Privacy Policy
How we collect, use, and protect your data
1. Who we are
Canapii Ltd is an event management technology company registered in England and Wales (company number 13234100). Our registered address is Reading, United Kingdom. We provide a platform that enables event organisers to manage registration, check-in, badge printing, virtual and hybrid event delivery, and attendee engagement.
Canapii Ltd is the data controller for the personal data collected through our website (canapii.com) and marketing activities. When we process data on behalf of event organisers using our platform, we act as a data processor under a Data Processing Agreement.
2. What data we collect
We collect the following categories of personal data:
- Identity data: name, job title, company name
- Contact data: email address, phone number, postal address
- Account data: login credentials, account preferences, role permissions
- Event data: registration details, attendance records, session preferences, badge information
- Technical data: IP address, browser type, device information, access logs
- Usage data: pages visited, features used, interaction patterns within the platform
- Communication data: correspondence with our team, support tickets, feedback
3. How we use your data
We use your personal data to deliver and improve our services, including:
- Providing and managing your account and access to the platform
- Processing event registrations and delivering event experiences
- Generating badges and managing on-site check-in
- Sending service communications, including event confirmations and platform updates
- Improving our platform through analytics and usage patterns
- Responding to enquiries and providing customer support
- Complying with legal obligations and protecting our legitimate interests
We will only send marketing communications where you have given explicit consent or where we have a legitimate interest to do so, and you can opt out at any time.
4. Legal basis for processing
Under the UK General Data Protection Regulation (UK GDPR), we rely on the following lawful bases:
- Contract: processing necessary to deliver services you have contracted for
- Legitimate interest: improving our services, platform security, and business analytics, where this does not override your rights
- Consent: marketing communications and non-essential cookies
- Legal obligation: compliance with applicable laws, regulations, and lawful requests
5. Data sharing
We do not sell your personal data. We share data only with:
- Event organisers: when you register for an event, your registration data is shared with the organiser who manages that event
- Service providers: trusted third-party processors who help us deliver services (hosting, email delivery, payment processing), all bound by data processing agreements
- Legal requirements: where required by law, court order, or regulatory authority
All third-party processors are vetted for compliance and operate under contracts that require them to protect your data to the same standard we do.
6. International transfers
Our platform infrastructure is hosted on Amazon Web Services (AWS). Where data is transferred outside the UK or European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office and the European Commission.
7. Data retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected. Account data is retained for the duration of your relationship with us plus a reasonable wind-down period. Event data is retained according to the organiser's data retention policy, typically no longer than 24 months after the event. Technical and usage data is retained for up to 12 months for analytics and security purposes.
When data is no longer required, it is securely deleted or anonymised.
8. Your rights
Under the UK GDPR, you have the following rights:
- Access: request a copy of the personal data we hold about you
- Rectification: request correction of inaccurate or incomplete data
- Erasure: request deletion of your data where there is no compelling reason to continue processing
- Restriction: request that we limit how we use your data
- Portability: request your data in a structured, machine-readable format
- Objection: object to processing based on legitimate interests or direct marketing
- Withdraw consent: where processing is based on consent, you may withdraw it at any time
To exercise any of these rights, contact us atinfo@canapii.com. We aim to respond within 30 days. You also have the right to lodge a complaint with the UK Information Commissioner's Office (ICO).
9. Cookies
Our website uses cookies and similar technologies to improve your browsing experience, analyse site traffic, and understand usage patterns. We use essential cookies required for the site to function, and optional analytics cookies that are only set with your consent via our cookie banner.
You can manage your cookie preferences at any time through your browser settings or our cookie consent tool.
10. Contact us
If you have questions about this privacy policy or how we handle your data, please contact us:
Canapii Ltd
Reading, United Kingdom
Email:info@canapii.com
Phone: +44 118 228 1385
Canapii Ltd is ISO 27001 certified, demonstrating our commitment to information security management best practices. Our certification covers the processes, systems, and controls used to deliver our event management platform.