Skip to main content
Curious Heads Media

Privacy Policy


Curious Heads Media Ltd is a B2B media and events company (registered in England and Wales under company registration number 15198499).

By visiting our corporate website, the websites of our events and attending the events, or otherwise providing us with your personal information, it will be processed as described below.

This privacy policy explains how we collect, use, and retain your personal data. We want you to understand your rights under the UK General Data Protection Regulation (GDPR) and our obligations towards you.


  1. Our Legal Basis for Processing Your Personal Data

We process your personal data under the following legal bases:

  • Contractual Necessity: This processing is essential to fulfil our agreement with you. This includes using your details to issue your event pass, send essential operational event updates (e.g., timings, content programmes, venue changes…) and grant you access to the exhibition.

  • Legitimate Interests: This applies to processing necessary for our business activities, provided your rights are not overridden.


Our legitimate interests include:

  • Marketing our own services: Sending you communications about our future exhibitions, and conferences as a professional in the industry.

  • Internal Administration: Improving our events, conducting user analytics, and protecting against fraud.

  • Explicit Consent: We will only share your data with third-party exhibitors or sponsors for their marketing purposes where you have given clear, specific and ticked consent via the registration form.

     

    1. Data Protection Officer and Contact Details

    The Data Controller is Curious Heads Media Ltd, with a business address at 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ.

    Our Data Protection Officer (DPO) is Iain McLean. You can contact the DPO directly via email at iain.mclean@curiousheadsmedia.co.uk or by mobile phone at M: +44 (0) 7982 909009.


    1. The Sources of Personal Data and Information We Collect

    We collect professional personal data (such as name, job title/function, mobile number, company and company email) through two primary methods:

    • Directly from You: When you register for the event or otherwise interact with us.
    • From Publicly Available Sources (Data Enrichment): We collect and enrich data from publicly available sources to ensure we only contact highly relevant individuals for our B2B services (as detailed in Section 4). These sources include public professional platforms, such as LinkedIn and official company websites.

    The data collected can include: your name, job title/function, company, company address, company email address, company phone number and mobile phone number.

    We only collect personal data that is necessary for the purposes stated in this policy, in adherence to the principle of data minimisation.


    1. How We Use and Share Your Personal Data

    We use and share your data for the following purposes.

    • Event Fulfilment and Communication (Contractual Necessity) We use your data to manage your registration, issue your event pass, and ensure your successful participation in the event. This includes sending essential operational communications about the event you registered for (such as timings, content programmes, and venue changes).

    • Direct Marketing and Data Profiling (Our Legitimate Interest) We use your data to send you relevant information about our own future B2B exhibitions, conferences, and industry publications. To ensure the content you receive is highly relevant, we conduct Data Enrichment and Profiling. This involves using public sources or professional third-party data partners to verify the accuracy of your information, enrich your profile, and categorize your professional interests. This allows us to optimise our direct marketing actions. You have the right to object to this processing at any time.

    • Sharing Data with Third Parties (Requires Explicit Consent) We will only share your contact details with our exhibitors and sponsors if you have actively and optionally checked the corresponding consent box(es) on the registration form.

    • Other Data Sharing We may share your personal data with Mailing Partners and Event Suppliers (e.g., badge printing) to help us fulfil the services we provide to you. We may also share data with Legal or Regulatory Bodies where we are required to comply with a legal obligation or court order.

       

    1. Badge Scanning at the Event

    Your visitor badge may contain the information you provided on registration.

    When you allow your badge to be scanned by an exhibitor or sponsor on their stand, you are providing your contact details directly to them.

    The Exhibitor is the data controller for the information they collect via the badge scan and is responsible for complying with data protection laws for their own marketing follow-up.

    You are advised to request a copy of the exhibitor’s or sponsor’s privacy policy from them prior to having your badge scanned.


    1. Photographic and Audiovisual Material

    We may capture photographs and/or audiovisual material at the event.

    Your image, voice, and other personal data (including name, job title and company) may appear in internal or external releases, including media (print, video…) and other marketing materials. If you do not wish to be featured, please let the DPO know immediately (please see Section 2).


    1. Your Rights and Complaints

    At any point while we are processing your personal data, you have the following rights: Right of access, Right of rectification, Right to be forgotten, Right to restrict processing, Right of portability, and the Right to object to processing (particularly direct marketing).

    Withdrawal of Consent: You may withdraw any consent given for third-party marketing at any time. This will not affect the lawfulness of processing before the withdrawal.

    To exercise this right, you may contact our Data Protection Officer, Iain McLean, directly via email at 

    iain.mclean@curiousheadsmedia.co.uk 
    or by mobile phone at M: +44 (0) 7982 909009.


    Complaints: In the event you wish to make a complaint, please contact our Data Protection Officer (see above) in the first instance.

    You also have the right to lodge a complaint directly with the Information Commissioner’s Office (ICO) via their website at

     www.ico.org.uk.


    1. Data Retention and International Transfer

       

    8.1 Retention period for specific purposes

    Your Personal Data will be retained for the following retention periods unless longer retention is required by applicable local law or where we have a legitimate and lawful purpose to do so:

    • Prospects: Stored for a period of four (4) years starting from integration into the database. However, this period can be suspended if there are interactions (e.g. question asked by the prospect).

    • Exhibitors – Visitors – Delegates – Speakers: Data processed as part of the execution of a contract is kept: actively for as long as is necessary for the execution of the contract or the monitoring of the contractual relationship; at the end of the contract, this data is kept for a period of 10 years corresponding to the limitation period for contractual actions, it being understood that this retention period will be suspended in the event of administrative or legal proceedings relating to the contract, until the proceedings are concluded.

    • Subscribers to free e-newsletters (Consent-based): Stored for an initial period of four (4) years from the date of the data subject’s consent. We will periodically review your engagement and may seek to renew your consent after this period. Data will be deleted if consent is withdrawn or if there is no interaction after the 4-year period.

    • Subscribers to free newsletters (Soft Opt-in): Stored for a maximum period of four (4) years from the date of the last transaction or relevant interaction.

       

    8.2 General Retention Rules and Exceptions

    Right to Erasure: The retention periods mentioned above do not apply if you exercise your Right to Erasure prior to the expiry of the relevant retention period.

    Suspension for Legal Proceedings: All retention periods mentioned in point 8.1 may be suspended in the event of administrative or legal proceedings, until such proceedings are completed.

    Legal Compliance and Evidence: For compliance with legal obligations (such as accounting, tax and insurance purposes) and evidentiary purposes, Personal Data is stored in our database for the duration of five (5) years after the expiry of the retention period imposed by the specific applicable legislation, unless longer retention is required where we have a legitimate and lawful purpose to do so.

    Anonymised Data: We may keep an anonymised form of your Personal Data which will no longer refer to you, for statistical purposes without time limits, to the extent that we have a legitimate and lawful interest in doing so.


    8.3 International Transfer

    We do not transfer personal data outside of the UK/EEA unless appropriate safeguards are in place, such as UK-approved Standard Contractual Clauses.


    1. Policy Updates

    This version was last updated on 22nd October 2025.