Log In
Log In

Privacy Policy

This notice explains how Conference Badges Ltd (“we”, “us”, “our”) collects and uses personal information when you use The Badge Scanner or any related website or portal (together, the “Service”). It is written in plain language but maps to our obligations under the UK GDPR, the EU GDPR and other data-protection laws.

1. Who this policy is for

  • Event attendees – people whose contact details we receive from an event organiser and whose badges may be scanned by exhibitors.
  • Exhibitor users – people who log in to the Service, capture leads and add meeting notes.

2. Who we are

Data Controller: Conference Badges Ltd, 10 Ashway Centre, Kingston-upon-Thames, Surrey KT13 8YE, United Kingdom.

Privacy contact: privacy@conferencebadges.co.uk (or write to the address above).

3. What data we process & where it comes from

Data category How we get it Typical items
Attendee list Supplied by the event organiser. Name, email, job title, company, industry sector.
Badge-scan details When an exhibitor scans an attendee’s badge. Date/time of scan, exhibitor company.
Meeting notes Typed in by the exhibitor user. Free-text notes and voice notes about the conversation; may include personal data if the exhibitor records it directly, as well as images and products of interest.
Exhibitor account data Provided by the exhibitor user. Name, business e-mail address, password (hash), login activity.

4. How & why we use your data (plus lawful bases)

  • Running the Service – letting users log in, scan badges, view and export leads, troubleshooting and security. Legal basis: contract (exhibitors); legitimate interest (attendees).
  • Handing attendee details to exhibitors when you hand over your badge or otherwise provide your details at the stand. Legal basis: legitimate interest (you expect the exhibitor to receive your details).
  • AI-powered lead summaries, ratings and prioritisation – see Section 5. Legal basis: legitimate interest (helping exhibitors qualify leads efficiently).
  • Analytics, service improvement and security monitoring. Legal basis: legitimate interest.
  • We do not use attendee data for our own marketing, nor do we sell it to anyone.

5. How we use AI

Artificial Intelligence is used by The Badge Scanner to help exhibitors summarise and prioritise the leads they capture and allow the organiser to access analytics to improve the event for both attendees and exhibitors. 

  • The AI models are provided by third party organisations in the EU and US. The US entities rely on Standard Contractual Clauses (“SCCs”) for international transfers.
  • Only meeting notes and non-identifying context (e.g. job title, industry) are sent to the AI tools. We advise exhibitors not to include e-mail addresses or phone numbers in notes, but we cannot technically prevent it and treat any such data in line with this policy.
  • The AI output is advisory only; no actions are taken automatically.
  • AI-generated summaries and scores may be kept for longer periods than the underlying lead data (Section 7), providing those summaries do not contain personally identifiable information (PII).

6. Sharing your information

We share data only with:

  • Event organiser – they supplied the attendee list and can view overall lead-capture statistics.
  • Exhibitor company – receives the leads it captures, including any AI summaries.
  • Trusted service providers – hosting, development and AI processing partners who are contractually bound to keep data secure and use it only for the Service.
  • Legal or regulatory bodies if required by law.

7. International transfers

Your data is stored on servers located in the UK/EU. When an exhibitor uses the AI features, the relevant text may be processed:

  • Inside the EU or
  • In the United States (OpenAI).

Where data leaves the UK/EU we rely on SCCs, the UK addendum and/or the EU–US and UK–US Data Privacy Frameworks to safeguard it.

8. How long we keep data

  • Lead & meeting data – retained for at least 30 days after the event, then reviewed annually. Older data is deleted or anonymised unless the exhibitor or organiser still needs access.
  • Account data – kept until the user asks for deletion or their company’s account closes.
  • Back-ups – automatically purged on a rolling schedule (maximum 60 days).

9. Security

  • All traffic is encrypted in transit (HTTPS/TLS).
  • Passwords are salted and hashed before storage; other fields are protected by access controls.
  • Role-based access for staff; production data is never copied to public test systems.

10. Your rights

You can ask to:

  • Access the data we hold about you;
  • Correct inaccuracies;
  • Delete or restrict processing of your data;
  • Object to processing based on legitimate interests;
  • Port certain data to another provider.

Send requests to privacy@conferencebadges.co.uk. You can also complain to the UK Information Commissioner’s Office or to your local EU supervisory authority.

11. Cookies

Our marketing site uses essential cookies plus optional analytics cookies, shown in our cookie banner. Analytics cookies are set only if you click “Accept”.

12. Children

The Service is not marketed to anyone under 18. We do not knowingly collect children’s personal data.

13. Changes to this policy

We may update this notice from time to time. If the changes are material we will post a clear notice on our website or within the Service before they take effect.

14. Contact us

Questions? E-mail privacy@conferencebadges.co.uk or write to:

Conference Badges Ltd
Unit 10, Ashway Centre
Kingston-upon-Thames
Surrey KT13 8YE
United Kingdom

Telephone: +44 (0)20 8614 4134 (calls may be recorded).


This policy is effective from 30 May 2025. Last updated 21 August 2025.