrypted at Rest
Stored securelyRole-Based Access
Limited permissions6. Changes to This Policy and Complaints
We may update this policy; changes will be notified via email or in-app. If unhappy, complain to us first, then to the Information Commissioner's Office (ICO) at ico.org.uk.
Questions or Concerns?
Contact our data protection team at info@bentsbh.com
More Information
For more details about our policies and to get in touch, please see the resources below.