New Privacy Policy Enhances Transparency and User Control

InfraXmedia (Holdings) Ltd, the parent company of a group of media and event management firms, has published an updated Data Protection/Privacy Policy that takes effect on April 25, 2025. The policy, which applies to all companies within the InfraXmedia group, aims to provide clearer guidance on how personal data is collected, used, and shared, while reinforcing the organization’s commitment to compliance with UK data protection laws, including the UK GDPR, the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003.

Scope and Applicability

The policy covers all individuals who interact with InfraXmedia companies, including customers, business partners, event attendees, website visitors, and employees. It explains that InfraXmedia (Holdings) Ltd acts as the data controller on behalf of the entire group, with its registered office at 32-38 Saffron Hill, London. The company emphasizes that it processes personal data only when there is a lawful basis, such as contractual necessity, legitimate interest, or explicit consent.

Types of Data Collected

The updated policy details several categories of personal data that may be collected. For customers and business partners, this includes name, email address, phone number, job title, company name, country, and business address. In certain jurisdictions, the company may also require a copy of a current passport or residence card for identity verification. For marketing and events registrants, InfraXmedia gathers contact details, preferences, and professional interests. Website visitors may have their IP address, browser type, device information, and cookies recorded. The company maintains separate internal policies for employee and contractor data.

Legal Bases for Processing

InfraXmedia relies on three primary lawful bases under UK GDPR. First, contractual necessity applies when processing is required to fulfill an agreement with the individual, such as delivering a subscription or event registration. Second, legitimate interest is used for activities like marketing, event management, media services, and analytics, where the company’s business interests are balanced against the individual’s rights. The policy stresses that legitimate interest does not automatically override user rights, and InfraXmedia conducts balancing assessments to ensure fairness. Third, consent is obtained where required, particularly for sensitive processing or where data protection law mandates explicit permission.

The policy provides examples of legitimate interest processing, including sending tailored marketing communications, fraud prevention, website security, and traffic analysis. InfraXmedia notes that it will not use personal data for interests that are overridden by the impact on individuals without consent or legal requirement.

Marketing Communications and Opt-Out

Under UK GDPR, InfraXmedia can contact staff members of limited companies, public limited companies, incorporated partnerships, trusts, foundations, and government institutions via corporate email addresses without prior consent, relying on legitimate interest. The policy states that this approach is permissible provided there is no disproportionate impact on the data subject. However, the company offers an easy opt-out method via an unsubscribe link in all marketing and product emails, or by emailing the data team directly. The policy also addresses the Telephone Preference Service and Mailing Preference Service, noting that subsequent submission of personal data after registration on those services is interpreted as temporary consent.

Data Sharing and International Transfers

InfraXmedia may share personal data within its group of companies, with holding companies and subsidiaries, and with third-party service providers. The policy confirms that data will be disclosed if required by law, for crime prevention or detection, or for tax assessment. In the event of a business sale or acquisition, data may be shared with prospective buyers on a confidential basis. For events, webinars, and digital downloads, InfraXmedia passes attendee personal data to sponsoring third parties for their marketing purposes, as disclosed at registration. The company maintains a public list of sponsors on its website.

International data transfers are governed by adequacy decisions from the UK or EU, Standard Contractual Clauses (SCCs), or the U.S. Data Privacy Framework (DPF) for transfers to the United States. InfraXmedia has self-certified its U.S.-based business under the DPF, which replaced the Privacy Shield program. Additional data protection agreements may be required with certain partners.

The policy also notes that aggregated, anonymized statistics may be shared for website usage analysis, and third-party services that capture behavioral metrics, heatmaps, and session replay are used to improve user experience. These services store de-identified IP addresses and device information, with contractual prohibitions against selling data.

User Rights and Data Access

Individuals have the right to access their personal data to verify the lawfulness of processing. Subject access requests must be verified by reasonable means, and InfraXmedia will respond within one month, with a possible extension of up to two months for complex requests. The company may charge a reasonable fee or refuse to respond if requests are manifestly unfounded or excessive. Requests to correct inaccurate data can be sent to the data team, and updates will be made as soon as practicable.

Data Security and Retention

InfraXmedia has implemented technical and organizational measures to safeguard personal data, with access to internal servers limited to specialized IT personnel and suppliers. Data is retained only as long as necessary for the purposes for which it was collected, with a typical retention period of up to six years for audit and tax purposes, or longer if required by law. When data is no longer needed, it is securely erased or disposed of.

The policy acknowledges that transmission of information over the internet is not completely secure, and while the company takes reasonable steps, users assume some risk when submitting data online.

Cookies and IP Addresses

InfraXmedia uses cookies to provide a personalized browsing experience and to collect statistical data about user behavior, such as browsing actions and patterns. IP addresses, operating system, and browser type are used for system administration and aggregate reporting. The company refers users to its separate Cookie Policy for more details.

Policy Updates and Contact Information

The policy may be updated at any time without prior notice, and any changes are posted immediately on InfraXmedia websites. Users are deemed to accept the updated terms upon continued use. For questions or concerns, individuals can contact the Data Controller via email or post at the London address. The policy also provides contact details for the UK Information Commissioner’s Office for complaints or further guidance.

This update reflects InfraXmedia’s ongoing commitment to data protection compliance and transparency, aligning with evolving regulatory standards in the UK and beyond. The company encourages users to review the policy regularly and to exercise their rights, including the right to withdraw consent or object to processing where applicable.

Source: Datacenterdynamics News