Security & Data Protection

Tisch (“the Platform”) is developed and operated with a security-first approach. We implement and maintain appropriate technical and organisational measures (“TOMs”) designed to protect the confidentiality, integrity, and availability of all personal data processed through the Platform in accordance with the UK GDPR, the Data Protection Act 2018, and all applicable data protection legislation.

Technical and Organisational Measures

Tisch employs a combination of physical, administrative, and technological safeguards including, but not limited to:

  • Encryption in Transit and at Rest: All personal data is encrypted using industry-standard protocols (including TLS 1.2+ for data in transit and AES-256 or equivalent for data at rest).

  • Access Controls: Role-based access, least-privilege principles, and multifactor authentication (where applicable) are applied to restrict access to authorised personnel only.

  • Secure Hosting Environment: The Platform is hosted within secure UK/EU data centres that comply with widely recognised standards (such as ISO 27001, SOC 2 or equivalent). Infrastructure includes continuous monitoring, vulnerability management, and regular security patching.

  • Data Minimisation: We collect and process only the data necessary for the operation of the Platform and event functionality.

Operational Security

  • Audit Logging: Access to personal data is logged and monitored for security and compliance purposes.

  • Incident Response: Tisch maintains an internal incident response process designed to identify, manage, and, where required, notify clients and regulators of personal data breaches without undue delay.

  • Third-Party Processors: Any third-party service providers engaged by Tisch are subject to due-diligence checks, data processing agreements, and ongoing monitoring to ensure they meet appropriate security and compliance standards.

Data Protection & Compliance

  • Lawful Basis: All personal data is processed under a valid lawful basis as defined by the UK GDPR.

  • Data Subject Rights: Users may exercise their rights (including access, rectification, erasure, restriction, portability, and objection) by contacting Tisch in accordance with our Privacy Policy.

  • International Transfers: Tisch does not transfer personal data outside the UK/EU without ensuring an adequate level of protection in accordance with applicable law.

  • Data Retention: Personal data is retained only for as long as necessary for the purposes for which it was collected, or as required by law or contractual obligation.

Confidentiality

Tisch ensures that all personnel authorised to process personal data are subject to confidentiality obligations and receive regular training on information security and data protection.

Continuous Improvement

We review, test, and update our security controls on a periodic basis to maintain compliance with evolving legal, regulatory, and technological standards. Tisch may implement additional safeguards as required to ensure the ongoing security and resilience of the Platform.

Contact Us

If you have any additional questions regarding security, we are happy to answer them. Please contact us at info@tischevents.com, and we will respond as quickly as we can.