Storm Privacy Policy

Summary

This privacy policy sets out how Storm Events, STORM IR, STORM Digital Displays and STORM Gobo (hereinafter collectively referred as ‘Storm Events’ or ‘Storm Events Brands’) uses and protects any information that you give us when you use this website, book an event with us, attend an event managed by Storm Events, rent or purchase our lighting product or digital displays. All Storm Events Brands are owned and operated by Storm Events (London) Ltd.

Storm Events is committed to ensuring that your privacy is protected. Should we ask you to provide certain information by which you can be identified when using our services, then you can be assured that it will only be used in accordance with this privacy statement.

We have appointed a Data Protection Officer (DPO) who is responsible for monitoring and providing guidance with UK’s General Data Protection Regulation, Privacy Electronic Communication Regulation, Data Protection Act of 2018 and Data (Use and Access) Act of 2025 status. If you have any questions about this privacy policy, including any requests to exercise your legal rights, please use the contact information in this privacy policy.

An additional Privacy Notice is available for employees of Storm Events through our intranet.

Storm Events may change this policy from time to time to time by updating this page. You should check this page from time to time to ensure that you are happy with any changes. This policy is effective from August 2024 and was last reviewed on 16 July 2025.

Why we collect your personal information

We collect your personal data for one of the following purposes:

  • To manage communications between you and us
  • Where we need to perform the contract we have entered into with you.
  • To provide you with information you have requested or which we may feel may be of interest to you.
  • To ensure the safe operation of our website and to monitor the performance of our website.
  • To arrange events, including live and virtual events.
  • For marketing and advertising purposes.
  • To provide services to our customers, and other delegates of our customers.

What information we collect and where from

We collect personal information from you, for example, if you register via our website, request product information, call us or use any of our services we provide for our customers. The categories of personal information that we may collect, store and use about you may include:

  • Name.
  • Address, telephone number, email.
  • Designation.
  • IP address.
  • Date of birth and gender.
  • Name of your employer.
  • Country of residence.

This information may be gathered from the following sources:

  • When you use our website, via analytics tools.
  • When you attend virtual events organised by us.
  • When you contact us for our services, are sent an invoice or respond to requests for information whilst we deliver our services.
  • When you attend an event we deliver to our customers, via a registration form or the platform where the event is being held.

Children’s information

Storm Events does not knowingly collect information on children without consent from a responsible parent. If Storm Events have collected personal information on a child, please inform us using information in Contact Us section immediately, so we can remove this information without any undue delay.

Lawful basis for processing personal data

We only collect and use personal information about you when the law allows us to. Most commonly, we use it where:

  • The data subject (you) has given consent to the processing activity taking place.
  • If the processing is necessary for the performance of a contract.
  • If the processing is necessary for compliance with a legal obligation to which the controller is subject.
  • If the processing in necessary for the purpose of the legitimate interest pursed by us or our partners.

Where legitimate interest is identified as a lawful basis for a process which is not covered in the list of ‘recognised legitimate interest’ under DUA 2025, we will undertake a legitimate interest assessment which is a three-part test covering:

  • The purpose test – to identify the legitimate interest.
  • Necessity test – to consider if the processing is necessary for the purpose identified.
  • Balancing test – considering the individual’s interests, rights or freedoms and whether these override the legitimate interests identified.

What we do with the information we gather

We require this information to understand your needs, deliver services for our customers and provide you with a better service, and in particular for the following reasons:

  • Internal record keeping.
  • We may use the information to improve our events production techniques, products and services.
  • For our customers, we may periodically send promotional emails about new event products, AV Hire, special offers or other information which we think you may find interesting using the email address which you have provided.
  • For our customers, from time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone, fax or mail but only with your express permission. We may use the information to customise the website according to your interests.
  • For delegates of our customers, we use this information to inform the customer of those that attended their event.

How long we keep information for

We pride ourselves on ensuring that your personal data is only retained for the period that we need it for, or in accordance with laws, regulations and professional obligations that we are subject to.

All personal information collected has a defined retention period, which is in-line with our Retention Policy.

In summary, personal data is retained for the following purposes and durations.

  • Customer details, whilst you are a customer and we deliver our services to you.
  • Users of our website, in line with industry durations to allow analysis of the use of our website.
  • Delegates of our customers, until the information has been passed on to our customer, in line with agreements with the customer.

Security

We take the responsibility for protecting your privacy very seriously and we will ensure your data is secured in accordance with our obligations under the Data Protection laws.

We have in place technical and organisational measures to ensure personal information is secured and to prevent your personal data from being accessed in an unauthorised way, altered or disclosed. We have in place a robust access control policy which limits access to your personal data to those employees, contractors and other third parties who only have a business need to know. The processing of your personal data will only take place subject to our instruction.

We have policies and procedures to handle any potential data security breaches and data subjects. Third parties and any applicable regulators will be notified where we are legally required to do so.

We ensure that all employees have information security and data protection training

Controlling your personal information

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are required by law to do so.

Where you have given consent for processing, or explicit consent in relation to the processing of special category data, you have the right to withdraw this consent at any time, but this will not affect the lawfulness of processing based on consent before its withdrawal.

Your individual rights

In this Section, we have summarised the rights that you have under General Data Protection Regulation. Some of the rights are complex, and not all the details have been included in our summaries. Accordingly, you should read the relevant laws and guidance from the regulatory authorities for a full explanation of these rights.

Your principal rights under General Data Protection Regulation are:

  • Right to Access
  • Right to Rectification
  • Right to Erasure
  • Right to Restrict Processing
  • Right to Object
  • Right to Data Portability
  • Right to Contest Automated Decision Making (Automated decision making is not carried out by Storm Events)

You have the right to confirmation as to whether we process your personal data and, where we do, access to the personal data, together with certain additional information. That additional information includes details of the purposes of the processing, the categories of personal data concerned and the recipients of the personal data. Providing the rights and freedoms of others are not affected, we will supply to you a copy of your personal data. The first copy will be provided free of charge, but additional copies may be subject to a reasonable fee (£10). You as a data subject have the right to rectification, which will allow you as the data subject to modify/change any personal information to the purpose of ensuring that the information we process is update to date. The right to to erasure or right to be forgotten will allow you as the data subject to inform us that you no longer want Storm Events to continually to store or process your personal information. Please be aware that we may decline your right for a number of reasons, which are not limited to, having a lawful basis or process your information or us needing your information for the performance of a contractual obligation. As a data subject, you have the right to stop any processing of your personal information. Please be aware that you must provide us with a legitimate reason for us to stop processing. Any request made that doesn’t conform to the GDPR will be rejected. On occurrence we may send you marketing emails to make you aware on new products that we believe can benefit you, the data subject and its situations where you have consented to this activity. As you have the right to object, you can click the unsubscribe link on all our emails to inform us that you no longer want to receive marketing emails from us. The right to data portability will allow you as the data subject to have your personal information securely transferred to another organisation for processing. At Storm Events, we place this reasonability on you that data subject, when you make this request, we will export all information about you and securely transfer it to yourself. You, the data subject will be able to give this information to your chosen organisation.

If you have any question about these rights, please see “Contact Us” section of this policy.

Data transfers and Third parties

Providing your information to others

Storm Events may disclose your personal data to some third parties insofar as reasonably necessary for the purposes, and on the legal bases, set out in this policy. Third parties that we use are listed below.

Third parties

  • The client of Storm Events who has booked the event with Storm Events (the “Organiser”) The Organiser will communicate their own Privacy Policies upon inviting attendees and speakers to events and will be available upon request directly from the Organiser.
  • Zoom Communications, Inc. [US], when attending events utilising the Zoom platform.
  • Microsoft [UK], when attending events utilising the Teams platform.
  • Current RMS / Inspire Ltd [UK], when enquiring about or booking an event with Storm Events.
  • Xero [UK] Limited [UK], when paying for an event booked with Storm Events.
  • Shopify International Ltd [Ireland], when using or purchasing with STORM Gobo.
  • Knovio / KnowledgeVision, Inc. [US], when attending events utilising the Knovio platform.
  • Monday com [US], when booking an event with Storm Events.

Information security with transfers

In this section, we provide information about the circumstances in which your personal data may be transferred to countries outside the UK and European Economic Area (EEA).

We may share personal information to third parties outside of the UK or European Economic Area (EEA). If this was to change, Storm Events would ensure that information security at the highest standard would be to protect any personal information. This would include the use of encryption on transit and ensuring that data protection laws are being pursued. If personal data is is transferreded outside UK or EEA, outside the adequacy jurisdictions, a Transfer Risk Assessment (TRA) would be conducted and appropriate contractual clauses would be signed with the third parties. All information that is being transferred within the UK or EEA will follow our strict Information Transfer Policy compliant with Article 28 of the UK GDPR.

Contact us

Your trust is important to us. That is why we are always available to talk with you at any time and answer any questions concerning how your data is processed. If you believe that any information we are holding on you is incorrect or incomplete, please write to or email us as soon as possible using the details in this policy. We will promptly correct any information found to be incorrect.

You may contact our DPO and Compliance Team using the details below.

Email: dataprotection@storm-events.com
Phone: 020 7939 6077
Post: Storm Events (London) Ltd. Unit 4. Manor Grove Centre. Vicarage Farm Road. Peterborough. PE1 5UH

Right to complaint

We take any complaints about our collection and use of personal information very seriously.

If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.

To make a complaint, please contact us via email at dataprotection@stormevents.com.

Alternatively, you can make a complaint to the Information Comissioner’s Office:

Post: Information Commission, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Website: https://ico.org.uk/concerns/complaints-and-compliments-about-us/
Email: casework@ico.org.uk
Phone: 0303 123 1113 (Local rate) or 01625 545 745 (National rate)