InfraXmedia (Holdings) Ltd, the parent company of the InfraXmedia group of media and events businesses, has released a comprehensive update to its Data Protection and Privacy Policy. The revised policy, effective as of 25 April 2025, details the organization's approach to handling personal data across all its member companies, including those operating in the United Kingdom, the European Economic Area, the United States, Canada, and Latin America.

The new policy reflects InfraXmedia's commitment to compliance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003, and other applicable data protection laws. The document serves as a central reference for customers, business partners, marketing and events registrants, website visitors, employees, and contractors.

Types of Personal Information Collected

InfraXmedia collects different categories of personal data depending on the relationship with the individual. For customers and business partners, the company gathers names, email addresses, phone numbers, job titles, company names, countries, and business addresses. In certain jurisdictions, additional documentation such as a copy of a passport or residence card may be required for verification purposes.

Marketing and events registrants provide contact details along with preferences and professional interests. Website visitors have their IP addresses, browser types, device information, and cookies collected (as outlined in a separate Cookie Policy). Employees and contractors submit personal data relevant to their employment or contractual obligations, which is handled under separate internal policies.

By entering information into any form provided by InfraXmedia, individuals enable the company to deliver the services they select.

How InfraXmedia Uses Personal Information

The policy specifies that InfraXmedia processes personal data under three lawful bases: to fulfill contractual obligations, for legitimate business interests, and with consent when required. Legitimate interests include pursuing business activities such as marketing, event management, media services, and analytics. The company emphasizes that it carefully balances any potential impact on individuals' rights before relying on legitimate interests.

Specific uses of data include contacting subscribers for service-related reasons (e.g., subscription changes, password reminders), inviting participation in research studies, sending operational information such as badges and app details for events, tracking website traffic to improve user experience, fulfilling subscription orders, managing online communities, evaluating promotional campaigns, planning business activities through aggregated analysis, and managing images and recordings from events for promotional purposes.

The policy stresses that individuals can opt out of communications at any time via the unsubscribe link in marketing emails or by contacting the data team.

Marketing Communications and Consent

Under UK GDPR, InfraXmedia may contact staff members of limited companies, public limited companies, incorporated partnerships, trusts, foundations, and government institutions using corporate email addresses without prior consent, provided the processing is based on legitimate interests. The company acknowledges the additional responsibility this entails and commits to protecting individuals' rights.

The policy also addresses the Telephone Preference Service (TPS) and Mailing Preference Service (MPS). If a person is registered on either service but later submits their data via an InfraXmedia website or form, the company assumes that submission indicates consent for marketing at that time. Individuals retain the right to opt out at any point.

Data Sharing and International Transfers

InfraXmedia may share personal data with other companies within the InfraXmedia Group, including its holding company and subsidiaries. The company will disclose data if compelled by law for crime prevention, prosecution, or tax purposes. In the event of a business sale or purchase, data may be disclosed to prospective buyers or sellers on a strictly confidential basis.

For events, webinars, and digital downloads, InfraXmedia informs attendees that personal data will be shared with sponsoring third parties for their marketing communications. A current list of sponsors is available on the company's website. Data is only shared with sponsors listed at the time of registration, and the company does not sell data.

International data transfers are managed through adequacy decisions by the UK or EU, Standard Contractual Clauses (SCCs), the U.S. Data Privacy Framework (DPF), or separate data protection agreements. InfraXmedia ensures that any third-party service providers are contractually prohibited from selling data collected on its behalf.

Anonymized statistics about website usage, such as traffic patterns and user numbers, may be compiled and shared without personally identifying information. The company uses third-party analytics services that capture behavioral metrics, heatmaps, and session replays to improve services. These services collect IP addresses (processed during sessions and stored de-identified), device screen sizes, browser information, geographic location (country only), and preferred language.

Rights of Access and Correction

Under UK GDPR, individuals have the right to access their personal data and verify the lawfulness of processing. A subject access request must be verified by reasonable means, and the company will respond within one month unless the request is complex, in which case an extension of up to two months may be required with explanation. Requests that are manifestly unfounded or excessive may incur a reasonable fee or be refused.

Individuals can request corrections to inaccurate information by contacting the data team, and updates will be made as soon as practically possible.

Data Storage, Security, and Retention

Data collected may be transferred and stored outside the UK and EEA. By submitting personal data, individuals agree to such transfers, provided that InfraXmedia takes all reasonable steps to ensure secure treatment in line with this policy. The company uses secure servers from IT system suppliers.

While the transmission of information over the internet is not completely secure, InfraXmedia has implemented security procedures and technical and organizational measures to safeguard personal information. Access to internal servers is limited to specialist IT personnel.

Personal data is retained only as long as necessary for the purposes for which it was collected. When no longer required, data is erased or disposed of without delay. However, for audit and tax purposes, certain information may be kept for up to six years or longer if required by legislation.

IP Addresses and Cookies

InfraXmedia collects IP addresses, operating systems, and browser types for system administration and aggregate reporting. This statistical data does not identify individuals. Websites use cookie technology to provide a personalized browsing experience; full details are available in the company's separate Cookie Policy.

Contact Information and Complaints

For questions or comments about the privacy policy, individuals can contact the Data Controller at InfraXmedia (Holdings) Ltd, 32-38 Saffron Hill, London EC1N 8FH, or by email. The policy also directs individuals to the UK Information Commissioner's Office (ICO) for complaints, providing contact details and a helpline number.

The updated Data Protection and Privacy Policy represents a thorough and transparent approach to data handling, balancing legal compliance with respect for individual privacy rights across multiple jurisdictions.

Source: Datacenterdynamics News