Privacy Policy

Board Summits Ltd  |  Last updated: 19 April 2026  |  v1.0

 

This Privacy Policy explains how Board Summits Ltd collects, uses, and protects your personal data in connection with the BOARD event and associated website. We are committed to handling your information transparently and in compliance with applicable data protection law, including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR / Regulation (EU) 2016/679), and the UK Data Protection Act 2018.


1. Who We Are

Company name:  Board Summits Ltd

Company number:  17019177 (incorporated in England and Wales)

ICO Registration No: ZC126084

Registered address:  71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, U.K.

Contact email:  info@boardsummits.com

Board Summits Ltd is the data controller of personal data collected through the BOARD website and event registration processes. As data controller, Board Summits Ltd is legally responsible for deciding how and why your personal data is used, and for ensuring that it is handled in accordance with applicable data protection law. For all data protection enquiries, please contact us at info@boardsummits.com, which is our designated data protection contact point.

BOARD is a combined summit and exhibition event taking place in Monaco in March 2027. This Privacy Policy applies to all personal data processed in connection with the BOARD event and its website.

 

2. Scope of This Policy

This Privacy Policy applies to personal data collected through:

  • The BOARD event website and any subdomains;

  • Event registration and ticketing processes;

  • Exhibitor and speaker applications;

  • Sponsor enquiries and commercial communications;

  • Email communications and marketing;

  • On-site activities during the BOARD event in Monaco;

  • Any apps, portals or digital tools we operate in connection with BOARD.

It does not apply to third-party websites or services that may be linked from our site. Those third parties have their own privacy policies for which we are not responsible.

This Privacy Policy should be read alongside our Website Terms of Use and Cookie Policy, both available at our website.

 

3. Personal Data We Collect

We collect personal data in several ways, depending on how you interact with us:

3.1 Data You Provide Directly

  • Full name, job title, and company or organisation;

  • Email address, telephone number, and postal address;

  • Payment and billing information (processed securely via our payment provider - we do not store full card details);

  • Dietary requirements or accessibility needs, if you choose to provide them (see Section 5 on special category data);

  • Speaker, exhibitor or sponsor application details;

  • Correspondence and communications you send to us;

  • Survey responses and feedback.

  • Professional and organisational information submitted as part of event registration or attendance applications, which may include company turnover, investment portfolio size, board/directorship portfolio, areas of professional focus, and other details provided to assess eligibility for attendance.

  • Where attendance is subject to an application process, personal data submitted by unsuccessful applicants is retained for up to 12 months following the application decision, after which it is securely deleted unless you have separately consented to receive communications from us.

3.2 Data Collected Automatically

  • IP address and device information;

  • Browser type and version;

  • Pages visited and time spent on our website;

  • Referral source (how you arrived at our website);

  • Cookie data (please see our Cookie Policy for further detail - link available on our website).

3.3 Data from Third Parties

  • Information from event partners, sponsors or exhibitors who share contact details with us for the purpose of facilitating attendance;

  • Information from publicly available professional sources (e.g., LinkedIn or company websites) where we have a legitimate interest in contacting you;

  • Information from badge scanning or networking tools used at the event (where applicable and with appropriate notice at the time).

 

4. How We Use Your Personal Data

The table below sets out the purposes for which we use your personal data, the legal basis we rely upon, and the categories of data involved.

How we process your data

 

Where we rely on legitimate interests as our legal basis, we have carried out a balancing assessment and are satisfied that our interests do not override your fundamental rights and freedoms. You may request further details of these assessments by contacting us at info@boardsummits.com.

 

5. Special Category Personal Data

Certain types of personal data attract a higher level of protection under data protection law. These include information about health or disability, religious beliefs, racial or ethnic origin, and similar matters.

We may ask you to provide such information solely where it is necessary to accommodate your needs at the event - for example, dietary requirements linked to religious beliefs, or accessibility requirements. Where we collect this data:

  • We will ask for your explicit consent before doing so;

  • We will use it only for the stated purpose;

  • We will not share it with third parties except where strictly necessary to fulfil your request (e.g., with our catering or venue providers);

  • We will retain it only for as long as needed for the event.

 

6. Legal Bases for Processing

Under the UK GDPR and EU GDPR, we must have a valid legal basis for processing your personal data. The legal bases we rely on are:

6.1 Performance of a Contract

Where you have registered for the event or entered into another agreement with us, processing your data is necessary to fulfil that contract - for example, to issue your ticket, process your payment, or manage your participation.

6.2 Legitimate Interests

We process certain data where we have a genuine and proportionate business interest in doing so, and that interest is not outweighed by your rights. Examples include sending follow-up communications after a business interaction, security monitoring, and improving our website.

6.3 Consent

Where we rely on consent - for example, for marketing communications or certain cookies - we will ask for your clear agreement before processing. You may withdraw consent at any time without affecting the lawfulness of prior processing.

6.4 Legal Obligation

We may be required to process certain data to comply with a legal obligation, such as financial record-keeping or responding to a lawful request from a public authority.

 

7. Photography, Filming, and Event Media

The BOARD event will be photographed and may be filmed for promotional, editorial, and archival purposes. Images and footage may be used on our website, social media, marketing materials, press releases, and in connection with any other products or services offered by Board Summits Ltd.

Where you are attending a public-facing event, we rely on legitimate interests to capture general event photography. Where we intend to use your image in a targeted or prominent way, we will seek your consent.

If you do not wish to be photographed, please notify event staff on-site and we will make reasonable efforts to accommodate your request. You may also contact us at info@boardsummits.com.

 

8. Sharing Your Personal Data

We do not sell your personal data. We may share your data with third parties only in the following circumstances:

8.1 Service Providers

We engage carefully selected third-party service providers who process data on our behalf and under our instruction. These include:

  • Payment processors (for ticket and sponsorship transactions);

  • Email and CRM platforms (for communications and registration management);

  • Website hosting and analytics providers;

  • Event venue and catering providers (where sharing is necessary to facilitate your attendance);

  • Badge printing and event management technology providers:

  • Hotels and hotel reservation services.

All our service providers are bound by data processing agreements and are required to handle your data in accordance with applicable law.

8.2 Sponsors and Exhibitors

With your consent, or on the basis of legitimate interests where you interact with an exhibitor or sponsor during the event (for example by having your badge scanned at a stand or participating in a networking feature), we may share your professional contact details with the relevant participating organisation. The basis for any such sharing will depend on the nature of the interaction, and we will ensure appropriate notice is provided at the relevant point. You will have the ability to opt out of such sharing where it is based on legitimate interests.

8.3 Legal Requirements

We may disclose your data to law enforcement or regulatory bodies where required to do so by law, or where necessary to protect the rights, property, or safety of Board Summits Ltd, our attendees, or others.

8.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred as part of that transaction. We would notify you if this occurred and ensure appropriate protections remain in place.

 

9. International Data Transfers

The BOARD event takes place in Monaco. As a UK-registered company, we operate under UK GDPR. Monaco is not an EU member state and does not benefit from a formal UK adequacy decision; however, Monaco enacted a comprehensive data protection law in December 2024 (Law no. 1.565) that is substantially aligned with GDPR and is overseen by the Autorité de Protection des Données Personnelles (APDP), the Monégasque data protection authority. Where personal data is transferred to Monaco in connection with on-site event operations, we ensure that appropriate safeguards are in place, including contractual protections with our venue and on-site service providers. Where we transfer personal data between the UK and EU/EEA for other purposes, we note that the UK has recognised the EU/EEA as providing an adequate level of data protection, and vice versa under current adequacy arrangements. Accordingly, such transfers may take place without additional safeguards being required.

Where we use service providers located outside the UK and EU/EEA — for example, cloud-based platforms hosted in the United States — we ensure that appropriate safeguards are in place. In respect of transfers to the United States, we note that the EU-US Data Privacy Framework and equivalent UK arrangements are in place. Where our US-based service providers are certified under these frameworks, transfers to them may take place on that basis. Where they are not, we rely on the UK International Data Transfer Agreement (IDTA) or EU Standard Contractual Clauses (SCCs), as applicable.

 

10. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by law. Our general retention periods are:

 

privacy-policy

 

Once data is no longer required, it is securely deleted or anonymised.

11. Your Rights

Under UK GDPR and EU GDPR, you have a number of rights regarding your personal data. These are:

Right of access:  You may request a copy of the personal data we hold about you.

Right to rectification:  You may ask us to correct inaccurate or incomplete data.

Right to erasure:  You may request that we delete your data where there is no compelling reason for us to continue processing it.

Right to restrict processing:  You may ask us to limit the way we use your data in certain circumstances.

Right to data portability:  Where we process your data by automated means on the basis of consent or contract, you may request a machine-readable copy to transfer to another provider.

Right to object:  You may object to processing based on legitimate interests or for direct marketing purposes. We must stop processing for marketing purposes if you object.

Rights related to automated decision-making:  You have the right not to be subject to decisions made solely by automated means that have a significant legal or similar effect on you. We do not currently carry out such processing.

Right to withdraw consent:  Where we rely on consent, you may withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.

To exercise any of these rights, please contact us at info@boardsummits.com. We will respond within one month. We may need to verify your identity before acting on your request - in some cases we may ask you to provide a copy of a suitable form of identification to confirm you are who you say you are. This is to protect your data from being disclosed or altered in response to requests made by unauthorised individuals. There is no charge for exercising your rights, unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable fee or decline to act.

 

12. Right to Lodge a Complaint

If you are unhappy with how we handle your personal data, we encourage you to contact us first so that we can try to resolve the matter.

If you remain dissatisfied, you have the right to lodge a complaint with a supervisory authority. As a UK company, our lead supervisory authority is:

Information Commissioner’s Office (ICO)

Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

Website: www.ico.org.uk  |  Helpline: 0303 123 1113

As the event takes place in Monaco, attendees may also contact the Autorité de Protection des Données Personnelles (APDP), the Monégasque data protection authority, at www.apdp.mc. Attendees based in the EU or France may additionally contact the Commission Nationale de l'Informatique et des Libertés (CNIL), the French data protection authority, at www.cnil.fr.

 

13. Security

We take the security of your personal data seriously and implement appropriate technical and organisational measures to protect it from unauthorised access, loss, destruction, or alteration. These measures include:

  • Encryption of data in transit and at rest where appropriate;

  • Access controls limiting who within our organisation can access personal data;

  • Regular review of our data security practices;

  • Due diligence on third-party service providers to ensure they maintain appropriate security standards.

No method of transmission over the internet is completely secure. While we strive to protect your data, we cannot guarantee absolute security and we encourage you to take appropriate steps to protect your own information.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority in accordance with our legal obligations.

 

14. Cookies

Our website uses cookies and similar technologies. A cookie is a small file placed on your device that helps us recognise you, understand how you use our site, and improve your experience.

We use the following types of cookies:

Strictly necessary cookies:  Required for the website to function. These cannot be disabled.

Analytical/performance cookies:  Help us understand how visitors interact with our site. We use these only with your consent.

Marketing cookies:  Used to deliver relevant advertising. We use these only with your consent.

You can manage your cookie preferences through the consent banner displayed when you first visit our website, and at any time via the cookie settings link in our website footer. You may also control cookies through your browser settings.

 

15. Children

BOARD is a professional event and our website and services are directed at adults and business professionals. We do not knowingly collect personal data from individuals under the age of 16. If you believe a child has provided us with personal data without appropriate consent, please contact us at info@boardsummits.com and we will promptly delete it.

 

16. Prohibition of Web Scraping and Unauthorised Data Extraction

Board Summits Ltd holds database producer rights in respect of the content and data compiled on the BOARD website. Unauthorised extraction or reuse of that content, whether in whole or in part, and whether for commercial or non-commercial purposes, is prohibited under the Copyright and Rights in Databases Regulations 1997 (SI 1997/3032) and, for users accessing the website from France or the EU, Articles L 342-1 and L 342-2 of the French Intellectual Property Code (Code de la propriété intellectuelle).

Accessing the BOARD website by automated means is not permitted without our prior written consent. This prohibition covers all forms of automated data collection, including web crawlers, scrapers, bots, spiders, and similar software tools, regardless of how they are configured or deployed. It equally covers manual processes designed to replicate the effect of automated collection at scale. We reserve the right to take technical and legal measures to prevent or respond to any such activity.

Anyone who breaches this prohibition does so at their own risk and will be liable to indemnify Board Summits Ltd for any resulting losses, costs, and expenses, including reasonable legal fees. We also draw attention to Article 323-3 of the French Penal Code (Code pénal), under which the unauthorised introduction, extraction, holding, reproduction, transmission, suppression, or alteration of data held in an automated processing system constitutes a criminal offence carrying a maximum penalty of five years' imprisonment and a fine of €150,000.

 

17. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational matters. When we make significant changes, we will update the ‘Last updated’ date at the top of this policy and, where appropriate, notify you by email or via a notice on our website.

We encourage you to review this policy periodically to stay informed about how we are protecting your information.

 

18. Contact Us

If you have any questions, concerns, or requests relating to this Privacy Policy or the way we handle your personal data, please contact us:

Board Summits Ltd

Company number: 17019177

Email: info@boardsummits.com

71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, U.K. 

We aim to respond to all enquiries within 30 days. For complex or multiple requests, this period may be extended by a further two months, in which case we will let you know.

 

© 2026 Board Summits Ltd. All rights reserved.