Data Privacy Policy

Policy last reviewed – May 2026
Reviewed by – all directors
Policy owner – Jan Carlyle
Next review date – May 2027
Data Protection Controller – Autumn Live Limited

This policy has been updated to incorporate Article 30 of GDPR, 25th May 2018, the Data (Use and Access) Act 2025 and Updated for UK GDPR and AI Use in Events. Autumn Live Limited is committed to protecting your personal data and respecting your privacy. This policy sets out how we collect, use, and store your personal information in line with the UK General Data Protection Regulation (UK GDPR).

Contact Details:
Autumn Live Ltd, Somerset House Exchange, Strand, London WC2R 1LA

Data Protection Officer: Jan Carlyle

Purposes of Processing:

  • Autumn Live Limited processes data for event organisation and marketing campaigns.
  • Autumn Live Limited is the data controller for its own events organisation and marketing campaigns.
  • Autumn Live is the data processor for events organised on behalf of our clients.
  • Autumn Live Limited also is the data processor when sending out marketing comms on behalf of our clients.
  • Autumn Live Limited processes data for HR / Employees wages.

Autumn Live adheres to the directive of 1995, the GDPR act of 25th May 2018, and the Data (Use and Access) Act 2025.

All data collected by Autumn Live is held securely in Airtable, Eventbrite, Mailchimp, Mailerlite, RingCentral Events, Zoom, Todoist, Slido, Survey Monkey and Typeform, as lists, and in MS Excel, Google docs held securely in Dropbox, MS OneDrive or Google Drive. These platforms are all GDPR compliant.

All transfer of data internally is carried out in accordance with this data processing agreement.

Our Legal Basis for Processing

We rely on the following legal grounds under UK GDPR:

Consent – when you opt in to receive communications or provide data for event participation

Legitimate Interests – for running events, internal analytics, marketing and improving attendee experience

Contractual Obligation – where processing is necessary to fulfil a contract with you (e.g. registering you for an event)

Legal Obligation – such as submitting records to HMRC

AI and Automated Processing

We may use AI-driven tools within our event platforms (e.g., for session recommendations, networking suggestions, live chat moderation, or engagement analytics). Where this technology is used:

What It Does: AI may analyse your interactions (e.g. session attendance, responses, or preferences) to personalise your event experience.

Why We Use It: To improve event relevance, networking, and delegate experience.

Legal Basis: We rely on legitimate interests to enhance event functionality and engagement. Where required, we will request explicit consent for AI-driven features.

Your Rights: You can object to AI-driven personalisation or automated decision-making where it produces significant effects. Contact us to opt out.

Note: We do not use AI for fully automated decision-making that has a legal or similarly significant effect on individuals.

We collect data from:

Delegates, speakers, sponsors, exhibitors and attendees and potential attendees of events, as well as our own customers and sales contacts and client’s customers or sales contacts.

What type of data do we collect:

We may process name, job-title, organisation, contact details (phone number, address, email, social media links) and any permissions or preferences you submit to us.

Information we collect about you:

  • You may provide information to us via an enquiry form on our website
  • You may provide information to us by registering for one of the events we organise
  • You may provide information to us by consenting to us sending an electronic update (e-newsletter) regarding an event or programme we organise
  • You may provide information to us by enquiring about one of our services via an email or phone call

By providing us with this information you consent to us sending information to you and expressly consent to us using your personal information in accordance with this privacy policy.

How we use this information:

  • To tell you about events or programmes we are organising (events that you have signed up to attend or have expressed an interest in attending).
  • We may (if delegates consent) share the delegates information with: speakers, sponsors and/or exhibitors at the event.
  • To tell you about services that we or one of our clients offers (where you have given consent to receive such information or there is grounds for legitimate interest).
  • We may share your data with a client, if the data you have given us was collected for an event we have organised on that client’s behalf.
  • We do not pass your data to other organisations or third parties.  We do not sell your data.
  • We may need to pass your data to HMRC for VAT purposes.

How is the information stored and processed:

Data may be stored securely via:

  • Event platforms (e.g. Eventbrite, RingCentral Events, Zoom, Slido)
  • Mailing systems (Mailchimp, MailerLite, Survey Monkey, Typeform)
  • Cloud storage (Dropbox, MS OneDrive, Google Drive)
  • Project management tools (Airtable, Trello, Todoist)

All platforms used are GDPR or UK GDPR compliant. Files are password-protected, and devices are secured through fingerprint recognition or strong passwords.

Organisation Security/Data Transfer:

No electronic method of storage or transmission over the internet is 100% secure.

The data is protected by using passwords when it is transmitted via email.  All computers are accessed securely (through fingerprint recognition or strong password), the data is held in software programmes such as: Airtable, Eventbrite, Mailchimp, Mailerlite, RingCentral Events, Zoom, Todoist, Slido, Survey Monkey, Typeform, Microsoft Office and Google apps and held securely in Dropbox, MS OneDrive or Google Drive, all of which are compliant with GDPR (25 May 2018).

Data Retention

We retain your data for a maximum of 5 years, unless legal obligations require otherwise. You may request deletion at any time.

You can:

  • Request access to the information Autumn Live hold about you at any time
  • Request correction of any inaccurate data Autumn Live hold about you
  • Object to certain types of processing
  • Request any information Autumn Live holds about you to be deleted

If you have any questions

about the information Autumn Live hold about you, please contact the Data Processor: Jan Carlyle, Autumn Live Ltd, Somerset House Exchange, Strand, London WC2R 1LA T: 07813 978870 email: jan@autumnlive.co.uk
You can also contact the Information Commissioners Office (ICO) directly.

If you don’t provide data to us:

If you cannot supply an email address when you are registering for one of our events we cannot register your booking or contact you about updates relating to the event you want to be registered for.


Data protection complaints procedure

1. Purpose and Scope

This procedure outlines how data subjects can raise concerns about the organisation’s handling of their personal data. It applies to all staff, contractors, and processors acting on behalf of the organisation and covers all data protection-related complaints.

2. Submitting a Complaint

Individuals may submit a data protection complaint via Email to complaints@autumnlive.co.uk

3. Stage 1: Acknowledgement

The organisation will acknowledge receipt of the complaint via email within 3–5 working days. The acknowledgment will include the contact details of the person or department handling the investigation.

4. Stage 2: Investigation

The designated investigator Jan Carlyle will:

  • Log the complaint in the organisation’s secure Data Protection Complaints Register
  • Gather relevant files, systems logs, and speak with the staff involved
  • Assess compliance against core principles (Lawfulness, Fairness, Transparency, Data Minimisation)

5. Stage 3: Response and Resolution

The organisation will provide a formal written response within one calendar month of receiving the complaint. If the complaint is highly complex, this may be extended by an additional two months, with prior notification to the complainant. The response will detail the investigation findings, confirm whether the complaint is upheld or not upheld, and outline any corrective actions or procedural improvements implemented.

6. Stage 4: External Escalation

If the complainant is unsatisfied with the internal response, they have the right to escalate their complaint to the relevant supervisory authority. In the UK, this is the Information Commissioner’s Office (ICO).

Scroll to Top