BIBI Expo (“BIBI”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your personal data when you visit bibiexpo.com, contact us, submit forms, buy tickets, apply to exhibit or sponsor, subscribe to updates, or otherwise interact with us online.

This policy is intended to help you understand what personal data we collect, why we collect it, the lawful bases we rely on, who we share it with, how long we keep it, and the rights you have under UK data protection law. UK organisations must explain these matters clearly in a privacy notice, and personal data must be handled lawfully, fairly, transparently, for specified purposes, and only as necessary.

1. Who we are

BIBI Collective LTD is the controller of your personal data for the purposes described in this Privacy Policy, unless we state otherwise.

Data Controller: BIBI Collective LTD
Trading name: BIBI Collective LTD
Registered address:
Email: hello@demo3.aftabjaved.com
Website: bibiexpo.com

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us using the details above.

2. The personal data we collect

We may collect, use, store, and transfer different kinds of personal data depending on how you interact with us. Under UK GDPR, you need a lawful basis for each use of personal information, and the data collected should be adequate, relevant, and limited to what is necessary.

a) Identity and contact data

This may include:

  • your name
  • email address
  • phone number
  • postal address
  • business name
  • job title

b) Account, application, and booking data

This may include:

  • exhibitor, sponsor, speaker, volunteer, competition, or attendee application details
  • order, booking, ticketing, or payment-related records
  • communications about your participation in BIBI Expo events or services

c) Technical and usage data

This may include:

  • IP address
  • browser type and version
  • device type
  • operating system
  • time zone
  • pages visited
  • referring website
  • browsing behaviour on our site

d) Marketing and communications data

This may include:

  • your preferences in receiving marketing from us
  • your communication preferences
  • records of whether you opened or clicked emails

e) Content you submit

This may include:

  • form submissions
  • enquiries
  • competition entries
  • uploaded documents, biographies, images, videos, or other content you send to us

f) Special category data

We do not intentionally collect special category data through the website unless it is genuinely necessary and clearly explained at the point of collection. If we ever collect special category data, we will identify the legal basis and any additional condition required by law. The ICO’s guidance requires organisations to identify an appropriate lawful basis and to be transparent about what they are doing.

3. How we collect your personal data

We may collect your personal data:

  • directly from you when you complete forms, subscribe, contact us, apply, register, or purchase
  • automatically when you use our website through cookies and similar technologies
  • from service providers acting on our behalf, such as website hosts, payment processors, CRM or email marketing providers, analytics providers, and ticketing platforms
  • from publicly available sources, where relevant for business outreach or event-related communications and where lawful to do so

4. How we use your personal data and our lawful bases

UK GDPR requires us to rely on at least one lawful basis whenever we process personal data. Common lawful bases include consent, contract, legal obligation, and legitimate interests.

We may use your personal data for the following purposes:

a) To respond to enquiries

When you contact us, we may use your details to respond and manage your enquiry.
Lawful basis: legitimate interests, or steps prior to entering into a contract where relevant. The ICO explains that contract can apply where processing is necessary to take requested steps before entering a contract.

b) To process applications, bookings, ticket sales, sponsorships, or exhibitor enquiries

We may use your data to administer registrations, applications, orders, contracts, invoices, and event participation.
Lawful basis: contract, or steps prior to entering into a contract.

c) To manage our relationship with you

We may use your data to send service messages, updates about your booking or application, policy changes, or important operational notices.
Lawful basis: contract, legal obligation, or legitimate interests.

d) To improve our website, services, and user experience

We may analyse website usage, diagnose technical issues, maintain security, and improve content and performance.
Lawful basis: legitimate interests, and where cookies or similar technologies are used, any consent required under PECR. Current ICO guidance confirms that storage/access technologies are separately regulated and, in many cases, require user consent unless an exception applies.

e) To send marketing communications

We may send newsletters, event news, offers, and relevant updates where you have opted in, where soft opt-in rules apply, or where otherwise permitted by law. PECR regulates electronic marketing and may require consent depending on the circumstances. The ICO notes that legitimate interests can support direct marketing only where PECR does not separately require consent.

f) To run competitions, features, and promotional campaigns

We may use your data to administer entries, shortlist applicants, contact winners, and manage related publicity where applicable.
Lawful basis: contract, consent, or legitimate interests, depending on the competition structure and notice presented at entry.

g) To comply with legal obligations

We may process and retain personal data where needed to comply with tax, accounting, fraud prevention, safeguarding, law enforcement, or regulatory requirements.
Lawful basis: legal obligation.

5. Cookies and similar technologies

Our website may use cookies and similar technologies to make the site work, keep it secure, remember preferences, understand usage, and support analytics and marketing.

UK PECR rules require organisations to tell users what cookies do and why, and to obtain consent for non-essential cookies or similar technologies unless a specific exception applies. Essential cookies that are strictly necessary for a service requested by the user may not require consent. The ICO has also updated guidance following legislative changes under the Data (Use and Access) Act, including discussion of exceptions for some low-risk uses, so your cookie banner and cookie table should match your actual setup.

You should add a separate Cookie Policy or cookie table listing:

  • cookie name
  • provider
  • purpose
  • duration
  • whether it is strictly necessary, analytics, functionality, or marketing
  • whether consent is required

Suggested wording for the site banner:
“We use essential cookies to make this website work. We would also like to use optional analytics and marketing cookies, but only with your consent. You can accept, reject, or manage your preferences at any time.”

6. Direct marketing

If you sign up to receive updates, we may send you information about BIBI Expo events, opportunities, competitions, tickets, exhibitors, sponsors, and related services.

Where required by law, we will ask for your consent before sending electronic marketing messages. In some limited cases, we may rely on lawful marketing rules that do not require fresh consent, but only where permitted. You can unsubscribe or opt out at any time by using the unsubscribe link in any marketing email or by contacting us directly. PECR specifically governs email, SMS, and similar electronic marketing.

7. Sharing your personal data

We may share your personal data with trusted third parties where reasonably necessary for the purposes above, including:

  • website hosting and IT support providers
  • payment processors
  • email marketing or CRM platforms
  • analytics providers
  • ticketing and registration platforms
  • event partners, suppliers, contractors, or venues where necessary for event delivery
  • professional advisers such as lawyers, accountants, insurers, and auditors
  • regulators, courts, law enforcement, or government authorities where legally required

We require processors acting on our behalf to process personal data only on our instructions and to use appropriate security measures. UK GDPR requires controllers to be accountable for how personal data is handled and shared.

8. International transfers

Some of our service providers may process personal data outside the UK. Where we transfer personal data internationally, we will take steps required by law to ensure appropriate safeguards are in place, such as adequacy regulations, standard contractual clauses, or another lawful transfer mechanism.

If you would like more information about international transfers, please contact us.

9. Data security

We take appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. UK GDPR’s principles include integrity and confidentiality, which require appropriate security for personal data.

However, no website or internet transmission is completely secure, and we cannot guarantee absolute security.

10. Data retention

We will keep your personal data only for as long as reasonably necessary for the purposes for which we collected it, including satisfying legal, regulatory, tax, accounting, dispute, and reporting requirements.

Retention periods may vary depending on the type of data and the purpose for which it was collected. When deciding how long to keep data, we consider the amount, nature, and sensitivity of the data, the potential risk of harm from unauthorised use or disclosure, why we collected it, and any legal requirements. Storage limitation is one of the core UK GDPR principles.

A practical retention schedule may look like this:

  • general enquiries: up to 12–24 months after last contact
  • exhibitor/sponsor applications and contracts: up to 6 years after the relationship ends
  • finance and transaction records: up to 6 years, or longer where legally required
  • marketing suppression records: as long as necessary to respect opt-out requests
  • analytics/cookie records: according to your cookie settings and provider retention periods

11. Your legal rights

Under UK data protection law, individuals have rights over their personal data. The ICO’s rights guidance confirms these include the right to be informed, access personal data, rectify inaccurate data, erase data in some circumstances, restrict processing, object in certain cases, and obtain portability in some situations.

Depending on the circumstances, you may have the right to:

  • request access to your personal data
  • request correction of inaccurate or incomplete data
  • request erasure of your personal data
  • request restriction of processing
  • object to processing, including some direct marketing
  • request transfer of your data where applicable
  • withdraw consent at any time where we rely on consent

These rights are not absolute, and some exemptions may apply.

To exercise your rights, please contact: privacy@demo3.aftabjaved.com

12. Complaints

If you have concerns about how we use your personal data, we would appreciate the chance to address them first.

You also have the right to complain to the Information Commissioner’s Office (ICO), the UK regulator for data protection matters. The ICO provides guidance and complaint channels for people who believe their information rights have been infringed.

13. Third-party links

Our website may include links to third-party websites, plug-ins, booking systems, sponsors, exhibitors, or social media platforms. Clicking those links or enabling those connections may allow third parties to collect or share data about you.

We do not control third-party websites and are not responsible for their privacy practices. You should read their privacy policies separately.

14. Children’s privacy

Our website is not intended for children unless we specifically state otherwise in connection with a family or youth initiative. We do not knowingly collect personal data from children through the website without appropriate notice and lawful basis. If you believe a child has provided personal data to us without appropriate authorisation, please contact us.

15. Changes to this Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or website functionality. Where appropriate, we will post the updated version on this page and update the “Last updated” date.

Questions about privacy? Contact us at hello@demo3.aftabjaved.com

A GROUNDBREAKING TWO-DAY CONFERENCE AND EXPO DESIGNED TO IGNITE THE ENTREPRENEURIAL SPIRIT OF SOUTH ASIAN WOMEN

Useful Links

  • About
  • Exhibit
  • Volunteer
  • Sponsorship
  • BIBI Network
  • Tickets

Incentives

  • My First Stand
  • BIBI Big Pitch
  • BIBI Through Her Eyes
  • BIBI Inked By Her
  • BIBI Changemaker Award
  • Influencer Reach Out

Join the BIBI Network!

Subscribe
  • ©2026 All Rights Reserved by
  • BIBI COLLECTIVE LTD
  • Terms & Conditions
  • Privacy Policy