×

Privacy Statement

ExchangeWire Ltd
Last updated: 20 May 2026

Contents

  1. Who we are
  2. What data we collect and why
  3. Data we receive from other sources
  4. Lawful basis for processing
  5. Who we share your data with
  6. International transfers
  7. How long we keep your data
  8. How we protect your data
  9. Cookies
  10. Advertising
  11. Your rights
  12. Children and minimum age
  13. Third-party websites and links
  14. How to contact us
  15. Changes to this statement
  16. Governing law

1. Who we are

This website is operated by ExchangeWire Ltd.

Data controller:
ExchangeWire Ltd
Registered in England and Wales, company number: 07372309
Registered office: 75 Kenton Street, London, WC1N 1NN
Trading address: New House, 67–68 Hatton Garden, Suite 10, London, EC1N 8JY

Data Protection Officer:
Lindsay Rowntree
Email: contact@exchangewire.com

EU representative (Article 27 EU GDPR):
Our EU representative appointment under Article 27 EU GDPR is currently under legal review. If you are based in the EU/EEA and wish to exercise your rights in the meantime, please contact us directly at contact@exchangewire.com.

2. What data we collect and why

2a. Website visitors

When you browse exchangewire.com, two categories of data are collected automatically.

Server logs — our web server records basic access data including IP address, pages requested, HTTP status codes, and timestamps. This happens for all visitors regardless of cookie preferences and is used for security monitoring, abuse prevention, and service operation.

Analytics — we use Google Analytics 4 to understand how our site is used, improve performance, and compile audience reports. GA4 is activated only after you give consent via our cookie consent tool. It processes user-level data including IP address, device identifiers, and browsing behaviour. See section 6 for information about how Google Analytics data is transferred internationally.

Data collected via server logs and analytics includes:

  • IP address
  • Browser type and version
  • Operating system
  • Pages visited and time spent
  • Referring website
  • Approximate location (country/city level)
  • Device type

2b. Registered users

When you register on exchangewire.com, we collect:

  • Name
  • Business email address
  • Job title and seniority
  • Company name
  • Country
  • Company type
  • Username and password (stored using secure one-way controls — see section 8)

2c. Event registrations and award entries

When you register for a conference, awards ceremony, or submit an award nomination, we collect:

  • Name
  • Business email address
  • Job title
  • Company name
  • Country

For awards and nominations, we may also collect submitted nomination materials, supporting campaign information, and professional biography or profile information where submitted.

2d. Newsletter and content subscriptions

When you subscribe to a newsletter or request gated content, we collect:

  • First name and last name
  • Business email address
  • Job title
  • Company name
  • Company type
  • Company size
  • Annual revenue band
  • Country
  • Communication preferences

This information is used for newsletter delivery, audience segmentation, B2B relevance targeting, event and content promotion, and internal reporting.

2e. Sponsored content and lead generation

Where you download content sponsored by a third party, or register for a co-branded event, we may share your registration details with the named sponsor. This will always be clearly disclosed at the point of data collection and will only happen with your specific, informed consent (see section 5b). You are not required to consent; declining will not affect your access to ExchangeWire's own content.

2f. Enquiries and correspondence

When you contact us directly — including via enquiry forms on our website — we collect the information you provide, including your name, email address, job title, company name, area of interest, and the content of your message.

2g. Events: photography and recording

At our events we may take photographs, make audio recordings, or produce video recordings for editorial, promotional, and archival purposes. We will provide notice at the event. If you do not wish to be photographed or recorded, please inform a member of the ExchangeWire team.

2h. Embedded media and third-party platforms

Our site may include links to or embedded content from third-party platforms, including podcast platforms, video hosts, social media platforms, and event platforms. These providers may collect information about your interaction with their services in accordance with their own privacy policies.

Where embedded content uses non-essential cookies or similar technologies, these are managed through our cookie consent tool where technically possible. Social sharing or follow links (e.g. LinkedIn, X/Twitter, Spotify) are subject to those platforms' own privacy policies and terms.

3. Data we receive from other sources

In addition to data you provide directly, we may receive business contact information from publicly available sources such as company websites and professional directories, event partners and co-organisers, commercial partners, and professional networking platforms.

This may include name, business email address, job title, company name, sector, country, and publicly available business profile information.

We use data from these sources only for relevant B2B communications. We screen new lists against our suppression records before sending campaigns and will honour opt-out requests promptly. Where you have the right to know the source of your data (see section 11 — Right of access), you may ask us and we will provide this information where we are able to do so.

4. Lawful basis for processing

We rely on the following lawful bases under Article 6 of UK GDPR:

Processing activityLawful basis
Essential server logs (security, abuse prevention, service operation)Legitimate interests — necessary for the secure operation of our services
Website analytics (Google Analytics 4)Consent (via Cookiebot)
Marketing cookies, advertising, and trackingConsent (via Cookiebot)
Sending marketing emails to existing B2B corporate contactsLegitimate interests — we have a legitimate interest in communicating with business contacts at corporate organisations about relevant industry news, events, and products. You can opt out at any time.
Sending marketing emails to individual subscribers or sole tradersConsent — obtained at the point of sign-up
Event registration and deliveryPerformance of a contract
Responding to enquiriesLegitimate interests
Security monitoring and fraud preventionLegitimate interests
Sharing data with event co-sponsorsConsent
Sharing data with content sponsorsConsent
Processing B2B contacts received from third-party sourcesLegitimate interests — relevant B2B marketing to business contacts. You can opt out at any time.
Event photography and recordingLegitimate interests — editorial, promotional, and archival purposes. You can ask not to be included.
Compliance with legal obligationsLegal obligation

Where we rely on legitimate interests, we have assessed that our interests are not overridden by your rights and interests. You may request a copy of our legitimate interest assessment by contacting us at the address in section 14.

Where we rely on consent, you have the right to withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.

B2B marketing note: For business contacts at corporate organisations, relevant marketing communications may be sent under legitimate interests where permitted by PECR, provided a clear opt-out is available. For individual subscribers, sole traders, and non-corporate contacts, we rely on consent or another applicable lawful basis. You can opt out at any time by using the unsubscribe link in any email or by contacting us directly.

5. Who we share your data with

We do not sell your personal data. We may share it in the following circumstances.

5a. Service providers (data processors)

We use third-party service providers who process data on our behalf under data processing agreements. These providers may only use your data as directed by us and are not permitted to use it for their own purposes.

ProviderPurposeData region
Google (Analytics 4, Google Tag Manager)Analytics and tag managementUnited States — see section 6
Zoho CRMContact and relationship managementEU (Zoho EU data centre)
Zoho CampaignsNewsletter delivery and marketing automationEU (Zoho EU data centre)
Zoho FormsEnquiry forms, newsletter sign-up, event and product interest formsEU (Zoho EU data centre)
Zoho BackstageEvent registration and managementEU (Zoho EU data centre)
Bunny CDNWebsite content deliveryUK/EU
Cookiebot by UsercentricsCookie consent managementUK/EU
Bedrock Platform LtdProgrammatic display advertising — activated only after Marketing consent is givenUnited Kingdom
OptinPanda Premium (OnePress)Content locker and lead capture software — email addresses submitted to unlock gated content are stored in ExchangeWire's own database. The plugin vendor (OnePress) does not have access to this data.United Kingdom / EU (on-server)

5b. Event and content sponsors

Where you register for a co-branded event or download content sponsored by a third party, we will share your name, job title, company name, and email address with the named sponsor only where you have given your specific, informed consent at the point of collection. Consent is captured via an unchecked opt-in checkbox that identifies the sponsor by name. You are not obliged to consent, and declining will not affect your access to ExchangeWire's own content.

We may disclose personal data where required to do so by law, court order, or regulatory authority.

5d. Business transfers

In the event of a merger, acquisition, or sale of all or part of our business, personal data may be transferred as part of that transaction. We will notify you via a prominent notice on our website if this occurs.

6. International transfers

All of our service providers, with the exception of Google, are based in the UK or EU. This includes Bedrock Platform Ltd, which is incorporated in England and processes data within the UK. Your data does not leave the UK/EEA when processed by these providers.

Google (Google Analytics 4 and Google Tag Manager) is based in the United States. We transfer personal data to Google under the UK International Data Transfer Agreement (IDTA) and the UK Addendum to EU Standard Contractual Clauses. Google is also certified under the UK Extension to the EU-US Data Privacy Framework.

ProviderCountrySafeguard
Google (Analytics 4, GTM)United StatesUK IDTA / UK Addendum to EU SCCs; UK Extension to EU-US Data Privacy Framework

You may request a copy of the relevant transfer safeguards by contacting us at the address in section 14.

7. How long we keep your data

We retain personal data only for as long as necessary for the purpose it was collected, or as required by law.

Data categoryRetention period
Essential server / access logs30 days
Website analytics data (GA4)14 months (Google Analytics default)
Marketing email contact recordsDeleted immediately on unsubscribe
Suppression list (opted-out email addresses)Indefinitely — to ensure we do not contact you again
B2B contact records received from third partiesUntil you opt out, then suppression record kept indefinitely
Gated content lead capture (email addresses submitted via content lockers)Until you unsubscribe, then suppression record kept indefinitely
Event registration data3 years after the event
Awards and nomination materials3 years after the awards cycle
Enquiry and correspondence records3 years
Cookie consent records12 months (Cookiebot default)

When data is no longer required, it is securely deleted or anonymised.

8. How we protect your data

We use appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, disclosure, or destruction. These include:

  • Access controls and role-based permissions
  • Encrypted transmission of data (HTTPS/TLS)
  • Secure storage of passwords using one-way hashing — passwords are not accessible to us in plain text
  • Regular backups
  • Security monitoring and logging
  • Data processing agreements with all third-party providers who handle personal data on our behalf

We will notify affected individuals and the Information Commissioner's Office of any personal data breach where we are legally required to do so.

9. Cookies

We use cookies and similar tracking technologies on exchangewire.com. Cookies are small text files stored on your device.

We use Cookiebot by Usercentrics to manage cookie consent. When you first visit our site, you will be asked to accept or decline cookies by category. You can update your preferences at any time by clicking the cookie settings link in the footer.

Analytics and marketing cookies are activated only after the relevant consent has been given. We audit our tag configuration periodically to verify this is working as intended.

CategoryDescriptionConsent required?
Strictly necessaryEssential for the site to function (e.g. login sessions, security, anti-spam). Cannot be disabled.No
Analytics and performanceHelp us understand how visitors use the site (e.g. Google Analytics 4). Activated after consent only.Yes
Functional/preferencesRemember your preferences and settings.Yes
MarketingUsed for advertising measurement and campaign performance tracking. Activated after consent only.Yes

For a full list of the cookies we use, who sets them, what they are for, and how long they last, please see our Cookie Policy.

10. Advertising

ExchangeWire displays advertising on its website through a combination of direct reservation deals and programmatic display advertising served by Bedrock Platform Ltd (incorporated in England, company number 15547708; IAB Transparency and Consent Framework vendor ID: 1337).

Bedrock Platform uses a cookie to assign your browser a pseudonymous identifier for the purposes of serving and measuring display advertisements. This cookie is set only after you give Marketing consent via our cookie consent banner. Bedrock Platform receives your consent signal in the industry-standard IAB TCF v2 format and is bound by the IAB Transparency and Consent Framework, which prohibits processing beyond the purposes you have consented to.

We do not use retargeting or remarketing pixels that build user-level profiles for targeted advertising across other websites. No individual-level data is shared directly with advertisers.

If you decline Marketing cookies, no advertising cookies or programmatic ad network calls are made.

11. Your rights

Under UK GDPR you have the following rights in relation to your personal data:

Right of access — You can request a copy of the personal data we hold about you, including the source of that data where it was not collected directly from you.

Right to rectification — You can ask us to correct inaccurate or incomplete data.

Right to erasure — You can ask us to delete your personal data in certain circumstances, for example where you withdraw consent or where the data is no longer necessary for the purpose it was collected.

Right to restriction — You can ask us to restrict processing of your data in certain circumstances, for example while a dispute about accuracy is resolved.

Right to data portability — Where processing is based on consent or contract and carried out by automated means, you can request your data in a portable, machine-readable format.

Right to object — You can object to processing based on legitimate interests at any time. We must stop unless we can demonstrate compelling legitimate grounds that override your interests. You can object to direct marketing at any time with no exceptions — we will stop immediately.

Rights related to automated decision-making — We do not make decisions about you solely by automated means that produce legal or similarly significant effects.

Right to withdraw consent — Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

How to exercise your rights

Contact us at contact@exchangewire.com. We will respond within one month of receiving your request. In complex cases we may extend this by a further two months and will notify you within the first month.

We will not charge a fee unless the request is manifestly unfounded or excessive. We may need to verify your identity before processing your request.

Right to complain

If you are unhappy with how we have handled your personal data, you may lodge a complaint with the Information Commissioner's Office (ICO):

  • Website: ico.org.uk
  • Telephone: 0303 123 1113
  • Post: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

We would appreciate the opportunity to address your concerns before you contact the ICO — please reach out to us first.

12. Children and minimum age

Our website and services are intended for business professionals. We do not knowingly collect personal data from anyone under the age of 16. If you believe we have inadvertently collected data from a person under 16, please contact us at contact@exchangewire.com and we will delete it promptly.

Our website contains links to third-party websites, publications, and platforms. Once you leave exchangewire.com, this privacy statement no longer applies. We are not responsible for the privacy practices or content of external sites and encourage you to read their privacy policies before providing any personal data.

14. How to contact us

Data Protection Officer: Lindsay Rowntree
Email: contact@exchangewire.com
Post: Data Protection Officer, ExchangeWire Ltd, New House, 67–68 Hatton Garden, Suite 10, London, EC1N 8JY

15. Changes to this statement

We may update this privacy statement from time to time. When we make material changes we will update the "Last updated" date at the top of this page and post a notice on our website. We encourage you to review this statement periodically.

16. Governing law

This privacy statement is governed by the laws of England and Wales. Any disputes arising in connection with it will be subject to the exclusive jurisdiction of the courts of England and Wales.