top of page

Privacy Policy

1) Who we are

[Company Legal Name] ("Company", "we", "us", or "our") provides event strategy and production services.
 

  • United Arab Emirates (UAE) :  (including operations subject to UAE Federal Decree‑Law No. 45 of 2021 on Personal Data Protection).

  • Türkiye : (subject to Law No. 6698 on the Protection of Personal Data – KVKK).

  • Azerbaijan : (subject to the Law of the Republic of Azerbaijan on Personal Data).

  • EEA/UK visitors: where GDPR/UK GDPR applies, [EU/UK representative details, if required].

2) What data we collect

Information you provide

  • Contact details: name, email, phone, company, role, country.

  • Registration information for events: dietary or accessibility needs (optional), ticket details, preferences.

  • Commercial correspondence: RFPs, proposals, contracts, billing information.

  • Marketing choices: newsletter opt‑ins, content preferences, feedback forms.

  • Job applications: CV/resumé, cover letter, portfolio links.

Information we collect automatically

  • Device and usage data (IP address, browser, OS, time zone, referring URLs, pages viewed, session metadata).

  • Cookies and similar technologies (see Cookie Notice below).

  • Basic location from IP (country/city level).

Information from third parties

  • Event partners (e.g., venues, registration platforms, payment processors) when you register for or attend our events.

  • Social and ad platforms (campaign performance and audience metrics).

  • Public sources and business data providers (company and role verification).

We do not intentionally collect special category/sensitive data. If you voluntarily provide dietary, accessibility, or similar information, we process it only to meet your request.

3) Why and how we use personal data (lawful bases)

We process personal data for:

  1. Providing our services (event registration, ticketing, support) – Contract/Legitimate Interest.

  2. Communications (updates, service notices, transactional emails) – Contract/Legitimate Interest.

  3. Marketing (newsletters, invites, case studies with consent) – Consent/Legitimate Interest with opt‑out.

  4. Analytics & site improvement – Legitimate Interest/Consent (depending on region for non‑essential cookies).

  5. Business operations (security, fraud prevention, audits, legal compliance) – Legal Obligation/Legitimate Interest.

  6. Recruitment – Consent/Legitimate Interest.

Where required (e.g., EEA/UK for non‑essential cookies or electronic marketing), we rely on consent and you can withdraw it at any time.

4) Sharing your data

We share data with:

  • Vendors/Processors: hosting (e.g., cloud providers), CRM/marketing platforms, analytics, registration and ticketing tools, payment processors, email/SMS providers, and production suppliers.

  • Event partners: when necessary to deliver the event you signed up for (e.g., venues for access lists, sponsors if you explicitly opt‑in to share your details for scanning/lead capture).

  • Professional advisors and authorities: to protect our rights, comply with law, or respond to requests.

  • Business transfers: in connection with a merger, acquisition, or asset sale.

We require processors to follow written instructions, use appropriate security, and not sub‑process without safeguards.

5) International transfers

We operate across UAE, Türkiye, and Azerbaijan and may transfer data to countries that may not have the same data protection laws as your country. When required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs), intra‑group agreements, and data transfer assessments.

6) Data retention

We keep personal data only as long as needed for the purposes above:

  • Website analytics: 12–26 months (per tool settings).

  • Marketing contacts: until opt‑out or 24 months of inactivity, whichever comes first.

  • Contracts/invoices: 6–10 years (to meet accounting/tax/legal obligations).

  • Event records: typically 24 months after the event unless law or disputes require longer.

  • Job applications: 12 months unless hired or you ask us to keep/delete earlier.

7) Your rights

Your rights depend on your location. Subject to applicable law, you may request to:

  • Access a copy of your data;

  • Correct inaccurate data;

  • Delete your data;

  • Object to or restrict certain processing;

  • Portability of data you provided;

  • Withdraw consent where we rely on consent;

  • Complain to a supervisory authority.

Regional notes

  • EEA/UK (GDPR/UK GDPR): you may contact your local DPA (e.g., ICO in the UK).

  • UAE PDPL: you may exercise rights of access, correction, erasure, restriction, and portability subject to exemptions; DIFC/ADGM have separate regimes with similar rights.

  • Türkiye KVKK: rights under Article 11 include being informed, accessing, rectifying, erasing, objecting to automated processing, and seeking compensation.

  • Azerbaijan: rights include being informed about processing, accessing/correcting data, and requiring suspension/termination where unlawful.

To exercise rights, contact [privacy@domain.com]. We may require verification. We respond within applicable legal timeframes.

8) Children’s privacy

Our website and events are for professionals. We do not knowingly collect data from children under the age required by local law. If you believe a child has provided data, contact us to delete it.

9) Security

We use administrative, technical, and physical safeguards appropriate to the risk, including access controls, encryption in transit, vendor due diligence, and incident response. No system is 100% secure.

10) Marketing preferences

You can opt out of marketing emails at any time using the unsubscribe link or by contacting us. Transactional or service emails may still be sent.

11) Cookies & similar technologies (Cookie Notice)

We use cookies, pixels, and local storage to:

  • keep you signed in and remember preferences;

  • measure traffic and campaign performance;

  • personalize content or ads where permitted.

Control:

  • In the EEA/UK (and where required), we show a consent banner to accept/reject non‑essential cookies by purpose (e.g., Analytics, Marketing).

  • You can also block cookies in your browser or use platform settings (e.g., Google Analytics opt‑out).

  • We honor consent signals where legally required; Do Not Track is not standardized, so we do not respond to it.

Common third‑party tools (replace with your stack): Google Analytics/Tag Manager, Meta Pixel, LinkedIn Insight Tag, Hotjar/Clarity, email marketing pixels.

12) Third‑party links

Our website may link to third‑party sites or services. Their privacy practices are governed by their own policies.

13) Changes to this policy

We may update this policy from time to time. The “Last updated” date above reflects the latest version. Material changes will be communicated on this page or by email where appropriate.

14) How to contact us

Email: [privacy@domain.com]
Postal: 
EU/UK Representative (if applicable): [Name, address, email]
Data Protection Officer (if appointed): [Name, email]

Annex A — Records of Processing Activities (Summary)

Keep this section internal or publish a shorter version.

  • Website leads & subscribers: CRM/marketing platform; contact and consent data; retention 24 months after last activity.

  • Event registration: registration/ticketing platform; identity, contact, ticket class, add‑ons; retention 24 months post‑event.

  • Billing & contracts: ERP/accounting; identity and financial data (limited); retention 6–10 years.

  • Recruitment: HR inbox/applicant tracking; retention 12 months.

Annex B — Data Processors (Examples)

List key processors and purposes, e.g., cloud hosting, email, CRM, analytics, registration, payments, on‑site badge printing.

bottom of page