Trust is fundamental to everything we do. Event organisers, participants and business partners rely on BookitZone to securely manage registrations, payments and personal information every day. Protecting that trust is one of our highest priorities.
BookitZone operates a documented Information Security Management System designed to protect the confidentiality, integrity and availability of the information entrusted to us.
Our governance framework includes documented controls covering:
Our security management system includes documented policies, procedures and operational registers covering:
BookitZone does not store payment card details on its own systems. Payments are processed securely by Stripe, an established external payment processor operating to recognised payment security standards.
Access to BookitZone business systems is restricted to authorised personnel and contractors who require access for legitimate business purposes. Critical externally accessible systems are protected using strong passwords and multi-factor authentication.
Business-critical information is backed up regularly. Local backups are also replicated to secure off-site cloud storage, providing an additional layer of protection against hardware failure, theft or other disruption.
Our production infrastructure is supported by separate hosting backup arrangements, helping BookitZone restore services following most operational incidents.
BookitZone is registered with the Information Commissioner's Office and processes personal information in accordance with UK GDPR and the Data Protection Act 2018.
Our Privacy Policy explains what personal information we collect, why we collect it, how it is used, who it may be shared with and the rights available to individuals under data protection law.
BookitZone uses a number of specialist third-party suppliers to support services including infrastructure hosting, payment processing, email, domain management, cloud backup, website protection and software development.
Third-party access is limited to legitimate business requirements and is subject to documented supplier, processor and access management controls.
Artificial Intelligence may be used to support legitimate business tasks such as drafting, research, administrative work and software development assistance.
AI-generated content remains subject to human review. Personal data and confidential business information should not be disclosed unnecessarily to publicly accessible AI services.
Security is an ongoing commitment rather than a one-off exercise. We continue to review and improve our technology, infrastructure, policies and procedures as BookitZone, the services we provide and the regulatory environment evolve.