InfraXmedia Group Updates Data Protection and Privacy Policy
InfraXmedia (Holdings) Ltd, the parent company of the InfraXmedia group of companies, has announced an updated Data Protection and Privacy Policy, effective April 25, 2025. The policy outlines how the organization collects, uses, stores, and shares personal data across its global operations, including in the UK, EEA, USA, Canada, and Latin America. The update reflects ongoing compliance with UK GDPR, the Data Protection Act 2018, the Privacy and Electronic Communications Regulations 2003, and other applicable data protection laws.
Scope of the Policy
The policy applies to all companies within the InfraXmedia group. InfraXmedia (Holdings) Ltd, registered in England with company number 14354660 and headquartered at 32-38 Saffron Hill, London EC1N 8FH, acts as the data controller on behalf of the group. The document covers the types of personal information collected from customers, business partners, marketing and events registrants, website visitors, and employees or contractors. For employees and contractors, separate internal policies govern additional data processing activities.
Types of Personal Data Collected
InfraXmedia collects a range of personal data depending on the relationship with the individual. For customers and business partners, the company gathers name, email address, phone number, job title, company name, country, and business address. In certain jurisdictions, a copy of a current passport or residence card may also be required. For marketing and events registrants, the company collects contact details, preferences, and professional interests. Website visitors have their IP address, browser type, device information, and cookies processed, with further details provided in a separate Cookie Policy. Employees and contractors provide data relevant to employment and contractual obligations.
Legal Bases for Processing
The policy identifies three primary lawful bases for processing personal data: contractual necessity, legitimate interest, and consent. Where processing is required to fulfill a contract, such as delivering a subscription or event service, InfraXmedia relies on contractual necessity. For marketing, event management, media services, and analytics, the company relies on legitimate interest. When consent is required by law or practice, InfraXmedia obtains explicit permission before processing. The policy emphasizes that legitimate interest involves balancing the company's business interests against individuals' rights and freedoms, ensuring no disproportionate impact occurs.
Uses of Personal Data
Personal data is used for a variety of purposes including service-related communications, research invitations, operational information for event attendance, website traffic analysis, subscription fulfillment, user community management, promotional campaign effectiveness, business planning through aggregated analysis, and management of images and footage from events. The company may contact individuals for service-related reasons such as subscription changes, password reminders, or comment notifications. Attendees at events and webinars may receive badge and app information. Photographs, podcasts, broadcasts, videos, and films from events may be used for promotional purposes on InfraXmedia websites and marketing materials.
Marketing Communications
Under UK GDPR, InfraXmedia may contact staff members of limited companies, public limited companies, incorporated partnerships, trusts, foundations, and government institutions via corporate email addresses for marketing purposes without prior consent, relying on legitimate interest. The policy states that individuals can opt out of communications at any time using the unsubscribe link in marketing emails or by contacting the data team at the provided email address. The company also respects the Telephone Preference Service (TPS) and Mailing Preference Service (MPS), but notes that if an individual subsequently submits personal data via an InfraXmedia website, that action may be considered consent for marketing until the individual opts out.
Data Sharing with Third Parties
InfraXmedia may share personal data with other companies within its group, including its holding company and subsidiaries. The company may also disclose data when legally compelled, such as for crime prevention, tax assessment, or court orders. In the event of a business sale or purchase, data may be shared with prospective buyers or sellers on a confidential basis. For events, webinars, whitepapers, and digital downloads, attendee data is passed to sponsoring third parties listed on the company's website at the time of registration. The policy explicitly states that data is not shared or sold outside of this condition. Additionally, third-party services that provide behavioural metrics, heatmaps, and session replay may collect de-identified data to help improve user experience.
International Data Transfers
Given the global nature of operations, InfraXmedia may transfer personal data outside the UK and EEA. The company ensures adequate protection through adequacy decisions by the UK or EU, Standard Contractual Clauses (SCCs), the U.S. Data Privacy Framework (DPF), or separate data protection agreements. The policy notes that some partners may be located in regions with less stringent data protection laws, but contractual obligations maintain adequate standards.
Data Subject Rights
Individuals have the right to access their personal data and verify the lawfulness of processing. Subject access requests must be verified by reasonable means and are generally free of charge. InfraXmedia will respond within one month, though complex requests may extend to two months with an explanation. If personal data is incorrect, individuals can request correction via the data team. The policy also mentions the right to object to processing based on legitimate interests, though this is not described in detail.
Data Storage and Security
Personal data is stored on secure servers provided by IT system suppliers. While transmission over the internet is not completely secure, InfraXmedia implements technical and organizational measures to protect data. Access to internal servers is limited to specialist IT personnel. The company retains personal data only as long as necessary for the purposes collected, with a general retention period of up to six years for audit and tax purposes, or longer if required by law.
Cookies and IP Addresses
InfraXmedia collects IP addresses, operating systems, and browser types for system administration and aggregate reporting. Cookies are used to provide a personalized browsing experience, with further details available in the separate Cookie Policy.
Contact and Complaints
Questions or comments about the policy can be directed to the Data Controller at InfraXmedia (Holdings) Ltd, 32-38 Saffron Hill, London EC1N 8FH, or via email. Individuals may also contact the Information Commissioner's Office (ICO) in the UK by phone at 0303 123 1113 or through the ICO website. The policy was last updated on April 25, 2025.
The update underscores InfraXmedia's commitment to data protection and transparency, aligning with evolving legal requirements and best practices in the digital economy. The company encourages all users and partners to review the policy to understand how their personal information is handled.
Source: Datacenterdynamics News