Privacy policy

Last updated: 28 January 2026

1. INTRODUCTION

1.1 Important information and who we are

Welcome to Boscia Group Limited’s Privacy Policy.

Boscia Group Limited (“we”, “us”, or “our”) is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, share and protect your personal data in accordance with:

  • The UK General Data Protection Regulation (“UK GDPR”)

  • The Data Protection Act 2018

  • All other applicable UK data protection laws

This Privacy Policy also explains your rights and how the law protects you.

We are registered with the UK Information Commissioner’s Office (ICO) as a data controller.
ICO registration number: ZA908701

1.2 Who this policy applies to

This Privacy Policy applies to personal data we collect from:

  • Event attendees and participants

  • Customers and prospective customers

  • Suppliers and partners

  • Business contacts

  • Employees, contractors and consultants

  • Website users

  • Individuals whose professional contact details we obtain in connection with our events and services

2. DATA CONTROLLER AND CONTACT DETAILS

2.1 Data Controller

Boscia Group Limited is the data controller responsible for your personal data.

Registered address:
Building 1000, Cambridge Research Park
Cambridge, CB25 9PD
United Kingdom

2.2 Data protection contact

We have appointed a privacy lead responsible for overseeing data protection matters.

If you have any questions about this Privacy Policy or wish to exercise your legal rights, please contact us at:

Email: dpo@bosciagroup.com

2.3 Complaints

You have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
www.ico.org.uk

We would, however, appreciate the opportunity to address your concerns first — please contact us before approaching the ICO.

3. HOW WE COLLECT YOUR PERSONAL DATA

We collect personal data in the following ways:

  • When you register for or attend one of our events

  • When you engage with us as a customer, sponsor, partner or supplier

  • When you contact us directly (email, phone, forms or meetings)

  • When you subscribe to marketing or event communications

  • Through our website and digital platforms (including cookies, analytics tools and secure event portals)

  • From publicly available sources, including professional networking platforms

  • From third-party data providers and business intelligence platforms that provide professional contact information, where permitted by law

  • Through referrals, introductions or professional recommendations

Where we collect personal data from third-party sources, we take reasonable steps to ensure that those sources are permitted to share the data and that appropriate safeguards are in place.
Where required by law, we will provide individuals with additional information about how their personal data was obtained within a reasonable period after first contact.

4. TYPES OF PERSONAL DATA WE COLLECT

Personal Data” means any information relating to an identifiable individual.

Depending on your interaction with us, we may collect:

  • Identity Data – name, job title, employer, professional background

  • Contact Data – business email address, telephone number, business address

  • Marketing & Communications Data – preferences relating to marketing and event communications

  • Transactional Data – event registrations, attendance records, payments

  • Financial & Billing Data – billing address and payment information (processed securely by third-party payment providers)

  • Technical Data – IP address, browser type, device and platform information

  • Usage Data – information about how you use our website, portals and services

  • Event & Business Insight Data – professional interests, challenges, projects, investment priorities and event participation details

  • Customer Support Data – enquiries, feedback and survey responses

4.1 Aggregated and anonymised data

We may aggregate or anonymise data for research, benchmarking, analysis and reporting. This data does not identify individuals and is not considered personal data under UK GDPR.

4.2 Special category data

We do not intentionally collect special category personal data (such as health data, religious beliefs or political opinions) or criminal offence data.

5. LEGAL BASES FOR PROCESSING PERSONAL DATA

We only process personal data where we have a lawful basis to do so, including:

  • Contractual necessity – where processing is required to deliver events, services or agreements

  • Legitimate interests – where processing is necessary for the operation and growth of our business and does not override your rights

  • Consent – primarily for marketing communications

  • Legal obligations – where processing is required by law

Our legitimate interests include identifying and contacting professionals in relevant roles to invite them to events, share information about our services, and develop professional relationships in a business-to-business context. We consider and balance our legitimate interests against individuals’ rights and expectations and only process personal data where those interests are not overridden.

Where AI tools are used, processing is carried out on the same lawful basis that applies to the underlying activity, typically legitimate interests. Where possible, data is anonymised or aggregated before being processed.

6. HOW WE USE YOUR PERSONAL DATA

6.1 Core uses

We use personal data to:

  • Register and manage event participation

  • Communicate event logistics and related information

  • Facilitate professional introductions between relevant participants

  • Deliver event content and associated services

  • Manage billing and payments

  • Improve our events, services and offerings

  • Conduct research and generate anonymised insights

  • Send marketing and event communications (where permitted)

  • Comply with legal and regulatory obligations

6.2 Attendee profiling and introductions

As part of our events model, we may analyse attendee information to better understand professional interests and to facilitate relevant introductions between participants. This processing is based on legitimate interests and is limited to professional, non-sensitive data.

Participants accessing secure event portals are not permitted to misuse or share personal data beyond the scope of the event.

6.3 Marketing communications

Where permitted by law, we may contact individuals using professional contact details obtained directly, from publicly available sources, or from third-party data providers.

All marketing and event communications include a clear option to opt out. You can unsubscribe at any time using the link provided or by contacting us directly. We carry out all marketing communications in accordance with applicable UK marketing and electronic communications laws.

6.4 Meeting scheduling and professional introductions

To support meetings and professional introductions at our events, we may share limited professional contact details (such as name, company and business email address) with confirmed meeting participants. This processing is necessary and proportionate to arrange meetings, provide joining information, and enable attendees to connect in a professional context.

Where scheduling takes place via third-party event management or meeting-scheduling platforms, only limited professional profile information (such as name, job title, company and profile information) is shared for the purpose of facilitating meetings. Where meetings are scheduled manually using third-party conferencing tools, invitations are issued directly by us. In all cases, we do not disclose contact details beyond what is required for the meeting.

All such sharing is carried out on the basis of legitimate interests and is limited to confirmed participants involved in the relevant meeting or introduction.

6.5 Change of purpose

If we need to use your personal data for a new purpose that is incompatible with the original purpose, we will notify you and explain the lawful basis before doing so.

6.6 Use of Artificial Intelligence (AI) Tools

We may use artificial intelligence (AI) and automation tools to support internal business activities such as research, improving written content, and enhancing the quality and consistency of event-related materials.

Where AI tools are used in connection with profile or attendee information, the data is anonymised or aggregated so that individuals cannot be identified. AI tools are used to assist our teams and do not make automated decisions or produce legal or similarly significant effects on individuals. Human oversight is always maintained.

Any processing involving personal data is carried out in accordance with applicable data protection laws and subject to appropriate safeguards.

7. DATA SHARING AND THIRD PARTIES

7.1 Service providers

We may share personal data with trusted third parties who provide services on our behalf, including event management and meeting-scheduling platforms, payment processors, IT providers, analytics tools and marketing platforms. All such providers are subject to contractual confidentiality and data protection obligations.

7.2 Business transfers

If Boscia Group Limited is involved in a merger, acquisition, sale or restructuring, personal data may be transferred as part of that transaction, subject to appropriate safeguards.

7.3 Legal disclosures

We may disclose personal data where required by law or to protect our legal rights.

8. INTERNATIONAL DATA TRANSFERS

Some of our service providers, including event management and meeting-scheduling platforms, are located outside the UK, including in the United States.

Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including UK adequacy regulations, the UK International Data Transfer Agreement (IDTA), or the UK Addendum to EU Standard Contractual Clauses.

9. DATA SECURITY

We implement appropriate technical and organisational measures to protect personal data, including access controls, secure systems and confidentiality obligations. While no system is completely secure, we take reasonable steps to protect your data.

10. DATA RETENTION

We retain personal data only for as long as necessary for the purposes for which it was collected, including:

  • Event and contractual records – typically up to 7 years

  • Marketing data – until you unsubscribe or object

  • Legal and regulatory records – as required by law

11. YOUR DATA PROTECTION RIGHTS

You have the right to:

  • Be informed about how your personal data is collected and used

  • Access your personal data

  • Request correction or erasure

  • Restrict or object to processing

  • Request data portability

  • Withdraw consent at any time

  • Lodge a complaint with the ICO

Requests can be made by contacting us using the details in section 2.

12. THIRD-PARTY LINKS

Our website may include links to third-party websites. We are not responsible for their privacy practices and encourage you to review their policies.

13. CHANGES TO THIS POLICY

We keep this Privacy Policy under review and will publish updates on our website.

14. ACCEPTANCE

By interacting with Boscia Group Limited, you acknowledge that you have read and understood this Privacy Policy.