Privacy Policy

Definitions: These definitions should help you understand this privacy notice:

When we say “we,” “us,” and “our,” we are referring to Hg3 Conferences Limited.

When we say “you,” we are referring either to anyone or to some other person who visits any of our websites or web pages.

“personal data” means any information that identifies or can be used to identify you directly or indirectly, including, but not limited to, first and last name, date of birth, email address, gender, occupation or other demographic information.


Introduction: Hg3 Conferences are committed to protecting your information and privacy. This notice, together with other important personal information including our terms and conditions and data protection information can be viewed on our Hg3 Conferences company website: see and explains how we use and process personal information collected.

This notice may change from time to time, changes will be incorporated on this Privacy Notice. Please review it periodically. The most recent privacy notice will also be published on our Hg3 Conferences company website see:

All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this privacy notice or other notice on our Hg3 Conferences company website see:

Background: This privacy notice is to provide important information to you, as a data subject, about our use of your personal data.

This is in accordance with and as we are required to by the General Data Protection Regulation (the “GDPR”).

This notice explains the what, how, and why of the personal data we collect when you use our services.

We will always use clear, user-friendly language in our privacy notice to make this notice as accessible as possible.

We take your privacy extremely seriously, and we never sell lists or email addresses. We understand that privacy is important to you and that you care about how your personal data is processed.

We respect and value the privacy of all of our data subjects and will only collect and use personal data in the way that is described in this privacy notice and that it is in a way that is consistent with our legal obligations under the GDPR and your rights under current law


Scope: This GDPR data subject privacy notice is effective with respect to any personal data that we have collected, or will be collecting, about and/or from you.

In line with GDPR this privacy notice includes: clarity on what data we have, how we use it, why we need it and who has access to it: details of who to contact if you have any concerns: updates to the choices you have over how we use your data.

We also describe measures taken to protect security of information provided.

Please read it carefully to understand our views and practises about why personal information is collected and processed by us.

Information about Hg3 Conferences Limited: We are an event management company trading as a limited company.

We operate from our trading address which is 4, Dragon Road, Harrogate, North Yorkshire, HG1 5DF.

We can be contacted by email at or by telephone on 01423 529333

Our company is registered in England with the company number 07420956 Our registered address is 23 North Park Road, Harrogate, North Yorkshire, HG1 5PD

Our VAT registration number is 979 8578 19


What does this privacy notice cover? This privacy notice explains how we use your personal data, how it is collected, how it is securely held and also explains your rights under the current law relating to personal data.

Data protection: Your personal data will be held by us. The GDPR applies to ‘controllers’ and ‘processors’.

For the purposes of the GDPR we are the data processor and we have been engaged to work for the data controller.


What and who is the controller? The controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. The data controller determines the purposes and means of processing personal data.

The data controller is the client with which we are engaged to work for, by way of a signed and agreed contract, to process personal data on their behalf.

What and who is the processor? The processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data controller.

We are the data processor responsible for processing personal data on behalf of the data controller.


What is personal data? Personal data, is in simple terms information we hold about you that enables you to be identified.

Personal data is defined by the GDPR as meaning any information relating to an identifiable person, the data subject, who can be directly or indirectly identified in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

This definition provides for a wide range of personal identifiers to constitute personal data, reflecting changes in technology and the way organisations collect information about people.


What is processing? Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

What are your rights? Under the GDPR, you have rights which we will always work to uphold.

You have the right:

  • to be informed about how we collect and use your personal data and this is one of the most important rights under the GDPR. This means that the data subject should be told what personal data we hold about them, what we use that personal data for, the legal basis for using it, how long we will hold it and whether we will share the personal data with anyone and with whom.
  • to access the information, we hold about you.
  • to rectification and have your information corrected if any of your personal data held by us is incorrect or incomplete.
  • to erasure also known as the right to be forgotten, you can ask us to delete or otherwise dispose of the information we have on you.
  • to restrict the processing of your personal data
  • to data portabilitythat allows you to ask us for a copy of your personal data to re-use with another service or business (consent only)
  • to object to us using your personal data for a particular purpose or purposes (legitimate interest only)
  • related to automated decision making including profiling.

For more information about your rights relating to your personal data or exercising your rights as outlined above, please contact us in writing by using the contact details provided below. Further information about your rights can be obtained from the Information Commissioner’s Office.

What personal data do we collect? We collect several types or items of personal data, this may vary according to the requirements of the data controller. e.g. we may collect your name, date of birth, gender, address, email address, telephone number, business name, job title, profession, payment information.


Lawful basis for processing: We process your personal data as it is necessary to perform our contracted agreement with the data controller.

The law on data protection sets out a number of reasons, the lawful basis, for which a company may collect and process your personal data.
The intended purposes for processing personal data for our data controller includes event management and membership.

The lawful basis Hg3 Conferences use for our business service of data processing is consent and legitimate interests.

‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which the data subject, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them.

For membership purposes we use consent, where we collect and process your data with your consent, for example when you are a fully paid up member and for all other purposes including event management we use legitimate interest.

For event management and other situations, we use legitimate interest, where we require your data to pursue our legitimate business interests in a way which might be reasonably expected as part of running our business and which does not materially impact your rights, freedoms or interests. For example, we may use your event attendance history to send you future related event invitations


How do we use personal data? Under the GDPR we must have a lawful basis for using personal data.

All the personal data we process relates to a contracted agreement we have with the data controller and because there is a business interest to use it.

Your personal data will be used in the process of communicating with you in relation a contracted agreement by responding to emails or calls from you and in order for Hg3 Conferences to supply the agreed contracted services to you.


How long will we keep personal data? The information you submit will not be kept for any longer than is needed.

The length of time will depend upon whether the data controller has a business need for keeping the information, we will keep your personal data for as long as they need it and/or if the law requires that we keep the information for a particular length of time.

We will retain your information for as long as your account is active or as long as needed to provide you with our services.

We may also retain and use your information in order to comply with our business legal obligations, resolve disputes, prevent abuse, and enforce our agreements.

Whilst we may keep it to comply with our legal obligations, we may also need to respond to queries and resolve any disputes to meet our legitimate interests and to enforce our rights.

We will also use criteria such as applicable contractual provisions that are in force, legal statutory limitation periods, applicable regulatory requirements and industry standards.


How and where do we store or transfer personal data? We only store personal data in the UK, this means that it will be fully protected under the GDPR


Safeguarding your personal data: Robust security has always been a crucial part of everything we do.

We take reasonable and appropriate measures to protect personal date from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into account the risks involved in the processing and the nature of the personal data.

The personal data we handle is dealt with properly, whether it is recorded on paper or stored electronically with all our data being held on a secure encrypted server. All our terminals are also securely encrypted and we are constantly updating our IT systems in line with the recommended manufacturers latest security updates.

We will take all steps reasonably necessary to ensure that your data is treated in accordance with this privacy notice.


Notice of breach of security: If a security breach causes an unauthorised intrusion into our system that materially affects you then we will notify you as soon as possible and later report the action we took in response.


Use of personal data: We may use and disclose personal data to promote services to you:

  • If you use any of our services and we think you might benefit from using another service we offer, we may send you an email about that. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email we send.
  • to send you informational and promotional content in accordance with your marketing preferences. You can stop receiving our promotional emails by following the unsubscribe instructions included in every email.
  • to bill and collect money owed to us by you This includes sending you emails, invoices, receipts, notices of delinquency, and alerting you if we need a different credit card number.
  • we use third parties for secure credit card transaction processing, and we send billing information to those third parties to process your orders and credit card payments.
  • to meet legal requirements, including complying with court orders, valid discovery requests, valid subpoenas, and other appropriate legal mechanisms.
  • to provide information to representatives and advisors, including lawyers and accountants, to help us comply with legal, accounting, or security requirements.
  • to respond to lawful requests by public authorities, including to meet security or legal requirements.
  • to transfer your information in the case of a sale, merger, consolidation, liquidation, reorganization, or acquisition. In that event, any acquirer will be subject to our obligations under this privacy notice, including your rights to access. We will notify you of the change either by sending you an email or posting a notice on our company website:


Combined personal data: We may combine personal data with other information we collect or obtain about you, such as information we source from our data controller, to serve you specifically, such as to deliver a product or service according to your preferences or restrictions, or for advertising or targeting purposes in accordance with this privacy notice.

When we combine personal data with other information in this way, we treat it as, and apply all of the safeguards in this privacy notice applicable to, personal data.


Do we share personal data? We may disclose personal data to third service providers for the purposes as described in this notice.

Sometimes, we share your information with our third-party service providers, who help us provide and support our services. As with all third parties we work with, these third-party service providers enter into an agreement that requires them to use your personal data only for the provision of services to us and in a manner that is consistent with this privacy notice. Examples of service providers include payment processors, hosting services and content delivery services.


Links to third-party websites: Our websites include links to and from other websites, whose privacy practices may be different from ours.

If you submit personal data to any of those sites, your information is governed by their privacy notice. We encourage you to carefully read the privacy notice of any website you visit.


Accuracy of personal data: We do our best to keep your personal data accurate and up to date, to the extent that you provide us with the information we need to do so.

If your personal data changes (for example, if you have a new email address), then you are responsible for notifying us of those changes.

How can you access your personal data? You have rights in connection with your personal (see earlier) that include the following: to withdraw consent where you have given it, to be informed, and have access to your personal data. To correct or complete inaccurate data, and in certain circumstances restrict, request erasure, object to processing or request portability of your personal data to another organisation.

Consequently, if you want to know what personal data we have about you, you can ask us for the details, please contact us in writing by email or post, see How do you contact us? Below. This is known as a data access request and add into the email subject header or address your letter that it relates to a Data Access Request. We will give you access to any personal data we hold about you within 30 days of any request for that information. We will always try to ensure that we deliver the best levels of customer service.

If you do need or want to get in touch with us for any other reason regarding your data protection rights, please also get in touch in writing by email or post, see How do you contact us? below and add into the email subject header or address your letter that it relates to your Data Protection Rights. You may also request to correct, amend or delete information we hold about you again please contact us by email or post. Unless it is prohibited by law, we will remove any personal data about you from our servers at your request.

There is no charge for an individual to access or update their personal data.


Questions and concerns: If you have any questions or comments, or if you want to update, delete, or change any personal data we hold, or you have a concern about the way in which we have handled any privacy matter please contact us by using either the email or postal address see How do you contact us? below.


How do you contact us? To contact us with any matters relating to your personal data and data protection including to make a data access request please write to Hg3 Conferences using one of the following: Email: and Postal Address: 4, Dragon Road, Harrogate, North Yorkshire, HG1 5DF


Changes to this privacy notice: We may change this privacy notice at any time and from time to time, this may be necessary due to changes in the GDPR or we change our business.

We will review regularly the way that we collect and use personal data. This does mean that we may change what kind of information we collect, how we use it, how we store it and who we share it with. As a result of any review we may need to amend the privacy notice.

The most recent privacy notice will be published on our Hg3 Conferences company website see: All updates and amendments are effective immediately upon notice, which we may give by any means, including, but not limited to, by posting a revised version of this privacy notice or other notice on our Hg3 Conferences company website see:

We encourage you to review this notice often to stay informed of changes that may affect you, as your continued use of our websites signifies your continuing consent to be bound by this privacy notice.

Our electronically or otherwise properly stored copies of this privacy notice are each deemed to be the true, complete, valid, authentic, and enforceable copy of the version of this privacy notice which were in effect on each respective date you visited one of our websites.