InfraXmedia (Holdings) Ltd, the parent company of a group of media and event management firms, has released an updated Data Protection and Privacy Policy, effective April 25, 2025. The policy applies to all companies within the InfraXmedia group and aims to provide clearer guidance on how personal data is collected, processed, and shared across its operations in the UK, EEA, USA, Canada, and Latin America.
Scope and Applicability
The policy governs the processing of personal data for customers, business partners, marketing and event registrants, website visitors, employees, and contractors. InfraXmedia (Holdings) Ltd, registered in England with company number 14354660 and headquartered in London, acts as the data controller for the group. The policy is designed to comply with UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003, and other relevant legislation.
InfraXmedia’s websites include hyperlinks to third-party sites, and the company states it does not accept responsibility for the privacy practices of those external platforms. Users are encouraged to review the privacy policies of any third-party websites they visit.
Types of Personal Information Collected
The policy distinguishes between categories of data subjects. For customers and business partners, InfraXmedia may collect name, email address, phone number, job title, company name, country, and business address. In certain jurisdictions, proof of identity such as a passport or residence card may be required.
Marketing and events registrants provide similar contact details along with preferences and professional interests. Website visitors’ IP addresses, browser types, device information, and cookies are collected. Employees and contractors have separate internal policies governing their data, but the group still processes personal data relevant to employment and contractual obligations.
Legal Bases for Processing
InfraXmedia processes personal data under three main legal bases: contractual necessity, legitimate interest, and consent. The policy emphasises legitimate interest as a cornerstone for many of its business activities, including marketing, event management, media services, and analytics. Under legitimate interest, the company believes it has a justified reason to process data to deliver better services and a secure experience, while balancing potential impacts on individuals.
The policy states: “Our legitimate business interests do not automatically overwrite your interests. We will not use your personal data for activities where our interests are overridden by the impact on you, unless we have your consent or are otherwise required to do so by law.” This approach allows InfraXmedia to send tailored marketing to corporate subscribers via business email addresses without prior consent, provided it respects opt-out requests.
Specific Uses of Personal Data
InfraXmedia outlines several ways it processes data: sending service-related communications, inviting participation in research, providing operational information for events (such as badges and app access), tracking website traffic, fulfilling subscriptions, managing online communities, evaluating promotional campaigns, analysing aggregated behaviour for business planning, and using images and recordings from events for promotional purposes. The company notes that photography, video, and audio content captured at its events may be used across InfraXmedia websites and marketing materials.
Marketing Communications and Opt-Out
The policy clarifies that under UK GDPR, InfraXmedia can contact individuals at corporate email addresses on a legitimate interest basis without prior consent, as long as the processing does not disproportionately impact the data subject. However, every marketing and product email includes an unsubscribe link. Recipients can also opt out by emailing the data team at dataprivacy@infraxmedia.com.
An important nuance is that registration with the Telephone Preference Service (TPS) or Mailing Preference Service (MPS) does not automatically prevent InfraXmedia from contacting an individual if the person subsequently submits personal data via an InfraXmedia website or data capture form. In such cases, the submission is interpreted as temporary consent for marketing, but the individual can opt out at any time.
Data Sharing with Third Parties
InfraXmedia may share personal data with other companies within its group, as well as with holding and subsidiary companies. It will disclose data when required by law, for crime prevention, or for tax assessment, without requiring further consent. In the event of a business sale or asset purchase, data may be disclosed to prospective buyers or sellers on a confidential basis.
A key provision concerns events, webinars, and digital downloads. InfraXmedia informs attendees that it will pass personal data to sponsoring third parties listed on its partners page at the time of registration. Speakers who receive questions during digital broadcasts may also receive attendee data. The policy explicitly states: “We do not share or sell data outside of this condition.” The list of current sponsoring partners is maintained at https://www.datacenterdynamics.com/en/dcd-partners.
All data sharing is date and time stamped. Individuals who wish to opt out of sharing must email the data team. InfraXmedia cautions that some partners may be located outside the UK and EEA and may have less stringent data protection laws. To safeguard data in international transfers, the company relies on adequacy decisions from the UK or EU, Standard Contractual Clauses (SCCs), the U.S. Data Privacy Framework (DPF) for its US-based business, and separate data protection agreements where necessary.
Statistical Data and User Analytics
The company compiles anonymous, aggregated statistics on website usage, traffic, and user behaviour. This information helps improve services and is shared with advertisers. InfraXmedia also uses third-party analytics services that capture behavioural metrics, heatmaps, session replays, device IP addresses (de-identified after session), screen sizes, browser information, geographic location (country only), and preferred language. The data is stored in pseudonymised profiles, and InfraXmedia only works with partners contractually prohibited from selling the data.
User Rights and Access Requests
Under UK GDPR, individuals have the right to access their data. InfraXmedia handles subject access requests free of charge, unless the request is manifestly unfounded or excessive, in which case a reasonable fee may be charged or the request refused. The company aims to respond within one month, extending to two months for complex requests with an explanation. Individuals can request correction of inaccurate data by contacting the data team.
Data Security and Retention
Personal data may be transferred and stored outside the UK and EEA. InfraXmedia states it takes all reasonable steps to ensure security, but acknowledges that internet transmission is not completely secure. Internal servers are protected by technical and organisational measures, with access limited to specialist IT suppliers and personnel. Data is retained only as long as necessary for the purpose for which it was collected, though audit and tax requirements may necessitate retention for up to six years or longer if legislation mandates it.
Cookies and IP Addresses
The policy notes that IP addresses, operating systems, and browser types are collected for system administration and aggregate reporting. Cookies are used to personalise browsing experiences, and users are directed to a separate Cookie Policy for further details. Statistical data about browsing actions does not identify individuals.
Contact and Complaints
For questions or complaints, InfraXmedia can be reached by email or post at: The Data Controller, The Data Team, InfraXmedia (Holdings) Ltd, 32-38 Saffron Hill, London EC1N 8FH. The policy also provides the contact details of the UK Information Commissioner’s Office (ICO) for unresolved complaints. The ICO can be contacted by phone at 0303 123 1113 or via its website. The policy was last updated on 25 April 2025.
InfraXmedia’s revised privacy framework reflects a broader trend among media groups to align with evolving data protection regulations while maintaining flexibility for legitimate business operations. By clearly delineating lawful bases, international transfer safeguards, and user opt-out mechanisms, the company aims to build trust while continuing to deliver targeted content and event experiences to a global audience.
Source: Datacenterdynamics News