Privacy Policy

Data Privacy Notice

We are Broadsword Event House (“Broadsword”) with registered number 05893488 and address Unit 20 Gardner Industrial Estate BR3 1QZ. Our Data Protection Lead can be contacted at We have produced this privacy notice in order to keep you informed of how we handle your personal data. All handling of your personal data is done in compliance with the General Data Protection Regulation (EU) 2016/679 (“Data Protection Legislation”). The terms “Personal Data”, “Special Categories of Personal Data”, “Personal Data Breach”, “Data Protection Officer”, “Data Controller”, “Data Processor”, “Data Subject” and “process” (in the context of usage of Personal Data) shall have the meanings given to them in the Data Protection Legislation. “Data Protection Lead” is the title given to the member of staff leading our data protection compliance programme in lieu of a requirement for a Data Protection Officer.
What are your rights?
When reading this notice, it might be helpful to understand that your rights arising under Data Protection Legislation include:
The right to be informed of how your Personal Data is used (through this notice);
The right to access any personal data held about you;
The right to rectify any inaccurate or incomplete personal data held about you;
The right to erasure where it cannot be justified that the information held satisfies any of the criteria outlined in this policy;
The right to prevent processing for direct marketing purposes, scientific/historical research or in any such way that is likely to cause substantial damage to you or another, including through profile building; and
The right to object to processing that results in decisions being made about you by automated processes and prevent those decisions being enacted.
You can exercise your right to access personal data held about you by emailing with the subject line: “Subject Access Request”. When you submit a ‘subject access request’, you will need to provide confirmation of your identity by contacting us using the email address associated with your profile. This is provided free of charge and our response will be made within thirty (30) days, unless our Data Protection Lead deems your request as being excessive or unfounded. If this is the case, we will inform you of our reasonable administration costs in advance and/or any associated delays, giving you the opportunity to choose whether you would like to pursue your request. If you believe we have made a mistake in evaluating your request, please see the section ‘Who can you complain to?’.
If you have questions about any of the rights mentioned in this section, please contact our Data Protection Lead at

Who is the Data Controller?
If your data has been passed to us by a third party for processing under their instruction, that third party is the Data Controller. They should have notified you that they would be passing your personal data to us, Broadsword, at the time they collected your data and within their own privacy notices/standards. For a list of Data Controllers that we process personal data for, the section below ‘Third Party Interests’.

What are the lawful bases for processing personal data?
Under Data Protection Legislation, there must be a ‘lawful basis’ for the use of personal data. The lawful bases are outlined in Article 6, Section 1 of the GDPR. They are sub-sections:
‘your consent’;
‘performance of a contract’;
‘compliance with a legal obligation’;
‘protection of your, or another’s vital interests’;
‘public interest/official authority’; and
‘our legitimate interests’.

What are Broadsword’s ‘legitimate interests’?
Legitimate interests are a flexible basis upon which the law permits the processing of an individual’s personal data. To determine whether we have a legitimate interest in processing your data, we balance the needs and benefits to us against the risks and benefits for you of us processing your data. This balancing is performed as objectively as possible by our Data Protection Lead. You are able to object to our processing and we shall consider the extent to which this affects whether we have a legitimate interest. If you would like to find out more about our legitimate interests, please contact

About our processing of your data
We might collect, use, store and transfer different kinds of Personal Data about you which we have grouped together as follows:
Identity Data such as names, usernames or similar; marital status; title; date of birth; sex and gender.
Contact Data such as addresses; email addresses and telephone numbers.
Financial Data such as bank account and payment card information.
Transaction Data such as information about payments and details of purchases you have made.
Technical Data such as IP addresses; login data; browser info; time zone; location; browser plug-ins; operating systems; platforms and other technology on the device used to access this website.
Profile Data such as usernames; passwords; security answers; purchases/orders; interests; preferences; feedback and responses to surveys, blogs and messages.
Usage Data such as analytics relating to how you use the website.
Marketing and Communications Data such as your preferences about receiving communications from us or third parties.
Special Categories of Data such as details about race or ethnic origins, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, genetic or biometric data.
We also collect, use and share Aggregated Data such as statistical or demographic data. Aggregated Data can be derived from your Personal Data but is not itself Personal Data as it cannot be used to reveal your identity. If Aggregated Data is ever used in combination with your Personal Data and becomes identifiable, it will be treated in accordance with this notice.
Broadsword does not collect any Special Categories of Personal Data about you or any information about criminal convictions/offences.
What categories of information about you do we process?
Why are we processing your data?
Where did we get your personal data from?
Business Contracts
Identity Data
Contact Data
Transaction Data
We use your personal data as part of managing and performing our obligations under contract. This processing is conducted lawfully on the basis of ‘performance of a contract’.
Directly obtained, acquired from a public source or through an introduction/referral.
B2B Marketing
Identity Data
Contact Data
Transaction Data
Marketing and Communications Data
We use your personal data to send relevant marketing messages to you as an agent of existing and/or prospective client companies. This processing is conducted lawfully on the basis of ‘our legitimate interests’.
Directly obtained, acquired from a public source or through an introduction/referral.
Delegate Management
Identity Data
Contact Data
We process data on behalf of our clients to perform delegate management services for some of our events, including by providing entry control, name badges and other administration. This processing is conducted lawfully on the basis of ‘performance of a contract’.
Passed to us by the relevant Data Controller (our client).

Data security – how we ensure the security of your data

Broadsword takes the security of client data seriously. We have internal policies and controls in place to protect personal data against loss, accidental destruction, misuse or disclosure, and to ensure that data is not accessed, except by employees in the proper performance of their duties.

Our system is secure and has appropriate permissions set up to restrict access, it also enables us to delete records where appropriate, we use a secure SharePoint system and we have internal policies in place regarding storage of data.

All client data is accessible only by designated staff and is regulated by a permissions system. Anyone who is trying to access the data without the correct permissions will not be able to see any data. Where specific items need to be shared with other members of the team this will be shared as a document from SharePoint and accessible to the person it is shared with for a limited amount of time.

Where we engage third parties to process data on our behalf, such parties do so on the basis of written instructions, are under a duty of confidentiality and are obliged to implement appropriate technical and organisational measures to ensure the security of data.

Data Breaches

If we discover that there has been a breach of client-related personal data that poses a risk to the rights and freedoms of individuals, we will report it to the Information Commissioner within 24 hours of discovery. We will record all data breaches regardless of their effect.

What happens if I refuse to give Broadsword my personal data?
The information about you that we have collected for the performance of our contracts is required in order for us to successfully fulfil our obligations to you. If you choose not to provide the personal data requested, we will not be able to enter into a contract with you to provide the services we offer. If we are already processing your personal information under a contract, you must end our contractual relationship (as/where permitted) in order to exercise some of your rights.

What do we do with Cookies?
Our website uses cookies. A cookie is a small file of letters and numbers that is stored on your device when you visit a website.
Cookies are useful as they help us to provide you with a good experience when you browse our site, for example by storing your preferences and maintaining your shopping cart. They also help us to improve the site. By continuing to browse the site, you are agreeing to our use of cookies, and you accept that cookies (as listed below) may be used. Please note that information gathered by the cookies on our site is anonymous and cannot be used to identify you personally.
We use the following types of cookie:
Strictly necessary cookies. These are cookies that are required for the operation of our website. They include, for example, cookies that enable you to log into secure areas of our website and to use a shopping cart.
Analytical/performance cookies. They allow us to recognise and count the number of visitors and to see how visitors move around our website when they are using it. This helps us to improve the way our website works, for example, by ensuring that users are finding what they are looking for easily. Some of these are third party cookies which analyse website usage.
You can block cookies by activating settings on the website browser that you are using. However, if you use the settings to block all cookies (including essential cookies) you may not be able to fully access all areas of our website.
To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit

What profiling or automated decision making does Broadsword perform?
Broadsword does not perform any profiling or automated decision making based on your personal data.

How long will your personal data be kept?
Broadsword holds different categories of personal data for different periods of time. Wherever possible, we will endeavour to minimise the amount of personal data that we hold and the length of time for which it is held.
If we process your data on the basis of ‘legitimate interests’, we will retain your data for as long as the purpose for which it is processed remains active. We review the status of our legitimate interests every twelve (12) months and will update this notice whenever we determine that either a legitimate interest no longer exists or that a new one has been found.
All categories of personal data that are held by us because they are essential for the performance of a contract, will be held for a period of six years, as determined by reference to the Limitations Act 1980, for the purposes of exercising or defending legal claims.

Who else will receive your personal data?
Broadsword passes your data to the third parties listed in the section ‘Third Party Interests’ below.

International data transfers

Client-related personal data may be transferred to countries outside the EEA to for projects that are based outside the EEA. Data will be limited to items needed for the booking of hotels, flights and other logistical arrangements. Any data that is transferred will be done so using secure electronic methods.

Data Controllers

Name/Category of Third Party Controller
What processing are we performing for them?
If applicable – who is their representative within the EU?
Client Controllers
We provide the services outlined above (‘Delegate Management’)
HMRC, regulatory authorities or other authorities
We are joint Controller with these authorities who require reporting of processing in some situations.

Our Data Processors

Name/Category of Third Party Processor
Purposes for carrying out processing
If applicable – where does data leaving the EEA go and what safeguards are in place?
Internal technology providers
ERP software providers, whose services we use in order to manage our business with you.
Telephony providers.
Office software providers, such as email clients.
In the interests of providing a quality service, we use providers located in the United States. These providers are either Privacy Shield certified or bound by the contractual provisions of the EU Commissions model clauses.
Payment Services Providers
We use these processors so that we can take electronic or card payments securely and without the requirement for you to disclose this data to us.
In the interests of providing a quality service, we use providers located in the United States. These providers are either Privacy Shield certified or bound by the contractual provisions of the EU Commissions model clauses.
Web hosting providers
Website hosting, including the storage of data forming the website content and processing your Technical Data (and Profile Data, where applicable) in order to provide you with access to our websites.
In the interests of providing a quality service, we use providers located in the United States. These providers are either Privacy Shield certified or bound by the contractual provisions of the EU Commissions model clauses.
Marketing technology providers
Providers who enable us to send you our marketing emails
In the interests of providing a quality service, we use providers located in the United States. These providers are either Privacy Shield certified or bound by the contractual provisions of the EU Commissions model clauses.

Who can you complain to?
In addition to sending us your complaints directly to, you can send complaints to our supervisory authority. As Broadsword predominantly handles the personal data of UK nationals, our supervisory authority is the Information Commissioner’s Office. If you believe that we have failed in our compliance with data protection legislation, complaints to this authority can be made by visiting