Privacy Policy

CE Events & Media Ltd

1. Who we are

This Privacy Policy explains how CE Events & Media Ltd ("CE-EM", "we", "us", "our") collects, uses, stores, and protects personal data.

We are a company registered in England and Wales (company number 13133511) with registered office at 3 Valentine Way, Hessett, Bury St Edmunds, IP30 9BP, United Kingdom.

For the purposes of the UK General Data Protection Regulation and the Data Protection Act 2018, CE Events & Media Ltd is the data controller of personal data collected through our website (ce-em.com), our events and webinars (including FAIS, CIFB, and IFB), our Insights products, and our marketing communications.

Contact

Email: info@ce-em.com

Post: CE Events & Media Ltd, 3 Valentine Way, Hessett, Bury St Edmunds, IP30 9BP, United Kingdom

Privacy contact: Hayley Cooper, CEO, reachable at hayley@ce-em.com.

We are not legally required to appoint a Data Protection Officer under UK GDPR Art. 37, as we do not carry out large-scale processing of special-category data or systematic large-scale monitoring. We have nevertheless designated a single point of contact for privacy matters.

2. Applicable law

This policy is designed to comply with:

• The UK General Data Protection Regulation (UK GDPR);
• The Data Protection Act 2018;
• The Privacy and Electronic Communications Regulations 2003 (PECR);
• For visitors and contacts in the EEA, the EU General Data Protection Regulation (Regulation (EU) 2016/679).

Where local data-protection law applies to attendees, sponsors, or other contacts in jurisdictions outside the UK and EEA, we will comply with that local law in addition to the above where required to do so.

3. Personal data we collect

We may collect and process the following categories of personal data:

• Identity and contact data: name, job title, employer, business email address, business phone number, postal address.
• Professional data: organisation, role, seniority, sector, areas of investment or operational interest.
• Event and webinar data: registration details, source of registration (including UTM tracking parameters), attendance records, sessions attended, chat messages, Q&A submissions, dietary requirements, accessibility needs.
• Transactional data: records of purchases of event tickets, sponsorship, and Insights products. We do not store full payment-card details; card payments are processed by our payment provider.
• Communications data: records of correspondence with us, including via email and contact forms.
• Marketing preferences: your consent status and preferences in relation to newsletters, marketing communications, and sponsor-specific opt-ins.
• Technical and usage data: IP address, browser type and version, device information, time-zone setting, operating system, and information about how you use our website.

Special category data. We do not routinely process special-category personal data. Where you voluntarily provide information about dietary requirements or accessibility needs in connection with an event, we treat this information as confidential and use it only for the purpose of accommodating you at that event. Where dietary requirements or accessibility needs constitute special-category personal data, we process such data under UK GDPR Art. 9(2)(a) (explicit consent).

4. How we collect your data

• Directly from you when you fill in a form on our website, register for an event or webinar, subscribe to a newsletter, purchase an Insights product, or correspond with us.
• Automatically through cookies and similar technologies when you visit our website (see clause 10), and through our event and webinar platforms when you register or attend a session.
• From third parties, including: business contact databases (e.g. LinkedIn, publicly available corporate directories) used for prospecting; event partners and sponsors with whom we co-market (where they confirm to us that they have a lawful basis to share their contacts with us for a specific event or campaign); and our website, hosting, analytics, and email service providers.

5. Lawful bases for processing

We process personal data on one or more of the following lawful bases under UK GDPR Art. 6:

• Contract (Art. 6(1)(b)): to deliver events and webinars you have booked, fulfil Insights purchases, and administer sponsorship agreements.
• Legitimate interests (Art. 6(1)(f)): to operate and improve our website and services; to send business-to-business marketing communications to professional contacts about closely related events and Insights products; to maintain records and protect our legal rights; to engage in prospecting of senior decision-makers relevant to our events.
• Consent (Art. 6(1)(a)): to send marketing communications to individual subscribers; to share your details with named sponsors of a webinar where you have ticked the consent box at registration; to set non-essential cookies; for any other processing where consent is required by law.
• Legal obligation (Art. 6(1)(c)): to comply with our tax, accounting, and regulatory obligations.

Where we rely on legitimate interests, we have carried out a balancing assessment and concluded that our interests are not overridden by your rights and freedoms. You may object to this processing at any time (see clause 12).

6. How we use your personal data

We use personal data to:

• Respond to enquiries, contact-form submissions, and other correspondence;
• Register you for events and webinars, issue invoices, send joining instructions, and manage your attendance;
• Deliver Insights products and manage related subscriptions;
• Send service emails (administrative information, event updates, confirmations, links to recordings);
• Send post-event communications, including follow-up to registrants who did not attend live with on-demand recording links;
• Send marketing communications about our events, Insights products, and partner offerings, where you have consented or where we have a legitimate interest in doing so;
• Personalise our website and improve our services;
• Carry out market research and analyse engagement;
• Protect our business, enforce our terms, and comply with legal obligations.

7. Who we share your data with

We share personal data only with the following categories of recipient, and only as required for the purposes set out above:

• Service providers acting as our processors, including: website hosting, content-management, payment processing, email marketing, CRM, event registration, webinar and virtual-event platform (currently Brandlive Inc), analytics, and IT support providers. A current list of our key processors is available on request.
• Professional advisers such as lawyers, accountants, and auditors, where necessary for the running of our business.
• Regulators and law-enforcement bodies where required by law.

7.1 Sharing with sponsors of in-person events

For in-person events, sponsors receive:

• An attendee list containing job title and organisation only. Names, email addresses, phone numbers, and other direct contact details are not included in the attendee list shared with sponsors;
• Visibility through the event platform attendee directory, where confirmed delegates' names, job titles, and organisations are visible to other attendees and sponsors (see clause 9);
• Aggregated, anonymised post-event reporting.

Where a sponsor has purchased a meetings package, they identify delegates of interest from the attendee list (by job title and organisation) and CE-EM manages the outreach, scheduling, and confirmation of meetings. Direct contact details of delegates are not shared with sponsors during this process.

Beyond the above, no registrant or attendee data is shared with sponsors of in-person events.

7.2 Sharing with sponsors of webinars

For webinars, sponsors receive:

• Aggregated session reporting (total registrations, live attendance, on-demand views, engagement metrics);
• Chat and Q&A output from the session, including attendee names and contributions where these were made visible during the session by attendees themselves;
• Opt-in attendee data: where you tick the consent box at registration to share your details with the named sponsor of the webinar, we will share your name, job title, organisation, and email address with that sponsor for them to follow up with you directly. You can withdraw your consent at any time by contacting us at info@ce-em.com or contacting the sponsor directly;
• UTM-attributed contacts (where applicable): where a sponsor has promoted the webinar using a tracked link we provided to them, we may share with that sponsor the list of contacts attributed to their tracked link.

In limited circumstances, and on a case-by-case basis, we may share a registrant list with a sponsor strictly for the purpose of suppression (to enable the sponsor to remove these contacts from their own parallel marketing). Data shared on this basis is contractually restricted: the sponsor may not use it for direct marketing or any other outreach purpose and must delete it once the suppression exercise is complete.

7.3 Insights products

Purchasers of CE-EM Insights products (reports, mini-briefings, interviews, recorded content, and bundles) are not shared with any third party, including sponsors. Only aggregated, anonymised numbers (such as total downloads or subscriber counts) may be shared in commercial or marketing contexts.

We do not sell your personal data. We do not lease or rent personal data to unrelated third parties for their own marketing purposes.

8. International transfers

We work with a global client base across all continents, and some of our service providers, sponsors, and event partners are based outside the UK. Where we transfer personal data outside the UK, we ensure an appropriate safeguard is in place, for example:

• Transfer to a country covered by UK adequacy regulations (which includes the EEA and certain other jurisdictions);
• The UK International Data Transfer Agreement, or the UK Addendum to the EU Standard Contractual Clauses;
• Where the recipient is a sponsor or event partner, contractual obligations requiring them to handle the data in line with UK GDPR standards regardless of the jurisdiction in which they are based.

Details of the safeguards in place for any specific transfer are available on request from hayley@ce-em.com.

9. Attendee directory and platform visibility

For in-person events, we use an event platform (currently VirtualPro) to manage networking, the agenda, and on-the-day logistics. Confirmed delegates are added to the platform's attendee directory shortly before the event.

Your visibility in the attendee directory comprises your name, job title, and organisation. No other personal data (including email address or phone number) is visible to other attendees or sponsors through the directory. You may share additional information voluntarily by responding to messages from other attendees on the platform.

If you would prefer not to appear in the attendee directory, contact info@ce-em.com and we will remove you. Your attendance at the event itself is not affected.

Webinar attendees may be visible to other participants and sponsors during the session in respect of chat messages and Q&A contributions they choose to make. Your name and contributions in chat and Q&A are visible to all participants of the session, including sponsors.

10. Recordings and content

Where you attend a webinar that is recorded, your participation in the recording (including any contributions to chat, Q&A, or live discussion) may be retained as part of the recorded session. Recordings are hosted on our chosen platform and may be made available to registrants, attendees, and (where agreed) sponsors of the webinar on a view-only basis.

In-person events and sessions are not routinely recorded for distribution.

Raw recording files are not provided to attendees, sponsors, speakers, or other third parties.

If you do not wish to appear in a recording, please let us know in advance of the session and we will, where reasonably possible, accommodate your request.

11. Cookies and similar technologies

A cookie is a small text file placed on your device when you visit a website. We use cookies and similar technologies to:

• Operate the website (strictly necessary cookies, which do not require consent);
• Analyse usage via analytics tools (analytics cookies, which require consent);
• Support marketing via tools such as advertising and remarketing pixels (marketing cookies, which require consent).

Non-essential cookies are only set with your consent, captured through our cookie banner on first visit. You can change or withdraw your consent at any time via the cookie-preferences link in the website footer.

You can also control cookies through your browser settings. Disabling cookies may impair the functionality of the site.

Third-party services we currently use

We use the following third-party services that may set cookies or process data from your visit to our website:

• Google Analytics (provider: google.com) - website analytics. Cookies include _ga and _ga_# (persistent, expires after approximately 13 months). See: https://policies.google.com/privacy
• YouTube embeds (providers: youtube.com and youtube-nocookie.com) - video playback on pages that embed YouTube content. Cookies and local storage include VISITOR_INFO1_LIVE, YSC, VISITOR_PRIVACY_METADATA, yt-player-headers-readable, yt.innertube::requests, yt.innertube::nextId, yt-remote-device-id, yt-remote-connected-devices, ytidb::LAST_RESULT_ENTRY_KEY. See: https://policies.google.com/privacy
• Google services (provider: google.com) - including the NID cookie used for personalisation and advertising preferences. See: https://policies.google.com/privacy
• LinkedIn (provider: linkedin.com) - for social sharing, embedded content, and ad measurement where applicable. See: https://www.linkedin.com/legal/privacy-policy

We also use the following third-party services as data processors that do not typically set cookies on our website but process personal data you provide to us:

• Zoho CRM - customer relationship management and contact records.
• Zoho Campaigns - email marketing delivery.
• Typeform - survey forms.
• Lusha - business contact enrichment for prospecting.

Our event and webinar platforms (currently Brandlive Inc operating as Virtual Pro) also process registrant and attendee data on our behalf when you register for or attend a session. Each of these providers has its own privacy policy.

A current list of our key processors is available on request from info@ce-em.com.

12. How long we keep your data

We retain personal data only for as long as necessary for the purposes for which it was collected, and to meet legal, accounting, or regulatory requirements. Typical retention periods are:

• Event and webinar registration records: up to 7 years from the date of the event.
• Contact-form submissions: up to 24 months from the date of last contact.
• Marketing-list records: until you unsubscribe or until 24 months of inactivity, whichever is earlier.
• Financial and tax records: a minimum of 6 years following the end of the relevant tax year, as required by HMRC.
• Sponsor and supplier contracts: up to 7 years from the end of the contract.
• Recordings and Insights content: retained on a rolling basis as part of our content library. Personal contributions in recordings (e.g. visible Q&A or chat) are retained for the lifetime of the recording.

13. Your rights

Under the UK GDPR you have the following rights, which you can exercise free of charge:

• Right of access: to obtain a copy of the personal data we hold about you.
• Right to rectification: to have inaccurate data corrected and incomplete data completed.
• Right to erasure: to have personal data deleted in certain circumstances.
• Right to restriction: to ask us to restrict processing in certain circumstances.
• Right to data portability: to receive certain data in a structured, machine-readable format.
• Right to object: to object to processing based on legitimate interests, and to direct marketing at any time.
• Right to withdraw consent: at any time, where we are relying on consent (including consent to share your details with a named sponsor of a webinar).
• Rights related to automated decision-making: we do not carry out automated decision-making that produces legal or similarly significant effects.

To exercise any of these rights, contact info@ce-em.com. We will respond within one month of receiving your request (this period may be extended by up to two further months in complex cases, and we will tell you if that applies).

Complaints. If you are not satisfied with our response, you have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk or 0303 123 1113.

14. Security

We have implemented appropriate technical and organisational measures to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. These include access controls, encryption in transit (HTTPS/TLS), secure password practices, and supplier due-diligence.

Data breaches. In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the ICO within 72 hours of becoming aware of the breach, and notify affected individuals without undue delay where the risk is high.

15. Children

Our website and services are directed at business professionals and are not intended for children. We do not knowingly collect personal data from children under 16.

16. Links to other websites

Our website may contain links to third-party sites. We are not responsible for the privacy practices or content of those sites. We encourage you to read the privacy policy of every site you visit.

17. Changes to this Privacy Policy

We may update this policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The "Effective date" at the top of this policy will be updated to reflect any changes.

Material changes: where changes are material (for example, a new processing purpose or a significant change in how we share data) we will take reasonable steps to bring those changes to your attention, including by email to subscribers and contacts where appropriate.

 

Effective date: 11 May 2026