Let’s Chat

Privacy Policy

We are the BEH Group. Our holding company is BEH Group Limited with registered number 13778039 and address Unit 20 Gardner Industrial Estate BR3 1QZ, UK.

The BEH Group consists of, BEH Group Limited, Broadsword Event House Limited, Broadsword Event House Americas Inc, Broadsword Event House Asia Pacific Ltd.

This policy applies for each company in the BEH Group.

 

Introduction

BEH Group is strongly committed to protecting personal data.

The following privacy notices have been religionised by geographic territory and describe why and how we collect and use personal data and provides information about individuals’ rights. It applies to personal data provided to us, both by individuals themselves or by others. We may use personal data provided to us for any of the purposes described in this privacy statement or as otherwise stated at the point of collection.

For the purpose of transparency, please click on the geographic location in which the BEH Group operate and the geographic location that applies to you. If you are based in the Peoples Republic of China, Hong Kong, Macau, or California, US, please refer to the relevant section below. The defining Privacy Notice will be the United Kingdom if you reside in another geographic location not listed below.

 

United Kingdom – Privacy Notice

We are Broadsword Event House Limited (“Broadsword”, ​“us” or ​“we”) with registered number 05893488 and address Unit 20 Gardner Industrial Estate BR3 1QZ. We have produced this privacy notice in order to keep you informed about our practices regarding the collection, use and disclosure of Personal Data which may be provided to us via our website, associated apps and other digital products we provide or collected through other means such as an online form, email, or telephone communication. In this notice ​“you” refers to any individual whose Personal Data we hold or process (other than our staff).

All handling of your Personal Data is done in compliance with applicable data protection legislation including the UK General Data Protection Regulation 2021 (“UK GDPR”), Data Protection Act 2018. For the purposes of this notice, ​“UK GDPR” means the GDPR as such regulation is adopted into the law of the United Kingdom pursuant to the European Union (Withdrawal Act) 2018 and as amended by the Data Protection Act 2018 and any successor regulation or law.

The terms ​“Personal Data”, ​“Special Categories of Personal Data”, ​“Personal Data Breach”, ​“Data Protection Officer”, ​“Data Controller”, ​“Data Processor”, ​“Data Subject” and ​“process” (in the context of usage of Personal Data) shall have the meanings given to them in applicable data protection legislation.

We will post details of any changes to our notice on our website to help ensure you are always aware of the Personal Data we collect, how we use it, and in what circumstances, if any, we share it with other parties.

Lawful basis on which we process your Personal Data

Under applicable data protection legislation, there must be a ​‘lawful basis’ for the use of Personal Data.

Personal Data we hold about you will be processed either because:

the processing is necessary in order for us to comply with our obligations under a contract between you and us;

the processing is necessary in pursuit of a ​“legitimate interest”;

the processing is necessary to comply with a legal obligation; or

in certain limited circumstances because you have consented to the processing for specific purposes.

 

What are Broadsword’s ​‘legitimate interests’?

Legitimate interests are a flexible basis upon which the law permits the processing of an individual’s Personal Data. To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. You are able to object to our processing and we shall consider the extent to which this affects whether we have a legitimate interest. If you would like to find out more about our legitimate interests, please contact privacy@wearebroadsword.com

 

About our processing of your data

We might collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:

Identity Data such as names, usernames or similar; marital status; title; date of birth; sex and gender.

Contact Data such as addresses; email addresses and telephone numbers.

Communication Data such as a record of any correspondence or communication between you and us.

Financial Data such as bank account and payment card information.

Transaction Data such as information about payments and details of purchases you have made.

Technical Data such as IP addresses; cookies; login data; browser info; time zone; location; browser plug-ins; operating systems; platforms and other technology on the device used to access this website.

Profile Data such as usernames; passwords; security answers; purchases/​orders; interests; preferences; feedback and responses to surveys, blogs and messages.

Marketing and Communications Data such as your preferences about receiving communications from us or third parties.

We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data can be derived from your Personal Data but is not itself Personal Data as it cannot be used to reveal your identity. If Aggregated Data is ever used in combination with your Personal Data and becomes identifiable, it will be treated in accordance with this notice.

Broadsword Event House does not collect any Special Categories of Personal Data about you (such as details about race or ethnic origins, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic or biometric data) or any information about criminal convictions/​offences.

 

Purpose/​Activity Type of data Lawful basis for processing including basis of legitimate interest
When you register with the website or our services Identity Data Performance of a contract with you
Profile Data Necessary for our legitimate interests (to obtain necessary information in order to provide our services)
Contact Data
When you update, cancel or amend your account details Identity Data Performance of a contract with you
Profile Data Necessary for our legitimate interests (for the purposes of providing our services to you)
Contact Data
When we deliver our services to you (including delegate management services for some of our events, such as the provision of entry control, name badges and other administration.) Identity Data Performance of a contract with you
Profile Data Necessary for our legitimate interests (for running our business and to provide you with services requested)
Contact Data
Financial Data
Transaction Data
Communication Data
To manage our relationship with you which will include: (a) Notifying you about changes to our terms or privacy notice (b) Asking you to leave a review or take a survey (c ) When you submit a complaint Identity Data Performance of a contract with you
Profile Data Necessary to comply with a legal obligation
Contact Data Necessary for our legitimate interests (to keep our records updated and to study how customers use the services we provide)
Communication Data
Technical Data
To administer and protect our business, including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data Identity Data Necessary for our legitimate interests (for running our business, provision of administration services, network security, to prevent fraud and in the context of a business reorganisation)
Profile Data Necessary to comply with a legal obligation
Contact Data
Technical Data
B2B Marketing and the use data analytics to improve the website, services, marketing, customer relationships and experiences Identity Data Necessary for our legitimate interests (to send marketing materials and communications to existing and prospective clients, to define types of customers for our services, to keep our website updated and relevant, to develop our business and to inform our marketing strategy)
Profile Data
Contact Data
Marketing & Communications Data
Technical Data

 

Sharing your information

We may disclose information to third parties in the following circumstances:

We may share information within the BEH Group.

We may work with other professionals and providers in providing and delivering our services to you, such as service technology providers.

In order to enforce any terms and conditions or agreements for our services that may apply.

If we are sub-contracting services to a third party we may provide information to that third party in order to provide the relevant services.

We may disclose information to our group companies (as the case may be).

If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation (for example, if required to do so by a court order or for the purposes of prevention of fraud or other crime).

As part of a sale of some or all of our business and assets to any third party or as part of any business restructuring or reorganisation.

To protect our rights, property and safety, or the rights, property and safety of our users or other third parties. This includes exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction.

If we do supply your Personal Data to a third party we will take steps to ensure that your privacy rights are protected and that such third party complies with the terms of this notice.

 

Data security — how we ensure the security of your data

Broadsword takes the security of Personal Data seriously. We have internal policies and controls in place to ensure that appropriate technical and organisational measures are carried out to safeguard information, protect Personal Data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not unlawfully accessed.

These measures may include (as necessary):

protecting our servers by both hardware and software firewalls;

locating our data processing storage facilities in secure locations;

encrypting all data stored on our server with an industry standard encryption method that encrypts the data between your computer and our server so that in the event of your network being insecure no data is passed in a format that could easily be deciphered;

when necessary, disposing of or deleting your data so it is done so securely;

regularly backing up and encrypting all data we hold;

ensuring our system has appropriate permissions set up to restrict access.

We will ensure that our employees are aware of their privacy and data security obligations. Where we engage third parties to process data on our behalf, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

 

Data Breaches

If Personal Data we hold about you is subject to a breach or unauthorised disclosure or access, we will report this to the Information Commissioner’s Office (ICO) as necessary.

If a breach is likely to result in a high risk to your data rights and freedoms, we will notify you as soon as possible.

We will record all data breaches regardless of their effect.

 

What happens if I refuse to give Broadsword Event House my Personal Data?

The information about you that we have collected for the performance of our contracts is required in order for us to successfully fulfil our obligations to you. If you choose not to provide the Personal Data requested, we will not be able to enter into a contract with you to provide the services we offer. If we are already processing your personal information under a contract, you must end our contractual relationship (as/​where permitted) in order to exercise some of your rights.

 

What do we do with Cookies?

Our website uses cookies. A cookie is a small file of letters and numbers that is stored on your device when you visit a website.

Cookies are useful as they help us to provide you with a good experience when you browse our site, for example by storing your preferences and maintaining your shopping cart. They also help us to improve the site.

We are required to obtain your consent to use cookies.

We use the following types of cookie:

  1. a) Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website and to use a shopping cart.
  2. b) Analytical/​performance cookies. These are used for analytics, for instance they allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. Some of these are third party cookies which analyse website usage.

On your first visit to our website from your browser we will display a banner to notify you that we are using cookies. We will only load the Strictly Necessary until you have clicked the ​“Accept” button on our cookies banner. If you click the ​“Accept” button our Analytical/​performance cookies will be loaded.

You can block cookies by activating settings on the website browser that you are using. However, if you use the settings to block all cookies (including strictly necessary cookies) you may not be able to fully access all areas of our website.

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit www.allaboutcookies.org. If you would like to know exactly which cookies are set by us and/​or which third party cookies we use, please contact us.

 

What profiling or automated decision making does Broadsword perform?

Broadsword does not perform any profiling or automated decision making based on your Personal Data.

 

How long will your Personal Data be kept?

Broadsword holds different categories of Personal Data for different periods of time. Wherever possible, we will endeavour to minimise the amount of Personal Data that we hold and the length of time for which it is held.

If we process your data on the basis of ​‘legitimate interests’, we will retain your data for as long as the purpose for which it is processed remains active. We review the status of our legitimate interests every twelve (12) months and will update this notice whenever we determine that either a legitimate interest no longer exists or that a new one has been found.

All categories of Personal Data that are held by us because they are essential for the performance of a contract, will be held for a period of six years, as determined by reference to the Limitations Act 1980, for the purposes of exercising or defending legal claims.

The retention periods stated in this notice can be prolonged or shortened as may be required (for example if there is an on-going investigation into the data).

We review the Personal Data (and the categories of Personal Data) we are holding on a regular basis to ensure the data we are holding is still relevant to our business and is accurate. If we discover that certain data we are holding is no longer necessary or accurate, we will take reasonable steps to correct or delete this data as may be required.

If you wish to request that data we hold about you is amended or deleted, please refer the section below which explains your privacy rights.

 

Your privacy rights

You have the following rights in respect of Personal Data we hold about you:

The right to be informed You have a right to know about our Personal Data protection and data processing activities, details of which are contained in this notice.

The right of access You can make what is known as a Data Subject Access Request (“DSAR”) to request information about the Personal Data we hold about you (free of charge, save for reasonable expenses for repeat requests or complex requests). If you wish to make a DSAR please contact us as described below.

The right to correction Please inform us if information we hold about you is incomplete or inaccurate in any way and we will update our records as soon as possible, but in any event within one month.

We will take reasonable steps to communicate the change to any third parties to whom we have passed the same information.

The right to erasure (the ​‘right to be forgotten’) Please notify us if you no longer wish us to hold Personal Data about you (although in practice it is not possible to provide our services without holding your Personal Data). Unless we have reasonable grounds to refuse the erasure, on receipt of such a request we will securely delete the Personal Data in question within one month. The data may continue to exist in certain backup, but we will take steps to ensure that it will not be accessible.

We will communicate the erasure to any third parties to whom we have passed the same information.

The right to restrict processing You can request that we no longer process your Personal Data in certain ways, whilst not requiring us to delete the same data.

The right to data portability You have right to receive copies of Personal Data we hold about you in a commonly used and easily storable format (please let us know a format which suits you). You may also request that we transfer your Personal Data directly to third party (where technically possible).

The right to object Unless we have overriding legitimate grounds for such processing, you may object to us using your Personal Data if you feel your fundamental rights and freedoms are impacted. You may also object if we use your Personal Data for direct marketing purposes (including profiling) or for research or statistical purposes. Please notify your objection to us and we will gladly cease such processing, unless we have overriding legitimate grounds.

Rights with respect to automated decision-making and profiling You have a right not to be subject to automated decision-making (including profiling) when those decisions have a legal (or similarly significant effect) on you. You are not entitled to this right when the automated processing is necessary for us to perform our obligations under a contract with you, it is permitted by law, or if you have given your explicit consent.

Right to withdraw consent If we are relying on your consent as the basis on which we are processing your Personal Data, you have the right to withdraw your consent at any time. Even if you have not expressly given your consent to our processing, you also have the right to object (see above).

You can exercise your right to access Personal Data held about you by emailing privacy@wearebroadsword.com with the subject line: ​“Data Subject Access Request”. When you submit a DSAR you will need to provide confirmation of your identity by contacting us using the email address associated with your profile. This is provided free of charge and our response will be made within thirty (30) days, unless our Data Protection Officer Lead deems your request as being excessive or unfounded. If this is the case, we will inform you of our reasonable administration costs in advance and/​or any associated delays, giving you the opportunity to choose whether you would like to pursue your request. If you believe we have made a mistake in evaluating your request, you have the right to lodge a complaint in accordance with the section ​“Contact Us”.

 

International data transfers

There will be circumstances in which certain Personal Data is transferred outside of the UK or EEA, in particular:

To our group companies which are based outside of the UK or EEA.

From time to time, some of our data processors (such as third party payment processors or hosting server providers), may be based outside of the UK or EEA. In that case, we will ensure we have an agreement in place with such processors to provide adequate safeguards and a copy of such safeguards will be available on request.

If you use our site while you are outside the UK or EEA, your information may be transferred outside the UK or EEA in order to provide you with our services.

We may communicate with individuals or organisations outside of the UK or EEA in delivering our services (for instance if the project is based outside of the UK/EEA) and those communications may include Personal Data (such as contact information).

From time to time your information may be stored in devices which are used by our staff outside of the UK or EEA (but staff will be subject to our cyber-security policies).

If we transfer your information outside of the UK or EEA and the third country or international organisation in question has not been deemed by the EU Commission or Secretary of State (as the case may be) to have adequate data protection laws, we will provide appropriate safeguards and we will be responsible for ensuring your privacy rights continue to be protected as outlined in this notice. If you would like to obtain details of the safeguards we have put in place then please contact us.

 

Contact us

If at any time you would like to contact us with your views about our privacy practices, or with any enquiry or complaint relating to your Personal Data or how it is handled, you can do so by contacting privacy@wearebroadsword.com

If we are unable to resolve any issues you may have or you would like to make a further complaint, you can contact the Information Commissioner’s Office by visiting http://www.ico.org.uk/ for further assistance.

 

People’s Republic of China – Privacy Notice

BEH Group is strongly committed to protecting personal information. This Statement explains what information we gather about you, what we use that information for, and who we give that information to. It also sets out your rights in relation to your information and who you can contact for more information or queries.

“BEH Group”, ​“we”, ​“us” and ​“our” refer to BEH Group subsidiaries operating in Mainland China, Hong Kong and Macau.

BEH Group have appointed a designated representative for Data Protection purposes and the contact details are at the bottom of this statement.

  1. Scope

The privacy of your personal information is important to us. This Statement describes how BEH Group handles personal information collected through our websites, social media platforms, applications, products and/​or services provided by BEH Group operating in Mainland China, Hong Kong and Macau (referred to as ​“BEH Group Services”).

Some BEH Group Services provided by BEH subsidiaries may have Privacy Statements that differ from this one and/​or contain additional information as required under local laws. Please refer to the relevant Privacy Statements in order to understand how they process your personal information.

Many of our BEH Group Services require some personal data to be collected. If you choose not to provide us with the personal data necessary to enable us to provide such product/​service, you may not be able to use that product/​service.

In this Statement, your information is sometimes called ​“personal data” or ​“personal identifiable information” or ​“personal information”. We also sometimes collectively refer to handling, collecting, protecting or storing your personal information as ​“processing” such personal information. This Statement applies to any personal data provided to us, and any personal data created in connection with our BEH Group Services.

For personal data collected in Mainland China: If you are providing personal data of other individuals, please make sure that:

(i) the personal data is from a legitimate and lawful source;

(ii) the other individuals are aware of the purpose(s) for collecting his/​her personal data and all other relevant arrangement described in this Statement relating to the processing and use of personal data, and that he/​she has consented to such disclosure and data processing.

We may contact you to inquire and confirm with you in relation to (i) and (ii) above. If you receive such an enquiry from us, please kindly assist and provide us with prompt response. We may have to discontinue the BEH Group Services if we are unable to obtain the verification needed.

By using our BEH Group services and providing personal information to us, you acknowledge that you have read this Statement, and subject to your explicit consent which we may separately seek from you as may be required by applicable law, you consent to the terms of this Statement (including international transfers as set out in this Statement to countries outside where you are located).

If you do not agree with the terms in this Statement and have concerns about the categories of personal data, we require from you, please do not provide any personal information to us without contacting us.

If you are an individual based in the European Economic Area (“EEA”) and the European Union General Data Protection Regulation (“GDPR”) is applicable to BEH Group in providing the BEH Group Services in question, we may rely on legal basis other than consent to process your personal information as set out in Appendix 1.

  1. Collection of personal information

When you use our BEH Group services, we may collect information about you including through cookies and analytics tools. We may collect personally identifiable information about you either directly from you, or by combining information we collect and maintain through other means (such as client relationship management systems or identification and access management systems, including IP addresses) or as we may receive from publicly available sources such as social media or other third-party sites.

2.1 Categories of Personal Data

The personal information we collect may include:

name, current job title, name of employer, email address, contact numbers, or your location (country / city) when you:
(a) subscribe to receive communications from us, create a user profile, or send an inquiry through our websites; or
(b) register for our webinars / webcast / events. At the time of your registration, you might also be asked for your postal address and whether or not you would like to be informed of upcoming webinars / webcasts via the contact information you provided and/​or through your postal address. We use registration information for internal research and analysis purposes to help us understand who is viewing our webcasts, and become better equipped to serve your needs;

your social network ID, such as WeChat ID and LinkedIn profile URL, when you register as an alumni. Any personal information that an alumnus submits to us will only be used to maintain contact with that alumnus, and will not be disclosed to any third party without your express permission;

name and email address, when you access our applications (such as when you respond to a survey or access specific content);

name, correspondence address, email address, national identification details, for purpose of performing our pre-engagement acceptance checks (which may include conflicts, anti-money laundering or other regulatory-related checks) and these are necessary for us to fulfil such checks; and in the course of providing our products and/​or services to you/​your organisation/​your employer when it is necessary for business purposes.

information which you have made publicly available on your social networking account, such as your name and your interests in our products and services, when you interact with us on our pages at social networking sites. The social networking sites may provide statistics and insights to us which help us understand the types of actions that people take on our pages. Where applicable, we and the social media site(s) have entered into an arrangement which determines our respective responsibilities;

content that you provide, including but not limited to postings on any blogs, forums, wikis and other social media applications and services that we may provide;

certain personal identification information (e.g. your national ID number) may be requested for security purposes before you are granted access to our premises;

any other additional information you choose to provide to us (e.g. your working history), for instance, when you use any ​“Contact Us” feature of our BEH Group Services, as part of the registration process, register a user account, and/​or create and update your user profile.

It is our policy that you are only required to supply us with the minimum scope of personal information that is necessary for us to complete your request and/​or to provide you our BEH Group Services (“Necessary Personal Information”). You may voluntarily provide us with additional personal information we ask for, which will help us to improve BEH Group Services and to better serve your needs. Failure to provide us with such additional personal information will not negatively affect your use of BEH Group Services.

2.2 Sensitive personal information

We do not usually seek personal sensitive information (e.g., data relating to personal ID, personal asset, race or ethnic origin, religious beliefs, criminal record, physical or mental health, or sexual orientation) from visitors to our websites.

As indicated in 2.1 above, we may however collect certain categories of personal data, which may be regarded as sensitive personal data under relevant laws in Mainland China for purposes of conducting pre-engagement checks and for security purposes (granting access to our premises).

We will not collect and process your sensitive personal data unless we have obtained your explicit consent as may be required under applicable law.

  1. Use of personal information

For Necessary Personal Information we collect, we will use it to complete your specific request and/​or to provide you the BEH Group Services, which may further include:

to provide, administer, manage and develop different functions of our products/​services, such as conducting pre-engagement acceptance checks prior to providing those products/​services;

to communicate with you, such as responding to your enquiry and/​or request; confirming and authenticating your identity in order to prevent unauthorised access to restricted areas of the site, content, or other services; determining the organisation that you work for or with which you are otherwise associated and staying in touch with our business contacts;

to manage our business, such as operating and maintaining our operations and quality of our services; conducting quality and risk management reviews; operating and maintaining our IT systems; maintaining the security of data and our services; sorting and analysing user data, conducting surveys, or for benchmarking and data analysis; maintaining our client relationship management systems; understanding how people use the features and functions of our BEH Group Services in order to improve user experience and providing you with information about us and our range of products/​services as explained in more detail in section 4 below; and

to comply with any requirement of laws, regulation, or any government authority or agency, regulator, or a professional body of which we are a member; or to conduct any action to meet our obligations or those of any BEH Group Member Firms

For personal information that is not Necessary Personal Information we collect, we will use it to improve the BEH Group Services, to develop different functions of our products/​services and to better serve your needs.

We will only use the personal information collected for the above purposes where we have a lawful basis for such processing, including obtaining any prior consent as may be required under applicable law.

  1. Marketing

We may send you communications including publications from time to time, technical updates, upcoming events/​seminars/​webcasts, or surveys, BEH Group’s latest insights and activities in major business and industry areas which may be of interest to you, and products or services that you request from us.

Where we are legally required to obtain your consent to provide you with marketing materials, we will only send marketing materials if you have given consent for us to do so.

  1. Third party links

Our BEH Group Services may link to third-party sites not controlled by BEH Group and which do not operate under BEH Group’s privacy practices. BEH Group assumes no responsibility for the information practices of these third-party sites that a user is able to access through ours. When you link to third-party sites, BEH Group’s privacy practices no longer apply. We encourage visitors to review each third-party site’s privacy policy before disclosing any personally identifiable information.

  1. Security of personal information

We have implemented generally accepted standards of technology and operational security in order to protect personally identifiable information from loss, misuse, alteration or destruction. Only authorised persons are provided access to personal information collected via the BEH Group Services; such individuals have agreed to maintain the confidentiality of this information.

Although we use appropriate security measures once we have received your personal data, the transmission of data over the internet (including by e‑mail) is never completely secure. We endeavour to protect personal data, but we cannot guarantee the security of data transmitted to or by us.

Where a personal information security incident arises, we shall respond to the incident, assess the likely impact of the incident, and take necessary actions to bring the incident under control. Where necessary, we will report to the appropriate authority, notify you of the incident and provide relevant information, as may be required under applicable laws and regulations.

  1. Cookies

Cookies may be placed on your computer or device whenever you visit us online for BEH Group Services. Cookies are small text placed on our device that assist us in providing a more customised experience. If you are concerned about cookies, most browsers permit individuals to decline cookies. In most cases, you can refuse a cookie, however some functionality may be impaired. You can always delete cookies if you wish via your browser’s setting.

  1. Transfers of personal information

Your personal data may be transferred to, processed by and stored with, the following classes of transferees/​categories of recipients for the purposes as described in this Statement:

8.1 Network Member Firms

As BEH Group is a global network with Member Firms around the world, your personal information may be transferred to other BEH Group Member Firms (and their respective subsidiaries and affiliates). Other BEH Group Member Firms may process your personal information on behalf of the Data Controller2 for the same purposes as set out herein. In addition, each BEH Group Member Firm whom you share your information may determine jointly with other BEH Group Member Firms the means of processing of your personal information.

8.2 Third party service providers

Your information may also be transferred to third party service providers that are not members of the BEH Group network to process on a BEH Group Member Firm’s behalf. We may transfer or disclose the personal data we collect to third party contractors or subcontractors of BEH Group Member Firms (and their respective subsidiaries and affiliates), as well as other third parties, which may include providers of IT services, identity management, website hosting and management, data analysis, data back-up and archiving, security and storage services (including cloud service providers), event management, and other services with respect to the operation of our business. We use such third parties to support us in providing our BEH Group Services.

When we transfer your personal data to third parties, we do so for the purposes stated under this Statement, for the administration and maintenance of websites and associated systems, and/​or other internal or administrative purposes.

It is our policy to use only third party service providers that are bound to maintain appropriate levels of security and confidentiality and process personal information only as instructed by us pursuant to the contract between us. Subject to the foregoing, third party service providers may also use their respective subsidiaries and affiliates, and their own third party subcontractors that have access to personal data (sub-processors) to meet purposes of disclosure and/​or transfer.

8.3 Other disclosures

We may also disclose personal information to third parties under the following circumstances:

when explicitly requested by you including delivering publications or reference materials as requested by you;

when required to facilitate conferences or events hosted by a third party or co-hosted with a third party which you have registered for; personal information may be collected via event registration forms and the type of information collected will vary. We may share such information with third parties for purposes connected to the event;

when BEH Group is involved in a merger, acquisition, or sale of all or a portion of its assets; and/​or

as otherwise set out in this Statement.

We may also disclose your personal information to law enforcement, regulatory and other government agencies and authorities, professional bodies and other third parties, as required by and/​or in accordance with applicable law or regulation. This may include disclosures outside the country or region where you are located.

8.4 International transfers

As BEH Group is a global organisation with Member subsidiaries and third party service providers located around the world, your personal information may be transferred to and stored outside the country or region where you are located. BEH Group Member Firms, our service providers and sub-processors they engage may use servers and other resources in various countries and territories to process your information.

Such jurisdictions may have different data protection laws. It is our policy to use only third party service providers that are bound to maintain appropriate levels of security and confidentiality and process personal information only as instructed by BEH Group. This may include confidentiality agreements with parties that we commission to handle personal information, requiring them to process personal information in accordance with our requirements, this Statement and any other relevant confidentiality and security measures.

We will take steps to ensure that your personal information is adequately protected within the territory of the People’s Republic of China. For example, we may ask for your consent to the transfer of personal information across borders, or to implement security measures such as data de-identification prior to cross-border data transfer.

Since we provide BEH Group Services through resources and servers around the world, your personal information may be transferred to foreign jurisdictions outside Mainland China unless restricted under applicable laws and regulations or specifically agreed by agreement.

Where we collect personal information from within the EEA, in circumstances where the GDPR is applicable to BEH Group in providing the BEH Group Services in question, please refer to Appendix 1.

8.5 Transfer of business

This Statement discusses information practices of BEH Group in the ordinary course of its business. BEH Group reserves the right to transfer all data in its possession to a successor-in-interest to its business or assets.

We will require such successor-in-interest to continue to be bound by this Statement, otherwise they will be required to seek your consent.

  1. Retention of personal information

It is our policy to retain personal data only for as long as is necessary for the fulfilment of the purposes for which the data are to be used, or as required by law, regulation or professional standards and in order to establish, exercise or defend our legal rights.

We keep contact information (such as mailing list information) until a user unsubscribes or requests that we delete that information. If you choose to unsubscribe from a mailing list, we may keep certain limited information about you so that we may honour your request.

  1. Access to data & Rights in relation to your information

You may have certain rights under applicable laws in relation to the personal information we hold about you, including:

Right to enquire and request for copy of certain categories of personal information, including basic information, identification information, health information (if applicable) and education information;

Right to update/​correct your personal information which is inaccurate;

Right to request deletion of your personal information;

Right to request cancellation of your account; and

Right to withdraw consent to processing your personal information (to the extent such processing is based on consent and consent is the only permissible basis for processing). Should your consent withdrawal be effective, we will no longer process the corresponding personal information. However, your decision to withdraw your consent will not affect the processing of personal information previously based on your authorisation.

If you would like to exercise any of these rights, please contact our Privacy Team. We will treat your requests in accordance with applicable legal requirements.

We may charge a fee for your request to access your information, if permitted by applicable law.

If you are an individual based in the EEA and GDPR is applicable to BEH Group in providing the BEH Group Services in question, you may be entitled to additional rights (see Appendix 1).

  1. Children

We are committed to protecting children’s privacy. The BEH Group Services are not intentionally designed for or directed at children, and we do not knowingly collect or store personal information about children. In the case of collecting personal information of a child in Mainland China under the age of 14 (i.e. a minor), we will only use or publicly disclose such information if we have obtained explicit consent of the minor’s parent or guardian. We will protect the confidentiality and security of children’s personal information in accordance with relevant applicable laws and regulations.

  1. Contact us

If you wish to submit a request to exercise your rights, under applicable privacy law, or have questions about how your information is handled at any time, or to make complaints, please send your request to our Privacy Team based in China as our designated representative privacy.asiapacific@wearebroadsword.com

When requested, and provided that it is practical and commercially feasible to comply with the request, we will reply to your request within 30 days or such time as prescribed under applicable law.

Should you not be satisfied with the way BEH Group has resolved your concern, you have the right to complain to the data protection authority in your territory.

  1. Changes to this Statement

We may need to update this Statement from time to time to comply with applicable law and regulations or other legitimate purposes. We may also separately advise you about the change. Subject to obtaining your explicit consent as may be required by applicable law, the new modified privacy statement will apply from that revision date. Therefore, we encourage you to review this Statement periodically to be informed about how we are protecting your information.

Appendix 1: Applicable only to Individuals based in the EEA

Appendix 1 of this Statement applies if you are an individual based in the EEA regardless of nationality or your employer or authorised representative is providing your personal data to us from a country in the EEA, and the GDPR is applicable to BEH Group in providing the BEH Group Services in question.

Legal grounds for processing personal information

We process personal data for the purposes set out in this Statement, as described above. For the purposes of complying with the GDPR, we do not need to collect your consent in order to process your personal data (except in limited circumstances where we process your special categories of personal data, where we may sometimes require your consent, in which case we will obtain your consent). Instead, we rely on one or more of the following processing conditions:

These are the principal legal grounds that justify our processing of your information:

Contract performance: where your information is necessary to enter into or perform our contract with you.

Legal and regulatory obligation: where we need to use your information to comply with our legal and regulatory obligations.

Legitimate interests: where we use your information to achieve a legitimate interest and our reasons for using it outweigh any prejudice to your data protection rights.

Legal claims: where your information is necessary for us to defend, prosecute or make a claim against you, us or a third party.

Employment legal obligations and rights: where our legal duties as employers necessitate the processing.

Consent: where you have consented to our use of your information.

We justify our use of personal data in the manner set out in clause 3 of this Statement above as follows:

(a) To provide you with our products/​services:

Use justification: contract performance, legitimate interests (to enable us to provide our products/​services).

(b) For communication with you:

Use justification: legitimate interests (to enable us to effectively communicate with you).

© For managing our business:

Use justification: legitimate interests including:

to enable us to provide ongoing information about our products and services;

to monitor satisfaction and views of our clients, customers and business partners etc. and help us grow our business;

to ensure the smooth operation of our internal management and IT infrastructure processes;

Use justification: legal and regulatory obligations and legal claims (to enable us to cooperate with law enforcement and regulatory authorities).

(d) Others: For compliance with laws and other legal obligations and policies

Use justification: legal and regulatory obligations, legitimate interests (to enable us to achieve a consistent approach to compliance across our business).

International Transfers of Personal Data

Our business may require us to transfer your personal data to countries outside the EEA, including countries that may not provide the same level of data protection as your home country. Where we collect personal data from within the EEA, transfer outside the EEA will be only:

to a recipient located in a country which provides an adequate level of protection for your personal information; and/​or

under an agreement which covers the EU requirements.

Please contact us at the contact details in this Statement if you would like to see a copy of the specific safeguards to export of your personal information.

Your Rights

Subject to limitations in applicable law, you are entitled to object to or request the restriction of processing of your personal data, and to request access to, rectification, erasure and portability of your own personal data.

Where the use of your personal data is based on consent, you can withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

You may also have the right to object to any processing based on the legitimate interests ground if our reasons for undertaking that processing outweigh any prejudice to your data protection rights.

Whilst a complaint is being investigated, you have the right to restrict how we use your information.

Your exercise of these rights is subject to certain exemptions to safeguard public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). If you exercise any of these rights, we will check your entitlement and respond in most cases within a month.

If you are not satisfied with our use of your personal data or our response to any exercise of these rights, you have the right to lodge a complaint with a relevant supervisory authority.

  1. ​“Member Firm” means an entity within the worldwide BEH Group, each of which is a separate and independent legal entity.
  2. ​“Data Controllers” of personal information are one or more of the BEH Group Members Firms, that either alone or jointly or in common determines the purposes and means of the processing of personal data.

Generally, the Data Controller for the personal data is the BEH Group subsidiary operating in Mainland China, Hong Kong and Macau providing the relevant BEH Group services unless specified otherwise (e.g. by way of contracts).

United States of America – Privacy Notice

This notice provides and outlines the Broadsword Event House Americas Inc, (the Company) privacy policy regarding the nature, purpose, use, and sharing of any Personally Identifiable Information (PII) collected via this website. Our privacy policy explains our information practices when you provide PII to us, whether collected online or offline, or when you visit us online to browse, obtain information, or conduct a transaction. PII may include: your name, email, mailing and/​or home address, phone numbers, or other information that identifies you personally. We do not require you to register or provide personal information to visit our website.

The PII you provide on the Company website will be used only for its intended purpose. We will protect your information consistent with the principles of the Privacy Act of 1974.

Personally Identifiable Information

As a general rule, the Company does not collect PII about you when you visit our website, unless you choose to provide such information to us. Submitting PII through our website is voluntary. By doing so, you are giving the Company your permission to use the information for the stated purpose. However, not providing certain information may result in the Company’s inability to provide you with the service you desire.

If you choose to provide us with PII on a Company website, through such methods as completing a web form or sending us an email, we will use that information to help us provide you the information or service you have requested or to respond to your message. The information we may receive from you varies based on what you do when visiting our site.

Generally, the information requested by the Company will be used to respond to your inquiry or to provide you with the service you request. When this information is requested, the reasons for collecting it, a description of the Company’s intended use of the information, how to grant consent to use mandatorily provided information, and how to grant consent for other than statutorily mandated uses will be fully described in a separate customized ​“Privacy Notice.” This customized Privacy Notice will either appear on the web page collecting the information or be accessible through a hyperlink (link) prominently displayed immediately above or below the information request.

Email

Many of our programs and websites allow you to send us an email. We will use the information you provide to respond to your inquiry. We will only send you general information via email. You should be reminded that email may not necessarily be secure against interception. Therefore, we suggest that you do not send sensitive personal data (such as your Social Security number) to us via email. If your intended email communication is very sensitive, or includes information such as your bank account, credit card, or Social Security number, you should instead send it by U.S. mail. Another alternative may be submission of data through a secure web page, if available.

Categories of information the Company collects on its websites are further described below.

Automatically Collected Information

We collect and temporarily store certain information about your visit for use in site management and security purposes only. We collect and analyze this information because it helps us to better design our website to suit your needs. We may also automatically collect information about the web content you view in the event of a known security or virus threat. This information includes:

The Internet domain from which you access our website (for example, ​“xcompany.com” if you use a private Internet access account, or ​“yourschool.edu” if you connect from an educational domain);

The Internet Protocol (IP) address (a unique number for each computer connected to the Internet) from which you access our website;

The type of browser (e.g., Firefox, Internet Explorer, Chrome) used to access our site;

The operating system (e.g., Windows, Mac OS, Unix) used to access our site;

The date and time you access our site;

The Universal Resource Locators (URLs), or addresses, of the pages you visit;

Your username, if it was used to log in to the website; and

If you visited this website from another website, the URL of the forwarding site.

We may share the above information with our employees or representatives with a ​“need-to-know” in the performance of their official duties, other Federal agencies, or other named representatives as needed to quickly process your request or transaction. This information is only used to help us make our site more useful for you. Raw data logs are retained temporarily as required for security and site management purposes only. More information about how we share information can be found in our Privacy Act Systems of Records Notices.

Third-Party Websites and Applications

The Company uses social media websites and other kinds of third-party websites. The Company uses social media websites to interact with foreign constituencies and engage in public diplomacy worldwide. Social media websites are used to publicize embassy and Company events, and engage with members of the public in foreign countries. The Company also uses web measurement and customization technologies to measure the number of visitors to our websites and their various sections and to help make our websites more useful to visitors. In such cases, the third-party application may request an email address, username, password, and geographic location (e.g., State, region, or ZIP code) for account registration purposes. The Company of State does not use third-party websites to solicit and collect PII from individuals. Any PII passively collected (i.e., not solicited) by the third-party website will not be transmitted or stored by the Company; no PII will be disclosed, sold or transferred to any other entity outside the Company, unless required for law enforcement purposes or by statute.

The Company uses various types of online surveys to collect opinions and feedback from a random sample of visitors. Primarily, state.gov uses the ForeSee Results’ American Customer Satisfaction Index (ACSI) online survey on an ongoing basis to obtain feedback and data on visitors’ satisfaction with the state.gov website. This survey does not collect PII. Although the survey invitation pops up for a random sample of visitors, it is optional. If you decline the survey, you will still have access to the identical information and resources at the state.gov site as those who do take the survey. The survey reports are available only to state.gov managers and other designated staff who require this information to perform their duties. The Company may use other limited-time surveys for specific purposes, which are explained at the time they are posted.

The Company retains the data from the ACSI survey results as long as needed to support the mission of the state.gov website.

Information Collected for Tracking and Customization (Cookies)

A cookie is a small file that a website transfers to your computer to allow it to remember specific information about your session while you are connected. Your computer will only share the information in the cookie with the website that provided it, and no other website can request it. There are two types of cookies:

Session: Session cookies last only as long as your web browser is open. Once you close your browser, the cookie is deleted. Websites may use session cookies for technical purposes such as to enable better navigation through the site, or to allow you to customize your preferences for interacting with the site.

Persistent: Persistent cookies are saved on a user’s hard drive in order to determine which users are new to the site or are returning, and for repeat visitors, to block recurring invitations to take the ForeSee satisfaction survey.

If you do not wish to have session or persistent cookies stored on your machine, you can turn cookies off in your browser. You will still have access to all information and resources at Company websites. However, turning off cookies may affect the functioning of some Company websites. Be aware that disabling cookies in your browser will affect cookie usage at all other websites you visit as well.

Security

The Company takes the security of all PII very seriously. We take precautions to maintain the security, confidentiality, and integrity of the information we collect at this site. Such measures include access controls designed to limit access to the information to the extent necessary to accomplish our mission. We also employ various security technologies to protect the information stored on our systems. We routinely test our security measures to ensure that they remain operational and effective.

We take the following steps to secure the information we collect:

Employ internal access controls to ensure that only personnel who have access to your information are those with a need to do so to perform their official duties.

Train appropriate personnel on our privacy and security policies and compliance requirements.

Secure the areas where we retain paper copies of the information we collect online.

Perform regular backups of the information we collect online to ensure against loss.

Use technical controls to secure the information we collect online including, but not limited to:

Secure Socket Layer (SSL)

Encryption

Firewalls

Password protections

Periodically test our security procedures to ensure personnel and technical compliance.

Employ external access safeguards to identify and prevent unauthorized access by outsiders that attempt to ​“hack” into, or cause harm to, the information contained in our systems.

We hold our contractors and other third-party providers to the same high standards that we use to ensure the security, confidentiality, and integrity of personal information they may have access to in the course of their work completed on behalf of the Company.

Interaction With Children Online

The Company is committed to the protection of children’s online privacy. The Children’s Online Privacy Protection Act (COPPA) governs information gathered online from or about children under the age of 13. Verifiable consent from a child’s parent or guardian is required before collecting, using, or disclosing personal information from a child under age 13. If a Company website intends to collect information about children under 13 years old, COPPA-required information and instructions will be provided by the specific web page that collects information about the child. The web page will specify exactly what the information will be used for, who will see it, and how long it will be kept.

Visiting Other Websites

Our website contains links to international agencies, private organizations, and some commercial entities. These websites are not within our control and may not follow the same privacy, security, or accessibility policies. Once you link to another site, you are subject to the policies of that site. All Federal websites, however, are subject to the same Federal policy, security, and accessibility mandates.

Privacy Policy Contact Information

We welcome feedback if you have any questions regarding our privacy policy or the use of your information. The Company’s privacy compliance materials are available at anytime. Please contact us at Privacy@wearebroadsword.com or mail us at

Broadsword Event House Americas Inc

99 Wall Street,

Suite 1250,

New York,

NY 10005

United States of America — California Consumer Privacy Act (CCPA)

This CCPA NOTICE FOR CALIFORNIA RESIDENTS (“Notice”) supplements the information contained in the Privacy Policy of the BEH Group and Broadsword Event House Americas Inc. and its affiliates (collectively, ​“Broadsword,” ​“Company,” ​“we,” ​“us,” or ​“our”) and applies solely to visitors, users, and others who reside in the State of California (“consumers” or ​“you”). We adopt this Notice to comply with the California Consumer Privacy Act of 2018 (CCPA) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this Notice.

Information We May Collect

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“Personal Information”). In particular, we may have collected the following categories of Personal Information from consumers within the last twelve (12) months:

Category Examples Collected
A. Identifiers. A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers. YES
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. YES
C. Protected classification characteristics under California or federal law. Age (40 years or older), race, colour, ancestry, national origin, citisenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). NO
D. Commercial information. Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. NO
E. Biometric information. Genetic, physiological, behavioural, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. NO
F. Internet or other similar network activity. Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement. NO
G. Geolocation data. Physical location or movements. NO
H. Sensory data. Audio, electronic, visual, thermal, olfactory, or similar information. NO
I. Professional or employment-related information. Current or past job history or performance evaluations. YES
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. NO
K. Inferences drawn from other personal information. Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behaviour, attitudes, intelligence, abilities, and aptitudes. NO

Personal information does not include:

Publicly available information from government records.

De-identified or aggregated consumer information.

Information excluded from the CCPA’s scope, like:

Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data.

Personal Information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We obtain the categories of Personal Information listed above from the following categories of sources:

Directly from you from the information you provide to us. For example, from your communications and dealings with us.

Directly and indirectly from activity on our website (www.Broadsword.com). For example, from submissions through our website portal or website usage details collected automatically, or from employment applications submitted through our website.

Directly from you via sales. For example, processing and fulfilling orders or requests for customer support.

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

To fulfil or meet the reason for which the information is provided. For example, if you share your name and contact information to request a price quote or ask a question about our products or services, we will use that personal information to respond to your inquiry.

To provide you with information that you request from us.

To provide you with support and to respond to your inquiries.

To provide you with email alerts, event registrations and other notices concerning our products, events, or news, which may be of interest to you.

To review and process employment applications.

To improve our website and present its contents to you.

As necessary or appropriate to protect the rights, property or safety of us, our clients or others.

To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.

As described to you when collecting your personal information or as otherwise set forth in the CCPA.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

Category A: Identifiers.

Category B: California Customer Records personal information categories.

Category C: Protected classification characteristics under California or federal law.

Category I: Professional or employment-related information.

We disclose your personal information for a business purpose to the following categories of third parties:

Our affiliates.

Service providers, such as for sales, marketing, customer service, data storage, and employment applications.

Third parties to whom you or your agents authorise us to disclose your personal information in connection with products or services we provide to you.

In the preceding twelve (12) months, we have not sold any personal information. We do not share, sell, rent, or trade your personal information with third parties for their commercial purposes.

Your Rights and Choices

The CCPA provides consumers (California residents) with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past twelve (12) months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

The categories of personal information we collected about you.

The categories of sources for the personal information we collected about you.

Our business or commercial purpose for collecting or selling that personal information.

The categories of third parties with whom we share that personal information.

The specific pieces of personal information we collected about you (also called a data portability request).

If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:

sales, identifying the personal information categories that each category of recipient purchased; and

disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.

Deletion Request Rights

You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.

Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.

Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.

Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).

Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.

Comply with a legal obligation.

Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either:

Email using the links contained in this notice.

Calling our office: 917 672 8539

Only you or a person registered with the California Secretary of State that you authorise to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.

You may only make a verifiable consumer request for access or data portability twice within a twelve (12)-month period. The verifiable consumer request must:

Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorised representative.

Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

Response Timing and Format

We will respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the twelve (12)-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

Personal Information Sales Opt-Out and Opt-In Rights

If you are 16 years of age or older, you have the right to direct us to not sell your personal information at any time (the ​“right to opt-out”). We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorisation (the ​“right to opt-in”) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to personal information sales may opt-out of future sales at any time.

To exercise the right to opt-out, you (or your authorised representative) may submit a request to us by visiting the following Internet Web page link:

DO NOT SELL MY PERSONAL INFORMATION

Once you make an opt-out request, we will wait at least twelve (12) months before asking you to reauthorise personal information sales. However, you may change your mind and opt back into personal information sales at any time by contacting us at privacy.americas@wearebroadsword.com with the subject header: Opt-In to Personal Information Sales and providing your name and contact information.

Non-Discrimination

We will not discriminate against you (as provided in applicable law) for exercising any of your CCPA rights.

Contact Information

If you have any questions or comments about this Notice, our Privacy Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us via the options above or at:

Broadsword Event House Americas Inc

99 Wall Street,

Suite 1250,

New York,

NY 10005

privacy.americas@wearebroadsword.com

Other California Privacy Rights

The California ​“Shine the Light” law gives residents of California the right under certain circumstances to request information from us regarding the manner in which we share certain categories of personal information (as defined in the Shine the Light law) with third parties for their direct marketing purposes. We do not share your personal information with third parties for their own direct marketing purposes.

Changes to Our Privacy Notice

We reserve the right to amend this Notice at our discretion and at any time. When we make changes to this Notice, we will notify you through a notice on our website homepage. Your continued use of our website following the posting of changes constitutes your acceptance of such changes.

Contact Information

If you have any questions or comments about this Notice, our Privacy Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights, please do not hesitate to contact us via the options above or at:

Broadsword Event House LTD

Unit 20 Gardner Industrial Estate,

Kent House Lane,

Beckenham,

BR3 1QZ

privacy@wearebroadsword.com