InfraXmedia (Holdings) Ltd has published an updated Data Protection and Privacy Policy, effective April 25, 2025. The comprehensive policy governs how the company processes personal data across its group of companies, covering customers, business partners, marketing registrants, website visitors, employees, and contractors. The update reflects ongoing compliance with UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations, and evolving international data protection standards in the EEA, USA, Canada, and Latin America.
What Personal Information Is Collected
The policy specifies that InfraXmedia collects various categories of personal information depending on the relationship. For customers and business partners, the company gathers name, email address, phone number, job title, company name, country, business address, and in certain jurisdictions a copy of a passport or residence card. Marketing and event registrants provide contact details along with preferences and professional interests. Website visitors have IP addresses, browser type, device information, and cookies collected via the company's Cookie Policy. Employees and contractors provide data relevant to employment and contractual duties, governed by separate internal policies. The company emphasizes that by entering details in any form, users enable InfraXmedia to deliver the requested services.
How the Information Is Used
InfraXmedia processes personal data under three lawful bases: contractual obligation, legitimate interest, and consent. Legitimate interest is highlighted as a key basis for many business activities, including marketing, event management, media services, and analytics. Under this basis, the company balances its commercial interests against the potential impact on individuals, ensuring that rights and freedoms are not overridden. Specific uses include contacting subscribers for service-related reasons, inviting participation in research studies, sending operational information for events, tracking website traffic to improve user experience, fulfilling subscription orders, providing online communities, measuring promotional effectiveness, planning business activities through aggregated analysis, and managing images such as photographs and videos from events for promotional purposes on company websites and marketing materials.
Marketing Communications and Opt-Out
The policy explains that under UK GDPR, InfraXmedia may contact staff members of corporate entities via business email addresses without prior consent, relying on legitimate interest. However, the company stresses that individuals can opt out at any time using the unsubscribe link in marketing emails or by emailing the data team. The policy also notes that registration with the Telephone Preference Service or Mailing Preference Service does not automatically prevent marketing if the individual subsequently submits personal data via an InfraXmedia site, but the opt-out option remains available at all times.
Sharing Personal Information
InfraXmedia may share data with other companies within its group, including its holding company and subsidiaries. The company will disclose personal data when legally compelled, such as for crime prevention, tax assessment, or in response to a court order, without requiring further consent. In the event of a business sale or acquisition, data may be shared with prospective buyers or sellers on a confidential basis. For events, webinars, whitepapers, and digital downloads, InfraXmedia informs attendees that personal data will be passed to sponsoring third parties for their marketing communications, as well as to speakers who receive questions. The list of current sponsors is published on the company's website. The policy clearly states that data is date and time stamped, and individuals can opt out of sharing by contacting the data team. Importantly, data is only shared with sponsors shown at the time of registration; no data is sold or shared outside this condition.
International Data Transfers
Given the global nature of operations, InfraXmedia may transfer personal data to regions outside the UK and EEA. To ensure adequate protection, the company relies on several mechanisms: adequacy decisions by the UK or EU for countries with equivalent data protection laws, Standard Contractual Clauses (SCCs) approved by regulators, self-certification under the U.S. Data Privacy Framework (DPF) for transfers to the United States, and separate data protection agreements with parties that contractually commit to maintaining high standards. The company also compiles and shares anonymized statistics on website usage, traffic patterns, and user behavior, using third-party services that capture behavioral metrics, heatmaps, and session replay data. These services de-identify IP addresses and store pseudonymized user profiles, with contractual prohibitions against selling the data.
Rights of Access
Under UK GDPR, individuals have the right to access their personal data and verify the lawfulness of processing. A subject access request must be verified by reasonable means, and the individual must specify the information requested. The service is free of charge unless requests are manifestly unfounded or excessive, in which case a reasonable fee covering administrative costs may be charged, or the request may be refused. InfraXmedia aims to respond within one month, extending to two months for complex requests with an explanation. If personal data is incorrect, individuals can request correction by emailing the data team. The policy also outlines that data is held only as long as necessary, up to six years for audit and tax purposes, or longer if legislation requires.
Data Security and Storage
The company has implemented security procedures and technical and organizational measures to safeguard personal information. Access to internal servers is limited to specialist IT suppliers and authorized personnel. Data may be transferred and stored outside the UK and EEA, but InfraXmedia takes all reasonably necessary steps to ensure secure treatment in accordance with the policy. However, the company notes that internet transmission is not completely secure, and users transmit data at their own risk.
IP Addresses and Cookies
The policy collects IP addresses, operating system, and browser type for system administration and aggregate reporting. Cookies are used to personalize browsing experience, with further details available in the separate Cookies Policy.
Policy Updates and Contact
The Privacy Policy may be updated at any time without prior notice to comply with new practices or regulations. Changes are posted on company websites, and continued use after alterations constitutes acceptance. For inquiries or to exercise data rights, individuals can contact the Data Team by email or postal mail at InfraXmedia (Holdings) Ltd, 32-38 Saffron Hill, London EC1N 8FH. Alternatively, the UK Information Commissioner's Office can be contacted via phone, email, live chat, or post at Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF, with the helpline number 0303 123 1113. The full ICO website provides additional details on filing complaints.
Source: Datacenterdynamics News