Last updated: 05/06/2026
 
1. Introduction

Barva (“Barva”, “we”, “us”, or “our”) is committed to protecting your privacy and handling your personal data responsibly.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal data when you visit our website, use our software platform, purchase tickets through our services, or otherwise interact with us.

This policy has been prepared in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

By accessing or using our website and services, you acknowledge the practices described in this Privacy Policy.

 

2. Who We Are

For the purposes of data protection law, the data controller is:

LD Mason Ltd
Company Number: 14553689
Email: privacy@barva.cloud

If you have any questions regarding this Privacy Policy or our processing of personal data, please contact us using the details above.

 

Our Role as Controller and Processor

Barva provides software and ticketing services to businesses.

 

When you use Barva to manage employees, customers, bookings, payroll information, HR records, or other personal data, your organisation acts as the data controller and Barva acts as a data processor on your behalf.

 

In these circumstances, we process personal data only in accordance with your instructions and our Data Processing Agreement.

 

3. Information We Collect
Information You Provide Directly

We may collect:

  • Name
  • Email address
  • Telephone number
  • Job title or role
  • Company or organisation details
  • Business addresses and locations
  • Account credentials and authentication information
  • Billing and invoicing information
  • Support requests and correspondence
 
Employee Information Processed Through Barva

Where you use Barva as an employer, you may store and process:

  • Employee names
  • Contact details
  • Employment information
  • Job roles and departments
  • Wage and salary information
  • Bank account details
  • Tax and payroll information
  • Working hours and attendance records
  • Shift schedules and rota information
  • Employment agreements and HR documentation

Bank account and other sensitive financial information are encrypted where appropriate.

 
Customer Information Processed Through Barva Ticketing

Where you use Barva Ticketing, we may process:

  • Names of ticket purchasers and attendees
  • Email addresses
  • Booking and order information
  • Event attendance records
  • Transaction references
  • Payment confirmation information

We do not store full payment card details.

 

Information Collected Automatically

When you use our website or services, we may automatically collect:

  • IP address
  • Browser type and version
  • Device information
  • Operating system
  • Website usage information
  • Platform activity logs
  • Cookie and tracking technology data

 

4. How We Use Your Information

We use personal data to:

  • Provide, operate, and maintain Barva services
  • Create and manage user accounts
  • Process payments and ticket sales
  • Facilitate scheduling, payroll, HR, and workforce management functions
  • Deliver notifications and service communications
  • Provide customer support
  • Improve platform performance and user experience
  • Develop new products and features
  • Monitor service usage and performance
  • Prevent fraud and unauthorised access
  • Comply with legal and regulatory obligations
  • Send marketing communications where permitted by law or where consent has been obtained
 
5. Legal Bases for Processing

Under UK GDPR, we rely on one or more of the following legal bases:

Contract

Processing is necessary to provide services requested by you and fulfil our contractual obligations.

Legitimate Interests

Processing is necessary for our legitimate business interests, including:

  • Operating and improving our services
  • Maintaining platform security
  • Preventing fraud
  • Managing customer relationships
  • Developing new functionality

Where we rely on legitimate interests, we balance those interests against your rights and freedoms.

Consent

We rely on consent for:

  • Marketing communications where required
  • Certain non-essential cookies and tracking technologies

You may withdraw consent at any time.

Legal Obligation

Processing is necessary to comply with applicable laws, including taxation, accounting, employment, and regulatory requirements.

 

6. How We Share Your Information

We do not sell personal data.

We may share information with trusted third parties, including:

  • Payment providers, including Stripe, for secure payment handling and ticket transactions
  • Communications providers for email, SMS, and platform notifications
  • Hosting, cloud infrastructure, and security providers
  • Professional advisers including lawyers, accountants, and auditors
  • Regulatory bodies, courts, and law enforcement agencies where required by law

All third parties are required to maintain appropriate security measures and process personal data only in accordance with applicable law and our instructions.

 

7. International Data Transfers

Some of our suppliers and service providers may process personal data outside the United Kingdom.

Where personal data is transferred internationally, we implement appropriate safeguards, including:

  • UK adequacy regulations
  • International Data Transfer Agreements (IDTAs)
  • Standard Contractual Clauses (SCCs)
  • Other approved transfer mechanisms

These safeguards are designed to provide an equivalent level of protection for your personal data.

 

8. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

  • Encryption of sensitive data at rest
  • Encryption of data in transit using HTTPS/TLS
  • Role-based access controls
  • Secure authentication and identity management
  • Activity logging and monitoring
  • Regular security reviews and testing
  • Staff access controls and training

While we take reasonable steps to protect information, no internet-based service can be guaranteed to be completely secure.

 
9. Cookies

Our website uses cookies and similar technologies to:

  • Operate and secure the website
  • Remember user preferences
  • Analyse website traffic and usage
  • Improve website performance

You can manage cookie preferences through your browser settings and our cookie consent tools.

For further information, please refer to our Cookie Policy.

 
10. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, including:

  • Providing services
  • Maintaining business records
  • Complying with legal obligations
  • Resolving disputes
  • Enforcing agreements

When personal data is no longer required, we securely delete, anonymise, or archive it in accordance with applicable laws and retention requirements.

 

11. Your Rights

Under UK GDPR, you have the right to:

  • Access your personal data
  • Correct inaccurate or incomplete information
  • Request deletion of your personal data
  • Restrict processing
  • Object to processing
  • Receive your data in a portable format
  • Withdraw consent where processing relies on consent
  • Not be subject to unlawful automated decision-making

To exercise any of these rights, contact:

privacy@barva.cloud

We may request proof of identity before responding to requests.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO).

 
12. Children’s Privacy

Barva services are intended for business use and are not directed at children under the age of 16.

We do not knowingly collect personal data from children under 16. If we become aware that such information has been collected, we will take reasonable steps to delete it.

 
13. Third-Party Websites

Our website and services may contain links to third-party websites, applications, or services.

We are not responsible for the privacy practices or content of third-party services. We recommend reviewing their privacy policies before providing personal information.

 
14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our services, legal obligations, or business practices.

Any updates will be published on this page with a revised “Last updated” date.

Where required by law, we will notify users of significant changes.

 

15. Contact Us

If you have any questions regarding this Privacy Policy or our processing of personal data, please contact:

LD Mason Ltd
Company Number: 14553689
Email: privacy@barva.cloud

© 2026 Barva. All Rights Reserved