PRIVACY POLICY
INSOMNIA GAMING LIMITED PRIVACY POLICY
-
At Insomnia Gaming Limited, we respect your privacy and are committed to protecting your personal data. This privacy policy explains how we look after your personal data when you visit our website (regardless of where you visit it from) and tells you about your privacy rights and how the law protects you.
Purpose of This Privacy Policy
This privacy policy aims to give you information on how Insomnia Gaming Limited collects and processes your personal data through your use of this website, including any data you may provide when you buy tickets for our events, attend our events, or submit forms via our websites.
This website is not intended for children, and we do not knowingly collect data relating to children without parental consent. If you are under the age required by applicable law (e.g., under 13 in the UK), please do not provide personal data without the consent of a parent or guardian.
It is important that you read this privacy policy together with any other privacy policy or fair processing notice we may provide on specific occasions when we are collecting or processing personal data about you, so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
About Us
Insomnia Gaming Limited (company number 16620295) is the controller and responsible for your personal data (collectively referred to as “the Company”, “we”, “us” or “our” in this privacy policy).
We have appointed a Data Protection Officer (“DPO”) who is responsible for overseeing questions in relation to this privacy policy. If you have any questions about this policy, including any requests to exercise your legal rights, please contact the DPO using the details below.
Contact Details
Full legal entity name: Insomnia Gaming Limited
Email address: mydata@insomniagamingfestival.com
Postal address: 167–169 Great Portland Street, London, England, W1W 5PFYou have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). Our registration reference with the ICO is ZB949840.
Changes to This Privacy Policy and Your Duty to Inform Us of Changes
We keep our privacy policy under regular review. We will notify you in advance of any changes involving a new use of your personal data that may not be compatible with the purpose for which we originally collected it.
It is important that the personal data we hold about you is accurate and up to date. Please inform us promptly if your personal data changes during your relationship with us.
Third-Party Links
This website (www.insomniagamingfestival.com) may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you in accordance with their own privacy policies. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
-
Personal data (also called “personal information”) means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store, and transfer different kinds of personal data about you. We have grouped these into the following categories:
Identity Data
We collect:
Name and title
Nickname for your gaming profile
Criminal data (where relevant for event security)
Car registration number
Health information
Next of kin details
Dietary requirements
Age and gender (if you choose to provide this)
When you buy a ticket for one of our events via our third-party ticketing agencies, we may also capture photos and video images when you attend for marketing purposes. Any intellectual property rights in such photos and marketing images shall be assigned to us with full title guarantee, subject to applicable laws.
You may be asked to provide proof of identity (passport or driving licence) in order to access certain areas of our events (such as Bring Your Own Computer areas) or if you attempt to purchase alcohol. We do not store copies of this identification data.
If you apply to volunteer at one of our events, we may request that you submit a photo or video of yourself as part of the application process.
Contact Data
When you buy tickets for our events, we receive your address, email, and telephone number so we can send you service communications relating to the event.
Financial Data
Your payment card details are processed by our third-party ticketing agencies and suppliers when you are dealing directly with us.
Your bank account details may be processed by us and by third parties who handle banking data, for payment purposes.Transaction Data
Details about the tickets you have purchased from us.
Technical Data
Includes:
Internet Protocol (IP) address
Login data
Browser type and version
Time zone setting and location
Browser plug-in types and versions
Device ID
Operating system and platform
Other technology on the devices you use to access our websites
Profile Data
Includes your interests, preferences, feedback, survey responses, and experience (if you are applying to volunteer at our events).
Usage Data
Information about how you use our websites and attend our events.
Marketing and Communications Data
Includes your preferences regarding receiving marketing communications from us and how you prefer to be contacted.
Aggregated Data
We also collect, use, and share aggregated data such as statistical or demographic data for any purpose. Aggregated data may be derived from your personal data but is not considered personal data in law, as it will not directly or indirectly reveal your identity. For example, we may aggregate your usage data to calculate the percentage of users accessing a specific website feature. However, if aggregated data is combined with your personal data so that it could identify you, we treat it as personal data and will handle it in accordance with this privacy policy.
Special Categories of Personal Data
We collect certain special categories of personal data — specifically health data and criminal data. We do not collect other special categories (sensitive data) such as race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, or trade union membership, except as stated below.
When you apply for a volunteering opportunity at one of our events, we may require certain special category data as it is necessary to assess your capacity to work and to ensure your health, safety, and wellbeing.
If You Fail to Provide Personal Data
Where we need to collect personal data by law, or under the terms of a contract with you, and you fail to provide that data when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide goods or services). In such cases, we may have to cancel a product or service you have with us, but we will notify you if this happens.
-
We use different methods to collect data from and about you, including:
1. Direct Interactions
Our website (www.insomniagamingfestival.com) is operated by Insomnia Gaming Limited, which processes any data you submit using forms on the website. This includes forms used to:
Contact us
Sign up for volunteering opportunities and training
Make a career enquiry or apply for a job
Apply to work with us or exhibit at our events
Attend our events
Confirm details for prizes or payments
Exchange event planning information and data
Make a safeguarding enquiry
When you fill in forms on our website, we may also use trusted third parties to process that data on our behalf.
2. Automated Technologies or Interactions
As you interact with our website, we may automatically collect Technical Data about your device, browser type, browsing actions, and patterns. This may include your IP address, operating system, time zone setting, and device identifiers.
We collect this personal data through cookies and other similar technologies. We may also receive Technical Data about you if you visit other websites that use our cookies.
Please see our Cookie Policy for further details.
3. Third Parties or Publicly Available Sources
We may receive personal data about you from:
Analytics providers (such as Google Analytics) based outside the UK
Advertising networks that serve personalised online advertisements to you if you have previously visited our websites
Technical partners that provide tools or integrations on our website
Publicly available sources such as Companies House or other government registries
You can block certain advertising networks and cookies on each of your connected devices. For more information, please see our Cookie Policy.
-
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
1. Where We Need to Perform a Contract
This means processing your personal data where it is necessary for the performance of a contract to which you are a party, or to take steps at your request before entering into such a contract.
Examples include:
Processing your order, associated payment, and delivering products or services
Managing event planning and your attendance
Registering you for a loyalty scheme
Processing transactions for services, tournaments, and competitions
Notifying you of changes to our terms and conditions
2. Where It Is Necessary for Our Legitimate Interests
This means processing for the legitimate interests of our business (or those of a third party) where your interests and fundamental rights do not override those interests.
We assess all legitimate interest activities to ensure they do not have an unfair impact on you. Examples include:
Sending you direct marketing communications where legally permitted
Sharing your data with carefully selected third parties for marketing or targeted advertising related to our products and services
Preventing and detecting fraud, including ensuring your payment card is not used without your consent
Making or defending an insurance or legal claim involving you
Seeking your feedback or undertaking customer research
Providing IT services and ensuring network security
Delivering relevant website content and advertisements, and measuring their effectiveness to improve our products, services, and marketing strategy
Monitoring and improving your online experience when browsing and transacting on our website
Managing our relationship with you and responding to queries or complaints
Assessing service quality and compliance with law, policies, and procedures
Taking photos and/or video at events for advertising and marketing purposes
Conducting data analysis for fraud prevention and detection
Maintaining accounting records, analysing financial results, and undertaking audits or professional legal/tax advice
Processing background checks
Delivering training
Quality assurance and training purposes
Location tracking (where applicable)
Conducting post-event surveys
Bringing or defending legal or insurance claims
3. Where We Need to Comply with a Legal Obligation
This means processing where it is necessary to comply with UK law. Examples include:
Complying with regulations requiring information security monitoring
Reporting crimes to relevant authorities
Sharing data with regulators such as the ICO for audit or breach reporting purposes
Handling any requests you make when exercising your legal rights as outlined in this policy
4. Where We Have Your Consent
Generally, we do not rely on consent as a legal basis for processing your personal data, except in limited scenarios or where required by law. Examples include:
Sending third-party direct marketing communications via email or SMS
Using cookies, session replay, and similar technologies to track information about you when you access our websites or other online services
Using photography or videography captured at events in promotional materials (explicit consent will be obtained where required)
You have the right to withdraw your consent at any time by contacting us.
Marketing
We strive to give you choices about how we use your personal data for marketing and advertising.
We may use your personal data to determine what products, services, and offers may be relevant to you (“marketing”). You may receive marketing communications from us if:
You have purchased a ticket to our events and not opted out; or
You have signed up to our mailing list and given consent to receive marketing
Promotional Offers from Us
We may use your Identity, Contact, Technical, Usage, and Profile Data to determine which products, services, and offers may be relevant to you. You will only receive marketing if you have not opted out.
Third-Party Marketing
We may share your data with carefully selected third parties where it is in our mutual legitimate interest to do so. These third parties will not send you direct marketing communications by email or SMS without your consent.
Opting Out
You can opt out of marketing at any time by:
Following the opt-out links in any marketing email or SMS we send; or
Contacting us at mydata@insomniagamingfestival.com
Opting out will not affect personal data provided as part of a purchase, warranty registration, product/service experience, or other transaction.
Cookies
You can set your browser to refuse all or some cookies, or to alert you when a website sets or accesses cookies. Disabling cookies may mean some parts of our website do not function properly. For more details, see our Cookie Policy.
Change of Purpose
We will only use your personal data for the purposes for which we collected it, unless we reasonably believe that we need to use it for another purpose that is compatible with the original purpose. If you would like an explanation of how processing for a new purpose is compatible, please contact us.
If we need to process your personal data for an unrelated purpose, we will notify you and explain the legal basis for doing so.
We may process your personal data without your knowledge or consent where required or permitted by law.
-
We use a number of trusted third-party processors to help us deliver and monitor our services and to comply with our legal obligations.
We have data sharing agreements in place with all such third parties. These agreements require them to:
Respect the security of your personal data
Process it only in accordance with the law
Use it solely for the purposes we specify and in line with our instructions
We do not allow our third-party service providers to use your personal data for their own purposes.
Location of Processors
The processors we use are based in the UK, EU, or the United States (where similar protections for personal data apply). For more information about the safeguards we have in place when transferring data outside the UK or EU, please see the International Transfers section of this policy.
Types of Organisations We Share Data With
We may share your personal data with:
Third-party event licensors and licensees
Ticketing agents
Suppliers involved in the planning, set-up, and dismantling of our events
Online survey providers and competition administrators
Customer relationship management (CRM) and direct marketing providers
Promotion network providers
Providers of system integration and IT support
Service providers for monitoring website performance, detecting and fixing broken customer journeys, detecting malicious log-in attempts, and defending against denial-of-service (DoS) attacks
Relevant authorities and organisations for the prevention and detection of crime, or where required by law
Regulators, accreditation bodies, and external auditors
Commitment to Data Security
We require all third parties to handle your personal data securely and lawfully. They are only permitted to process your data for the purposes we have specified and in accordance with our written instructions.
-
From time to time, we may use data processors that process your personal data outside of the UK or the European Economic Area (EEA).
Whenever we transfer your personal data outside the UK or EEA, we ensure a similar degree of protection is applied by implementing at least one of the following safeguards:
Adequacy Decisions – We will only transfer your personal data to countries that have been formally deemed by the UK Government or the European Commission to provide an adequate level of protection for personal data.
Standard Contractual Clauses – Where we use certain service providers, we may implement specific contracts (approved for use in the UK and/or EU) that provide your personal data with the same level of legal protection as it has in the UK.
If you would like further details about the safeguards we use when transferring your personal data outside the UK or EEA, please contact our Data Protection Officer (DPO).
-
We have implemented appropriate technical and organisational security measures to prevent your personal data from being:
Accidentally lost
Used or accessed without authorisation
Altered or disclosed unlawfully
We also limit access to your personal data to employees, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your data in accordance with our instructions and are bound by a duty of confidentiality.
We have established procedures to deal with any suspected personal data breach. Where we are legally required to do so, we will notify both you and the relevant regulator of such a breach.
If you are concerned about a potential breach of your data, please contact our Data Protection Officer (DPO) immediately.
-
We will only retain your personal data for as long as is reasonably necessary to fulfil the purposes for which it was collected, including meeting any legal, regulatory, tax, accounting, or reporting obligations.
We may retain your personal data for longer if:
You make a complaint; or
We reasonably believe there is a possibility of litigation related to our relationship with you.
When determining how long to retain personal data, we consider:
The amount, nature, and sensitivity of the data
The potential risk of harm from unauthorised use or disclosure
The purposes for which we process the data and whether these can be achieved in other ways
Applicable legal, regulatory, tax, accounting, or other requirements
In certain cases, you may ask us to delete your data (see Request Erasure below).
In some circumstances, we will anonymise your personal data so that it can no longer be associated with you. In this case, we may use the anonymised data indefinitely without further notice to you.
Retention Periods by Data Type
Business Customers, Suppliers, Agents, Creators, Talent, Content & Press
Account primary contact: Permanent
Event delivery data: For the duration of the event only
Note: Mailchimp retains archived data for 15 years (see Mailchimp Privacy Statement)
Ticket Purchasing Data
Retention: 15 years
Anonymised data: Permanent
Note: See Tickets retains archived data for 15 years (see See Tickets Data Protection Policy)
Newsletters & Marketing Emails
Retention: Permanent, unless an opt-out is received
Note: Mailchimp retains archived data for 15 years (see Mailchimp Privacy Statement)
Customer Email Correspondence
Retention: Permanent
Insomnia Merchandise Purchasing
Managed via our partners: see Promotional Warehouse Privacy Policy
Insomnia PC Rental Service
Event delivery data: For the duration of the event only
Community Forums
Retention: Permanent
Insomnia Age Consent Forms
Retention: 12 months after the event ends
Insomnia Safeguarding Forms
Retention: 7 years
Tournament Entrants
Retention: 30 days from the end of the tournament or prize payment, whichever is later
Where Battlefy is used as the tournament platform, see the Battlefy Privacy Policy
Payment Details for Services or Prize Monies
Retention: 7 years
Event Photography and Videography
Retention: Permanent
LAN IP Addresses
Retention: For the duration of the event
Recruitment
Retention: 12 months after the candidate is introduced
Volunteers
Full delivery & training data: For the duration of the event
Reference & DBS data: For the last 2 live events (12–18 months)
Name & show role: Permanent (archived)
Note: See Tickets retains archived data for 15 years (see See Tickets Data Protection Policy)
-
Under certain circumstances, you have rights under data protection laws in relation to your personal data. These include the right to:
1. Request Access to Your Personal Data
Also known as a data subject access request. This enables you to receive a copy of the personal data we hold about you and check that we are lawfully processing it.
2. Request Correction of Your Personal Data
This enables you to have any incomplete or inaccurate personal data we hold about you corrected. We may need to verify the accuracy of the new data you provide.
3. Request Erasure of Your Personal Data
This enables you to ask us to delete or remove personal data where:
There is no good reason for us to continue processing it
You have successfully exercised your right to object to processing (see below)
We have processed your data unlawfully
We are required to erase your data to comply with local law
We may not always be able to comply with your request for legal or regulatory reasons, and we will inform you of this at the time of your request.
4. Object to Processing of Your Personal Data
You may object where we are relying on legitimate interests (ours or those of a third party) and something about your particular situation makes you feel the processing impacts your fundamental rights and freedoms.
You also have the absolute right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your data that override your rights and freedoms.
5. Request Restriction of Processing Your Personal Data
You may ask us to suspend the processing of your personal data in the following situations:
You want us to establish the accuracy of the data
Our use of the data is unlawful but you do not want it erased
You need us to hold the data even if we no longer require it because you need it to establish, exercise, or defend legal claims
You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it
6. Request the Transfer of Your Personal Data
We will provide your personal data to you, or to a third party you choose, in a structured, commonly used, machine-readable format.
This right only applies to automated information which:
You initially provided consent for us to process; or
We used to perform a contract with you
7. Right to Withdraw Consent
Where we are relying on consent to process your personal data, you may withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw consent.
If you withdraw consent, we may be unable to provide certain products or services, and we will inform you if this is the case.
How to Exercise Your Rights
If you wish to exercise any of the rights set out above, please contact our Data Protection Officer (DPO).
No Fee Usually Required
You will not have to pay a fee to access your personal data (or to exercise any of your other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive, or excessive. Alternatively, we may refuse to comply with your request in such circumstances.
What We May Need from You
We may need to request specific information to help confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to prevent the disclosure of personal data to anyone who does not have the right to receive it.
We may also contact you for further information to help us respond more quickly.
Time Limit to Respond
We aim to respond to all legitimate requests within one month. If your request is particularly complex, or if you have made multiple requests, it may take longer. In such cases, we will notify you and keep you updated.