Welcome to the privacy policy of Worldwide Events. Worldwide Events is a trading name of Worldwide Events Group Ltd (company number: 03210436). You may also recognize us under other brand names, including m&i, www.journeyplanners.pro, Amour, Love Travel Awards, and TFest.

We value your privacy and are dedicated to safeguarding your personal information. This policy explains how we handle your data when you use our websites (wherever you access them from), subscribe to our newsletters, or purchase our services, such as attending one of our events. It also outlines your privacy rights and the legal protections available to you.

Please note that our websites are not designed for children, and we do not knowingly collect information from anyone under the age of 18. If we become aware that we have unintentionally gathered data from a child, we will remove it as quickly as possible. If you believe we may have collected such information, please contact us at [email protected]

At the end of this policy, you will find a glossary to help you better understand certain terms we use.

1. Important Information and Who We Are

1.1 Why You Should Read This Policy

It is essential that you read this privacy policy alongside any other privacy or fair processing notices we may provide on specific occasions when we collect or process your personal information. This will help you understand clearly how and why we use your data.

1.2 Controller

Worldwide Events acts as the controller responsible for your personal data (referred to in this policy as “we”, “us” or “our”).

We have appointed a Data Protection Officer (DPO) to oversee all matters relating to this privacy policy. If you have any questions, including requests to exercise your legal rights, please contact our DPO using the details below:

Email: [email protected]

Postal Address: Data Protection Officer, Worldwide Events, 27 Furnival Street, London, EC4A 1JQ

Telephone: 020 7380 8584

1.3 Updates and Your Responsibility

We review this privacy policy regularly. The most recent update was made on 13 July 2022. Previous versions are available upon request.

It is important that the personal data we hold about you is accurate and up to date. Please notify us of any changes to your information during your relationship with us.

1.4 Third-Party Links

Our websites may include links, plug-ins, or applications provided by third parties. By clicking on these links or enabling such features, third parties may collect or share information about you. We do not control these external websites and are not responsible for their privacy practices. We encourage you to review the privacy policies of every website you visit once you leave ours.

2. The Data We Collect About You

2.1 Definition of Personal Data

Personal data refers to any information that can identify an individual. It does not include data where identifying details have been removed (anonymous data).

2.2 Categories of Personal Data We Collect

We may collect, use, store, and transfer different types of personal data, grouped as follows:

Identity Data – first name, last name, username or similar identifiers, and title.

Contact Data – billing address, email address, and telephone numbers.

Transaction Data – details of payments made to and from you, as well as information about products and services you have purchased from us.

Technical Data – IP address, login data, browser type and version, time zone setting, location, error reports, browser plug-ins, operating system, platform, and other technologies used on the devices you access our websites with.

Profile Data – username and password, photograph, employment and professional background, medical, dietary, and accessibility requirements, date of birth, nationality, event attendance history, interests, preferences, feedback, and survey responses.

Usage Data – information about how you interact with our websites and services, including service features used, selected settings, URL clickstream data (with date and time stamps), referring and exit pages, and specific pages visited.

Professional Data – professional biography or profile (created or approved by you), which may include your image, likeness, or voice, and could be shared with subscribers, event attendees, or published on our websites and social media channels for promotional purposes.

Event Imagery – photographs and video recordings captured at our events.

Marketing and Communications Data – your preferences regarding marketing communications from us and third parties, as well as your communication settings.

2.3 Special Categories of Data, Criminal Convictions, and Offences

We do not generally collect Special Categories of Personal Data. The only exception is medical, dietary, and accessibility requirements (part of Profile Data), which are processed to:

ensure access to event venues,

provide suitable meal options,

respond appropriately in case of a medical emergency.

Special Categories of Data include details about race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, health information, and genetic or biometric data.

We also do not collect data relating to criminal convictions or offences.

2.4 Aggregated Data

We may collect, use, and share Aggregated Data, such as statistical or demographic information, for any purpose. Although Aggregated Data may be derived from your personal data, it is not legally considered personal data because it does not directly or indirectly reveal your identity.

For example, we may aggregate Usage Data to calculate the percentage of users accessing a particular feature on our websites. However, if we combine Aggregated Data with personal data so that it can identify you, we treat the combined data as personal data in line with this privacy policy.

2.5 Failure to Provide Personal Data

In cases where providing personal data is required by law or under the terms of a contract with you, failure to supply such data may prevent us from fulfilling that contract (for example, granting access to our events). If this occurs, we may have to cancel a service you have requested, but we will inform you at the time.

3. How We Collect Your Personal Data

3.1 Collection Methods

We gather personal data about you through various methods, including:

3.1.1 Direct Interactions

You may provide us with Identity, Contact, Financial, Profile, Professional, and Marketing and Communications Data by completing forms or communicating with us via post, phone, email, or other means. This includes data you provide when you:

(a) apply for our services, such as registering for an event;

(b) create an account on our event application;

(c) subscribe to our publications;

(d) request marketing communications;

(e) participate in a competition, promotion, or survey;

(f) provide feedback or contact us for any other reason.

3.1.2 Automated Technologies or Interactions

When you use our websites, we automatically collect Technical and Usage Data about your equipment, browsing activities, and patterns. This information is gathered through cookies, server logs, and similar technologies. We may also obtain Technical Data if you visit websites that use our cookies. For more details, please refer to our Cookie Policy.

3.1.3 Third Parties and Public Sources

We may also receive your personal data from third parties or publicly available sources, including:

Technical Data from:

analytics providers (e.g., Google, based outside the UK),

advertising networks (e.g., Google, Meta, LinkedIn, Twitter, based outside the UK),

search information providers (e.g., Google, Meta, LinkedIn, Twitter, based outside the UK).

Contact, Financial, and Transaction Data from technical, payment, and delivery service providers such as Stripe (based outside the UK).

Identity and Contact Data from data brokers or aggregators such as Cognism (based outside the UK).

Identity and Contact Data directly from Google, Meta, LinkedIn, and Twitter (based outside the UK).

4. How We Use Your Personal Data

4.1 Lawful Basis for Using Your Data

We will only process your personal data when permitted by law. The most common circumstances include:

4.1.1 Contractual necessity – when we need to perform a contract we are about to enter into, or have already entered into, with you.

4.1.2 Legitimate interests – when processing is necessary for our legitimate business interests (or those of a third party), provided that your interests and fundamental rights do not override those interests.

4.1.3 Legal obligations – when processing is required to comply with the law.

In general, we do not rely on consent as the primary legal basis for processing your personal data. If we do request your consent, you have the right to withdraw it at any time by contacting us.

4.2 Purposes for Processing

We have outlined below, in a table format, the purposes for which we use your personal data, the lawful basis relied upon for each activity, and, where relevant, our legitimate interests.

Please note that in some situations, we may rely on more than one legal ground for processing your personal data depending on the specific context. If you would like further clarification on the exact legal basis applicable in a particular situation, please contact us.

4.3 Marketing

We aim to give you control over how your personal data is used, particularly when it comes to marketing and advertising. To support this, we have set up mechanisms that allow you to manage your marketing preferences.

4.4 Promotional Offers from Us

We may use your Identity, Contact, Technical, Usage, and Profile Data to better understand your preferences and interests. This enables us to determine which products, services, or offers may be most relevant for you (this activity is referred to as “marketing”).

You will receive marketing communications from us if:

4.4.1 you have requested information from us;

4.4.2 you have purchased services from us (including attending one of our events) and have not opted out of marketing; or

4.4.3 you have subscribed to our newsletter and have not opted out of marketing.

4.5 Third-Party Marketing

4.5.1 We may share your personal data with other companies within our group where permitted by law. In some cases, we may not need your consent. However, if the law requires consent, we will only share your personal data with group companies where you have given your explicit, opt-in consent.

4.5.2 We will always seek your explicit, opt-in consent before sharing your personal data with external third parties for marketing purposes.

4.6 Opting Out

You can stop receiving marketing messages from us or third parties at any time by:

following the opt-out links in any marketing communication, or

contacting our DPO directly at [email protected]

to request removal from marketing lists.

Please note: opting out of marketing will not affect personal data provided to us as part of a service purchase, event attendance, or other transactions.

4.7 Cookies

You can adjust your browser settings to block all or some cookies, or to notify you when a website sets or accesses cookies. If you choose to disable or refuse cookies, please be aware that parts of our websites may not function correctly or may become inaccessible.

For more details, please refer to our Cookie Policy.

4.8 Change of Purpose

We will only use your personal data for the purposes for which it was originally collected, unless we reasonably determine that it should be used for another purpose that is compatible with the original one. If you would like further explanation on how processing for the new purpose aligns with the original, please contact us.

If we need to use your personal data for a purpose unrelated to the original one, we will notify you and explain the lawful basis that permits such processing.

Please note: in certain circumstances, we may process your personal data without your knowledge or consent, where this is required or permitted by law.

5. Disclosures of Your Personal Data

5.1 Sharing with Third Parties

We may share your personal data with the following parties for the purposes outlined in the table above:

5.1.1 Other companies within the Worldwide Events Group, for marketing purposes (where lawful).

5.1.2 External third parties, including:

(a) partner organisations collaborating with us to host an event you are attending,

(b) other confirmed attendees (individuals or organisations) of events you have registered for, to enable business networking as part of our service contract with you,

(c) professional advisers acting as processors or joint controllers (lawyers, bankers, auditors, insurers) based in the UK who provide consultancy, legal, banking, insurance, and accounting services,

(d) HM Revenue & Customs, regulators, and other authorities acting as processors, joint controllers, or independent controllers based in the UK.

5.1.3 Third parties in connection with corporate transactions, such as a sale, transfer, or merger of our business or assets. In the event of such a transaction, the new owners may use your personal data in the same way as set out in this privacy policy.

5.2 Third-Party Obligations

We require all third parties to protect your personal data and to handle it in accordance with the law.

6. International Transfers

We share your personal data within the Worldwide Events Group, which may involve transferring it outside the UK. To ensure adequate protection, all group companies are required to follow the same safeguards when processing your data, known as “binding corporate rules.”

Whenever your personal data is transferred outside the UK, we ensure a comparable level of protection by applying at least one of the following safeguards:

6.1 Transfer only to countries that have been officially recognised as providing an adequate level of personal data protection.

6.2 Use of specific contractual clauses approved for use in the UK when working with certain service providers, ensuring equivalent protection of personal data as provided in the UK.

For more information about the specific transfer mechanisms we use, please contact us.

7. Data Security

7.1 Measures in Place

We have implemented appropriate security measures to prevent your personal data from being accidentally lost, misused, accessed without authorisation, altered, or disclosed. Access to your personal data is restricted to employees, agents, contractors, and other third parties who require it for legitimate business purposes. They process your data only on our instructions and are bound by confidentiality obligations.

7.2 Data Storage and Encryption

Your data is securely stored in our cloud-based databases. It is encrypted using keys managed via a Key Management Service (KMS). All stored data—including automated backups, read replicas, and snapshots—is encrypted using the industry-standard AES-256 algorithm.

7.3 Data Breach Procedures

We have procedures in place to handle any suspected personal data breach. Where legally required, we will notify both you and the relevant regulatory authority in the event of a breach.

8. Data Retention

8.1 Retention Period

We retain your personal data only for as long as reasonably necessary to fulfil the purposes for which it was collected, including compliance with legal, regulatory, tax, accounting, or reporting obligations. Your data may be retained for a longer period in the case of a complaint or if we reasonably anticipate potential litigation regarding our relationship with you.

8.2 Determining Retention

When determining the appropriate retention period, we consider:

the amount, nature, and sensitivity of the personal data;

the potential risk of harm from unauthorised use or disclosure;

the purposes for which the data is processed and whether these can be achieved by other means;

applicable legal, regulatory, tax, accounting, or other requirements.

8.3 Standard Retention Period

Personal identifiable information is generally retained for 2 years, unless a longer retention period is required or permitted by law.

8.4 Anonymised Data

In certain circumstances, personal data may be anonymised for research or statistical purposes. Once anonymised, this data can no longer be associated with you and may be used indefinitely without further notice.

9. Your Legal Rights

9.1 Overview of Your Rights

Under certain circumstances, data protection laws grant you specific rights in relation to your personal data:

Right of Access – You may request a copy of the personal data we hold about you (commonly known as a “data subject access request”) to verify that we are processing it lawfully.

Right to Rectification – You may request correction of any inaccurate or incomplete personal data we hold about you. We may need to verify the accuracy of the new information you provide.

Right to Object – You can object to our processing of your personal data where we rely on legitimate interests (or those of a third party), if you believe it impacts your fundamental rights and freedoms. You also have the right to object to processing for direct marketing purposes. In some cases, we may demonstrate compelling legitimate grounds to continue processing that override your rights.

Right to Erasure – You may request deletion of your personal data where there is no legitimate reason for us to continue processing it, including cases where you have successfully exercised your right to object, where we have processed your information unlawfully, or where we are legally obliged to erase it. Certain legal obligations may prevent us from fully complying, and you will be informed if this applies.

Right to Restrict Processing – You may request that we suspend processing of your personal data in the following scenarios:

(a) to verify the accuracy of the data,

(b) where processing is unlawful but you do not want the data erased,

(c) where the data is required to establish, exercise, or defend legal claims,

(d) where you have objected to processing and we need to verify overriding legitimate grounds.

Right to Data Portability – You may request transfer of your personal data to yourself or a third party in a structured, commonly used, machine-readable format. This right applies only to automated information you initially provided consent for, or data processed to perform a contract with you.

Right to Withdraw Consent – Where processing is based on consent, you may withdraw it at any time. This will not affect the lawfulness of processing performed before withdrawal. Withdrawal of consent may limit our ability to provide certain products or services, and we will inform you if this is the case.

To exercise any of these rights, please contact our Data Protection Officer using the contact details provided at the start of this privacy policy.

9.2 Fees

You will not usually be charged to exercise your rights. However, we may charge a reasonable fee, or refuse to comply, if your request is manifestly unfounded, repetitive, or excessive.

9.3 Verification of Identity

We may request information to confirm your identity before fulfilling your request. This ensures personal data is not disclosed to unauthorized individuals. We may also contact you for additional details to expedite our response.

9.4 Response Time

We aim to respond to all legitimate requests within one month. Complex or multiple requests may require more time, in which case we will notify you and provide updates.

9.5 Right to Complain

You have the right to file a complaint with the Information Commissioner’s Office (ICO), the UK data protection regulator. We encourage you to contact us first so that we can address your concerns directly.

10. Glossary

10.1 Lawful Basis

10.1.1 Legitimate Interest

This refers to our business interest in managing and operating our company to provide you with the best service, products, and a safe experience. Before processing your personal data under this basis, we carefully consider and balance any potential effects on you, including both positive and negative impacts on your rights. We do not process your data for purposes where the impact on you outweighs our legitimate interests, unless we have your consent or are required/permitted by law. For more details on how we assess our legitimate interests in specific situations, please contact us.

10.1.2 Performance of a Contract

This means processing your personal data when it is necessary to fulfil a contract you are part of, or to take steps at your request before entering into a contract.

10.1.3 Compliance with a Legal Obligation

This refers to processing your personal data when it is necessary to comply with a law or legal requirement that applies to us.