){kind=logo}
PRIVACY NOTICE
1. SCOPE
Trust is at the heart of our business, and we take your privacy seriously.
This privacy notice (“Policy”) explains how Nineteen Group Limited (Company Number: 07664714) and all associated (collectively referred to as “Group Companies” “Nineteen Group”, “we”, “us” or “our”) collect, use, disclose and manage your personal data in accordance with the applicable data protection laws of the United Kingdom (UK GDPR and DPA 2018), the Personal Data Protection Act 2012 of Singapore (“PDPA”), Privacy Act 1988 of Australia and applicable United States data protection laws.
This Policy applies to all Nineteen Group services, including events, publishing, websites, digital applications, and related services (“Services”).
WHO WE ARE
Nineteen Group Limited, with its registered office at Central House, 1 Alwyne Road, Wimbledon, London, SW19 7AB, is the Data Controller of your personal data. We determine how and why your personal data is collected, used, and disclosed. This typically relates to events you have attended, digital products you have used, or subscriptions you hold—or where we believe our services may be relevant to you.
We operate internationally and comply with applicable data protection and privacy laws in the regions where we collect and process personal data, including:
- The Personal Data Protection Act (PDPA) in Singapore
- The Privacy Act 1988 (Cth) and Australian Privacy Principles (APPs) in Australia
- Applicable state and federal privacy laws in the United States, where relevant
Where appropriate and lawful, your personal data may be shared within the Nineteen Group of companies. This includes entities involved in managing events, publishing digital content, providing subscription services, and delivering related commercial offerings.
Such sharing is conducted in line with our intra-group data processing agreement, which ensures a consistent level of protection, security, and lawful use of your information across all Nineteen Group companies. Each entity is required to process your data only for agreed purposes and in accordance with applicable data protection laws.
We take reasonable steps to ensure that any intra-group data sharing is carried out securely, that your personal data remains accurate, and that it is used only for legitimate business purposes, including to help improve our services, deliver personalised experiences, and, where permitted by law, provide relevant marketing communications.
You can object to this type of data sharing for marketing purposes at any time by contacting us at data@nineteengroup.com.
Group companies include:
Broden Media Limited, Drives And Controls Event Limited, Fullacko Holdings Ltd, Hennik Group Limited, Hennik Research Limited, Lyrical Communications Limited, Oliver Kinross Build Limited, Oliver Kinross Limited, Prime ESS Limited, Prime M&E Week Event Limited, Prime Retail Technology Event Limited, Prime Security Event Limited, SASIG Events Limited, and Security Exhibitions Limited.
2. YOUR PERSONAL DATA
2.1. How we collect it:
(a) We collect your Information when you:
- Contact us for any reason including with queries, comments or complaints;
- Visit our websites or other applications;
- Register to attend one of our events;
- Apply for a stand at one of our events;
- Attend one of our events;
- Download content from our website;
- Register for a newsletter or other marketing communication;
- Subscribe to a publication;
- Subscribe to an "on demand" service
- Register as a member/join our community
- Respond to a survey or enter a competition
- Provide feedback or reviews;
(b) We automatically collect certain information when you use our websites and/or applications, including through the use of cookies. Please see our Cookies Policy for more details.
(c) We may collect your personal data from publicly available sources and selected third party data prospecting platforms such as analytical, technical and aggregator service providers, who gather their data from multiple data sources, proprietary algorithms, and data networks of contributors.
(d) We shall process all such personal data in accordance with this Policy. Certain personal data is mandatory to be provided to us in order that we can fulfil your request and we shall make this clear to you at the point of collection of the personal data. All personal data that you provide to us must be true, complete and accurate.
2.2. What we collect:
- Contact Data, such as your email address, postal address, telephone number, social media handle and phone number;
- Identity Data includes data such as first name, last name, date of birth, job title and employer, educational, employment and professional background and account log in details;
- Financial Data includes details you provide to us so that we can process your payments through our payment provider;
- Technical Data includes data such as internet protocol (IP) address, your login data, browser type and version, cookies, time zone setting and location, browser plug-in types and versions, operating system and platform and other technology on the devices you use to access our website and any communications we may send to you.
- Usage Data includes information about how you use our website such as information about your visit to our website, including the full Uniform Resource Locators (URL) clickstream to and through, pages you viewed or searches you made, page response times, download errors, length of visit, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page.
- Marketing Data includes your preferences in receiving marketing from us.
- Sensitive Data includes dietary and accessibility requirements that you expressly choose to provide such data to us. We do not otherwise knowingly or intentionally collect Sensitive Data and we request that you do not submit Sensitive Data to us unless it is necessary to do so for example to attend an event.
We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data may be derived from your personal data but is not considered personal data in law as it does not directly or indirectly identity you. However, if we combine or connect Aggregated Data with your personal data so that it can directly or indirectly identify you, we will treat the combined data as personal data which will be used in accordance with this Policy.
We do not knowingly collect personal data of children. Please do not provide personal data to us unless you are at least 18 years old.
2.3. How we use it:
We use your personal data as set out in the table below. Where we use your personal data for a legitimate interest, we mean our legitimate business interests in the normal running of our business which do not materially impact your rights, freedom or interests.
| Type of Use | Type of Data | Legal Basis |
| 1. Perform the services requested by you in respect of our events; |
Contact Identity Financial Sensitive |
(a) To perform a contract with you; (b) For our legitimate interest in monitoring your engagement with our events and improving our events; |
|
2. Manage your access to and use of our website; |
Contact Identity Financial |
(a) To perform a contract with you; (b) For our legitimate interest in monitoring your use of and improving our services; (c) To comply with our legal obligations; |
| 3. Deliver customer care, technical support and security; |
Contact Transaction |
(a) To perform a contract with you; (b) To comply with our legal obligations ; (c) For our legitimate interest in improving, customising and enhancing our services; |
| 4. Provide you with updates, operational announcements and other news in relation to our business; |
Contact |
(a) To perform a contract with you; (b) For our legitimate interest in developing our relationship with you and proving enhanced services to you; |
| 5. Deliver targeted advertisements, promotional communications, notices and other information related to services provided by us, other Nineteen group companies and relevant third parties, such as exhibitors, sponsors and media partners (subject to Section 2.4 (Direct Marketing); |
Contact Identity |
(a) For our and certain third parties’ legitimate interests in providing additional or new services to you; |
| 6. Call monitoring for training and quality monitoring purposes, including the recording of sales and/ or marketing calls made to you. |
Contact Identity Marketing |
(a) To perform a contract with you; (b) For our legitimate interest in monitoring and improving our relationship with you; |
7. Invite you to take part in user testing and surveys, competitions and promotions; |
Identity Marketing |
(a) For our legitimate interest in in improving, customising and enhancing our Services; (b) For our legitimate interest in developing our relationship with you and providing enhanced services to you; |
| 8. Identify usage trends and develop data analysis, including for research, audit, reporting and other business purposes; | Technical Usage |
(a) For our legitimate interest in improving, customising and enhancing our Services; |
| 9. Disclose data to selected third parties in accordance with this Policy; |
Contact Identity Financial Sensitive |
(a) To perform a contract with you; (b) For our legitimate interest in offering or delivering ancillary or complimentary services to you; (c) To comply with our legal obligations; (d) In certain circumstances, where you have provided consent; |
| 10. Send you notices and requests in relation to our services, for example to collect payment. |
Contact Identity Financial |
(a) To perform a contract with you; (b) For our legitimate interest in resolving disputes and enforcing our agreements. |
Variations based on jurisdiction and context:
| Purpose | Legal Basis (UK/EU GDPR) | Legal Basis (AU Privacy Act) | Legal Basis (US – e.g. CCPA/CPRA) | Legal Basis (SG PDPA) |
| To provide Services |
Contractual necessity |
Reasonably necessary for core function | Performance of contract or as reasonably expected | Reasonableness & purpose |
| Customer support, security, access control | Legitimate interest | Reasonably necessary | Legitimate business interest (subject to notice rights) | Reasonableness & purpose |
| Marketing communications | Legitimate interest or consent | Consent required in some cases | Consent or opt-out required (depending on state law) | Consent required in some cases |
| Event management (incl. sponsors/exhibitors) | Legitimate interest | Reasonably necessary or with consent | Legitimate interest or consent (depending on data type) | Reasonableness & purpose |
| Analytics, research, development | Legitimate interest | Permitted with anonymisation or consent | Permitted with notice; opt-out required for sale/sharing | Reasonableness |
| Legal and regulatory compliance | Legal obligation | Legal obligation | Legal obligation | Legal obligation |
2.4. Direct Marketing
We will only send you marketing communications where we are lawfully permitted to do so. This may be because you have requested or agreed to receive marketing communications from us.
Direct marketing may also be regarded as carried out for legitimate interests under applicable data protection legislation. We may therefore send you marketing communications if we have a legitimate interest in doing so because for example, you have attended an event or shown interest in doing so; you have registered on our website, or because we reasonably believe that you may be interested in attending one of our events or learning more about our business.
You may opt out from receiving marketing communications at any time by using the “unsubscribe” or “manage your preferences” link included within each communication, or in the case of telephone marketing by notifying us on the call.
Please note that it may take us a few days to update our records to reflect your request. If you ask us to remove you from our marketing list, we shall keep a record to ensure that we do not send to you marketing communications in the future.
3. Third Parties
3.1. Service Providers
We use a variety of third party service providers to enable us to operate our business. They process your personal data on our behalf where necessary in relation to:
(a) The facilitation of services you have requested from us;
(b) Data storage and hosting;
(c) IT Security;
(d) Workplace productivity and e-mail;
(e) Customer relationship management;
(f) Direct marketing communications;
(g) Marketing automation, solutions and analytics;
(h) Communications services;
(i) Project management and event planning;
(j) Event sponsorship and for purpose of improving delegate experience;
(k) Event experience services, including analytics;
(l) Website and application development and hosting;
(m) Accounts receivable, accounts payable and credit control; and
(n) Professional advice (e.g. supplied by accountants, tax and financial advisors, lawyers and other specialists).
We shall provide these third parties only with such of your personal data as they need to provide the service for us and if we stop using their services, we shall request that they delete your personal data or make it anonymous within their systems.
Please see a list of third party service providers here.
3.2. Other Third Parties
We may share your personal data for our legitimate interests with
(a) Other Nineteen group companies: to better develop, modify, enhance or improve our services, communications for the benefits of our customers and/or to recommend related products that may be of interest, including by sending you marketing communications.
(b) Purchasers or sellers of a business or asset: in the context of a sale, merger or acquisition, to facilitate such a transaction and/or enable your interaction with the event despite any change in ownership. The new owners may use your personal data in the same way that we do as set out in this Policy.
(c) Business partners: we work with businesses to provide goods and services that are complimentary to our own. We only share personal data with them where (i) you have requested services from us that they provide or (ii) you explicitly consent.
(d) Google Inc.: as part of the Google Analytics service, information is shared with Google on an aggregated and anonymised basis. For more information on the use of Google Analytics, and how it collects and processes data, see "How Google uses information from sites or apps that use our services", located here: https://policies.google.com/privacy/partners?hl=en-GB&gl=uk.
(e) Event attendees, exhibitors, partners and/or other participants where you have specifically requested a networking service from us in relation to an event including the sharing your personal data with these third parties.
(f) Event sponsors when you register for, or attend a session or other part of our event(s) that is sponsored by them.
(g) Event exhibitors when you visit that exhibitor’s stand and permit your visitor badge to be scanned at their stand.
(h) Event service suppliers, such as suppliers of the following services: show guide production, creative design for stand graphics, furniture hire, registration/badges and accommodation. See a list here.
3.3. Third Party Websites
If you choose to visit a third party website in relation to our services, any social media platform linked from our website, such as LinkedIn, Instagram or TikTok, please be aware that your personal data will be used in accordance with the privacy policy of that third party as published on their website, over which we have no control.
4. Data Retention
We retain your personal data for no longer than necessary in respect of the purpose(s) for which it was collected. Our data retention procedures take into account the extent to which retention of your personal data is required to best provide you with and develop our products and services, manage your relationship with us, meet our statutory, contractual, legal, accounting and audit obligations. If we have anonymised your personal data n, we may continue to use this information indefinitely.
How long we keep your data for
- Contractual data is kept for 6 years after the end of the contractual relationship for tax and legal purposes
- Business development data is kept for 6 years after the development activity but may be kept for longer in an anonymised format to provide historical insight into business operations
- Direct marketing data is kept until you unsubscribe from our marketing lists
- If you have not unsubscribed from our marketing lists and are not engaged with any of our content, we reserve the right to remove you from our marketing lists after 7 years
- At this point your personal data will be anonymized within our database, and you will only be contacted again should you re-subscribe to our marketing list and/or register for any of our in-person or online events
- Recruitment data is kept for one year for unsuccessful applicants
- In some circumstances you can ask us to delete your data: see below section 7. Your Rights.
5. Transferring your Information outside the UK
We may transfer your personal data to countries outside the UK, including for example if any of our service providers are from time to time located in a country outside of the UK. If we transfer your personal data outside of the UK, we will take appropriate security and other measures with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy and as required by law. These measures may include entering into contracts that require the protection of your personal data and/or specific contractual terms approved by the UK Government.
Such as:
- Data Transfer Agreements with standard contractual clauses
- Reasonable protective measures and contractual safeguards
- Vendor due diligence and minimisation of data sharing.
For international events (Singapore, Australia and US), reasonable steps are made to adhere to regional/overseas privacy principles.
6. Data Security
We employ appropriate technical and organisational security measures to protect your personal data, including from accidental loss, unauthorised use or disclosure.
These security measures include:
(a) Limiting access to your personal data to those who have a genuine business need to access it,
who do so in an authorised manner and subject to a duty of confidentiality.
(b) Maintain the integrity and availability of our technology systems;
(c) Ensuring adequate data and disaster recovery processes; and
(d) Monitoring the effectiveness of our security measures.
We have procedures in place to deal with any suspected data security breach. However, unfortunately, because of the nature of electronic storage, we cannot promise that your personal data or any other data you provide to us will always remain secure. If there is a security breach, we will notify you and any applicable regulator where we are legally required to do so.
7. Your Rights
You have a number of rights under applicable data protection legislation. Some of these rights are complex, and not all of the details have been included below. Further information can be found here.
- Right of access: You have the right to access and obtain a copy of your personal data on request
- Right to rectification: You can require us to change incorrect, incomplete or out of date data
- Right to restrict or object to processing: In certain circumstances, you have the right to require that we restrict the processing of your personal data if you believe our processing impacts on your fundamental rights and freedoms. However, we may demonstrate that we have legitimate grounds to process your personal data not withstanding your rights and freedoms.
- Right to portability: You can request the transfer of your personal data to another party
- Right to be forgotten: You also have the right at any time to require that we delete the personal data that we hold for you, where it is no longer necessary for us to hold it. However, whilst we respect your right to be forgotten, we may still retain your personal data in accordance with applicable laws and when we respond to your request we shall notify you of any specific legal reasons that we have to retain your personal data
- Right to stop receiving marketing communications: You can ask us to stop sending you marketing communications, but please note we shall continue to contact you in relation to any matters relating to any contractual relationship we have with you.
We do not use your personal data to carry out automated decision making.
You can help us keep your personal data accurate and up to date by keeping us informed if your personal data changes.
If you would like to exercise any of these rights, please contact us at data@nineteengroup.com.
You will not have to pay a fee to access your personal data or to exercise any of the other rights under data protection laws. However, we may charge a reasonable fee if your request for access is excessive, unfounded or you request additional copies. Alternatively, we may refuse to comply with the request in such circumstances.
We may need to confirm your identity before we can ensure your right to access the personal data (or to exercise any of your other rights). This is to ensure that personal data is not disclosed to any person who has no right to receive it.
In addition to your ability to prevent Direct Marketing in accordance with section 2.4 (“Direct Marketing”), you can exercise your rights by writing to us at Nineteen Group Limited, Central House, 1c Alwyn Road, Wimbledon, SW19 7AB, United Kingdom or sending an email to the Data Protection Officer at data@nineteengroup.com.
For more details on how to object to our use of personal data collected from cookies and similar technologies, please see our Cookies Policy.
8. Sensitive Information
If necessary to enable you to fully benefit from and participate in our Services we will process your dietary restrictions or preferences, or physical requirements, only with your explicit consent.
We do not otherwise knowingly or intentionally collect Sensitive Information and we request that you do not submit Sensitive Information to us. If you inadvertently or intentionally submit Sensitive Information to us, you will be considered to have explicitly consented to us processing it for the purpose of its deletion.
In this Section 8, “Sensitive Information” is information about an individual that reveals their racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic information, biometric information for the purpose of uniquely identifying an individual, information concerning health or information concerning a natural person’s sex life or sexual orientation.
9. Minors
We do not knowingly contact or collect Information from persons under the age of 16 (“minors”).
If we become aware that a minor has provided us with Information, we will take steps to delete such information.
10. Contact us
If you have any questions or complaints about this policy or your data, please contact:
Data Protection Officer
Nineteen Group Limited
Central House, 1 Alwyne Road, Wimbledon, SW19 7AB
Email: data@nineteengroup.com.
If you are unsatisfied with our response, you may also contact your relevant supervisory authority:
- UK: Information Commissioner’s Office (ICO)
- Singapore: Personal Data Protection Commission (PDPC)
- OAIC (Office of the Australian Information Commissioner)
United States (U.S.) Residents
-
If you are a resident of the United States and have any questions or concerns about how we handle your personal information, or if you wish to exercise your privacy rights under applicable U.S. state laws (such as the California Consumer Privacy Act (CCPA)), you may contact us at:
President of Nineteen Group Americas - Mary Larkin
Email: mlarkin@nineteengroup.comResidents of certain U.S. states may also contact their local state attorney general or data protection regulator for more information.
11. Updates to this Policy
We will occasionally update this Policy by posting a revised version on our website(s). We encourage you to periodically review our website(s) and this Policy to be informed of how we use your information.
This Policy was last updated on 26th May 2025