Last reviewed: 21 June 2023

Last updated: 21 June 2023

Crystal Interactive is an event services business. This Data Protection Notice is for people attending, either in person or remotely, events for which we provide our services. It sets out what personal data we collect, process and store in connection with an event and how we do so

We require your consent

We collect, process and store personal data of people attending events or intending to attend events. We will only collect, process and store your personal data with your consent and in accordance with applicable data protection law. You can withdraw your consent at any time

What personal data do we collect, process and store?

We may collect, process and store the following types of personal data:

name, gender, date of birth, address, email address, telephone number, job title, company or organisation, biography and profile image;
your personalised event agenda;
unique identifiers such as your username and password (if you register with our website or one of our mobile applications);
location information (if you use one of our devices or mobile applications);
photos of you (if you attend an event that includes photography) or footage or screengrabs drawn from your webcam;
information you submit as feedback, survey responses, enquiries or complaints
We do not collect, process or store any of your sensitive personal data (for example, your race, religion or sexual preference)

You can request what personal data we hold you about and you can request that we correct that personal data

How do we collect your personal data?

We may collect personal data from you before, during or after an event by requesting you to input it using one of our devices, one of our mobile applications, while attending an event, on a registration site or our website. Our devices and mobile applications may track, display, collect, store and share data generated by your participation in an event including your location information during the event and time periods around the event

If you are using one of our mobile applications on your own device, the application will only track your location if you have enabled it to do so

For some events, our client (the business or organisation holding an event) may provide your personal data to us. We require that our client has your consent to disclose your personal data to us for the purposes of the event

What do we use your personal data for?

We only use your personal data for the purposes of providing support services to an event or complying with our legal or regulatory requirements. We will not use your personal data for any marketing purposes

How long do we store your personal data for?

We delete your personal data within 60 days of the event you attended (or intended to) or the expiry of any licence related to any services we provide in connection with that event. You can request deletion of your personal data at any time

After 60 days we delete your personal data from our systems and platforms, however this same data might be archived in backup files of our third party suppliers’ systems who have their own data retention policies over which we have no control. As a result, your personal data will be finally deleted a maximum of 240 days after the end of the contract or licence

How do we process and store your personal data?

We have implemented technical and organisational measures required to comply with applicable data protection law. The measures we use are designed to ensure a level of security appropriate to the risk of processing your personal data

We may use other companies in our group or third party service providers to process your Personal Data. This processing may include activities which take place outside of the UK or the European Economic Area. If this is the case we will ensure appropriate safeguards are in place to protect your Personal Data

You can request information about the third party service providers we use to process and store your personal data

You can request that we restrict how we process and store your personal data

Who can access your personal data?

Our employees, contractors and other personnel will only access and use your personal data to the extent they need to do so to perform a task in connection with our performance of support services we are providing to an event

Who is responsible for your personal data?

Crystal Interactive is the Controller for your personal data collected in connection with an event

In some circumstances, including when we only provide a "self-service" platform to a client (the business or organisation holding an event), our client is the Controller of your personal data collected in connection with an event and Crystal Interactive Limited is a Processor for the client. When we act as a data processor on behalf of a data controller, we collect, process and store your personal data in accordance with the data controller's instructions (which may be specific or general). In these circumstances, you will need to approach the data controller and the data controller's data protection policy will apply

Third party services

Some of the services we provide include applications and technology provided by partners and other third parties. These third parties may also gather information about you in accordance with their own separate privacy policies. For privacy information relating to these other third party services, please consult their privacy policies as appropriate


You can complain to us by emailing

If we fail to resolve your complaint, you can contact the UK's Information Commissioner's Office via their website at or your local data protection authority

Crystal Interactive contact information

Our website is

Employee with overall responsibility for data security: John Phelan, Managing Director

Employee responsible for reporting, identifying risks and action: Lee Borrett, IT & Systems Manager

Our address is Room 5, Ground Floor, 4 Tannery House, Tannery Lane, Send, Woking, Surrey, GU23 7EF


Contact one of our advisors