Effective Date: 5th March 2026
I. Name and address of the data controller and contact details of the data protection officer
The controller within the meaning of the General Data Protection Regulation (GDPR) and other national data protection laws of the member states as well as other data protection regulations is the:
The Channel Company EMEA 180 Borough High Street London, SE1 1LB United Kingdom
and/or
The Channel Company, Inc. 117 Kendrick Street, Suite 300 Needham, MA 02494 United States of America 508.416.1175
and/or
bChannels Pty. Ltd. 388 George St, Sydney NSW 2000
You can contact our Data Protection Officer, Adelaide Reilly, via email at [email protected] or Data Protection Office at The Channel Company, 117 Kendrick Street, Suite 300, Needham, MA 02494, United States of America.
Scope of applicability
This privacy notice applies to the processing of personal data of individuals worldwide who register for our events, webinars, content downloads, newsletters, or site memberships, or who otherwise interact with our websites. Where individuals are located in the European Union or European Economic Area, processing is carried out in accordance with the General Data Protection Regulation (GDPR). Where individuals are located in the United Kingdom, processing is carried out in accordance with the UK GDPR and the Data Protection Act 2018. Where individuals are located in other jurisdictions, we comply with applicable local data protection laws (including, where relevant, U.S. state privacy laws and data protection laws in the Asia Pacific and Middle East regions) to the extent such laws apply.
II. Provision of the website and creation of log files
1. Description and scope of data processing
Each time you visit our website, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
(1) Information about the browser type and version used
(2) The operating system of the user
(3) The IP address of the user
(4) Date and time of access
(5) Websites that are called up by the user's system via our website
The data is also stored in the log files of our system. A storage of this data together with other personal data of the user does not take place.
2. Legal basis for data processing
The legal basis for the temporary storage of the data and the log files is Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
The temporary storage of the IP address by the system is necessary to enable delivery of the website to the user's computer. For this purpose, the user's IP address must remain stored for the duration of the session.
The storage in log files is done to ensure the functionality of the website. In addition, we use the data for the technical optimization of the website and to ensure the security of our information technology systems. An evaluation of the data for marketing purposes does not take place in this context.
These purposes are also our legitimate interest in data processing according to Art. 6 para. 1 lit. f GDPR.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the website, this is the case when the respective session has ended.
In the case of storage of data in log files, this is the case after seven days at the latest. Storage beyond this period is possible. In this case, the IP addresses of the users are deleted or alienated, so that an assignment of the calling client is no longer possible.
5. Possibility of objection and removal
The collection of data for the provision of the website and the storage of the data in log files is mandatory for the operation of the website. Consequently, there is no possibility of objection on the part of the user.
6. Adobe Analytics
We use the Adobe Analytics service to set log files on our website. The data controller for users in the EU or EEA is Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland ("Adobe").
Recipients
Recipients of the data in connection with the setting of log files may be:
Adobe Systems Software Ireland Limited, 4-6 Riverwalk, Citywest Business Campus, Dublin 24, Republic of Ireland (as processor pursuant to Art. 28 of the GDPR);
Adobe Inc, 345 Park Avenue, San Jose, CA 95110-2704, USA.
It cannot be ruled out that US authorities will access the data stored by Adobe.
Third country transfer
Where data is processed outside the EU or EEA and there is no level of data protection equivalent to the European standard, our service provider has entered into EU standard contractual clauses with the service provider to establish an adequate level of data protection. The parent company of Adobe Systems Software Ireland Limited, Adobe Inc, 345 Park Avenue, San Jose, CA 95110-2704, USA. A transfer of data to the USA and access by US authorities to the data stored by Adobe cannot be ruled out. The USA is currently considered a third country from a data protection perspective. You do not have the same rights there as within the EU or the EEA. As a result, you may not be entitled to legal remedies against access by authorities.
For more information on Adobe Analytics' terms of use and Adobe's privacy policy, please visit https://www.adobe.com/de/privacy.html and https://www.adobe.com/privacy/eudatatransfers.html.
III. Cookies use
1. Description and scope of data processing
Our website uses cookies. Cookies are text files that are stored in the Internet browser or by the Internet browser on the user's computer system. When a user accesses a website, a cookie may be stored on the user's operating system. This cookie contains a characteristic string of characters that enables the browser to be uniquely identified when the website is called up again.
When calling up our website, the user is informed about the use of cookies and, if necessary, the user's consent to the processing of personal data used in this context is obtained. In this context, there is also a reference to this data protection notice.
2. Legal basis for data processing
The use of technically necessary cookies and similar techniques in the category "Technically necessary" is based on Section 25 (2) No. 2 TTDSG. Subsequent data processing takes place on the basis of legitimate interests pursuant to Art. 6 para. 1 p. 1 lit. f GDPR.
3. Purpose of data processing
The purpose of using technically necessary cookies is to enable the use of websites for users. Some functions of our website cannot be offered without the use of cookies. For these, it is necessary that the browser is recognized even after a page change.
4. Duration of storage, possibility of objection and elimination
Cookies are stored on the user's computer and transmitted from it to our site. Therefore, you as a user also have full control over the use of cookies. By changing the settings in your Internet browser, you can disable or restrict the storage of cookies. Cookies that have already been stored can be deleted at any time. This can also be done automatically. If cookies are deactivated for our website, it may no longer be possible to use all functions of the website in full.
5. Third party cookies
We also use third-party cookies on our website. In detail, the following cookie-based tools are used in this context:
6. Consent Management Tool
This website uses a consent management tool provided by Didomi SAS, whose registered office is at 137 Boulevard Sébastopol, 75002 Paris, France, registered with the Paris Trade and Companies Registry under number 831 722 756 ("Didomi"). The consent tool enables users of our website to give consent to certain data processing procedures or to revoke consent they have given. By confirming the "Accept all" button or by saving individual cookie settings, you consent to the use of the associated cookies. This action constitutes consent within the meaning of Art. 6 para. 1 lit. a GDPR.
Didomi processes the following data of the website visitor in the course of consent management: IP address, unique ID, the cookie consent text file of the respective user and information on the user's device and browser. The legal basis for the data processing is Art. 6 para. 1 lit. f GDPR. Our legitimate interest is to design the consent management centrally and clearly and to offer the website visitor the website presence only insofar as he has given his consent to the processing of personal data and the processing of information on his terminal device.
In addition, the consent management tool helps us to provide proof of the declaration of consent. For this purpose, we process information on the declaration of consent and further log data on this declaration. Cookies are also used to collect this data. The processing of this data is necessary in order to be able to prove that consent has been given. The legal basis results from our legal obligation to document your consent (Art. 6 para. 1 lit. c in conjunction with Art. 7 para. 1 GDPR).
Further information on data protection at Didomi can be found at: https://www.didomi.io/privacy-policy
IV. Event registration
1. Description and scope of data processing
On our website there is the possibility to register for participation in events. When registering, the data from the input mask will be transmitted to us.
In addition, the following data is collected and stored during registration:
(1) IP address of the calling computer
(2) Date and time of registration
For the processing of data, reference is made to this privacy policy during the registration process.
2. Legal basis for data processing
The legal basis for the processing of data after registration for participation in events by the user is Art. 6 para. 1 lit. b GDPR and Art. 6 para. 1 lit. f GDPR.
3. Purpose of data processing
The collection of the user's personal data as part of the registration process serves to process the contract regarding participation in the booked event, webinar, or content offering. The data collection may also serve, where permitted by applicable law, to send interest-oriented information and offers relating to our own similar events or services, as well as to improve and optimize our newsletter and content offerings.
Consent for newsletters or for the sharing of data with event sponsors is not a condition for participation in an event, webinar, or content download.
During the registration process for events, webinars, or content downloads (such as whitepapers), you may also be given the option to subscribe to one or more of our editorial newsletters (for example, the CRN Daily Newsletter). Where you choose to opt in by selecting the relevant checkbox, your email address and registration data will be used to deliver the selected newsletter(s) in addition to any event-related communications.
Editorial newsletters and marketing communications are sent only where the user has provided explicit opt-in consent. We do not rely on implied consent or pre-checked options. The legal basis for this processing is your consent pursuant to Art. 6 para. 1 lit. a GDPR or equivalent consent requirements under applicable local data protection laws.
Where an event, webinar, or content download is sponsored by or produced in partnership with a third party ("Sponsor"), you may also be given the option to consent to your registration data being shared with the relevant Sponsor(s) for their own marketing purposes. Further details on this processing, including the data shared, the legal basis, and your rights, are set out in Section VII below.
The processing and temporary storage of certain technical data is necessary to protect our systems from malicious bot activity, automated attacks, or spam responses. This processing is carried out on the basis of our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR or equivalent provisions under applicable law.
Where required by applicable law, appropriate measures are implemented to document and verify user consent (such as confirmation mechanisms) in order to demonstrate compliance.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected, i.e. usually at the end of the booked event or upon receipt of your objection.
The additional personal data collected during the registration process is usually deleted after a period of seven days.
5. Possibility of objection and removal
The collection and storage of data for contract initiation and execution is mandatory for event registration. Consequently, the user only has the option of objecting to the sending of interest-related information and offers for their own similar events.
V. Newsletter and site membership
1. Description and scope of data processing
On our websites there is the possibility to subscribe to free newsletters or/and to register for site membership. Site membership includes access to premium content (such as in-depth journalism, research, and analysis) in addition to newsletters. When registering for a newsletter or/and site membership, the following data is transmitted to us:
(1) Business email address
(2) First Name
(3) Surname
(4) Company Name
(5) Country
In addition, the following data is collected during registration:
(1) IP address of the calling computer
(2) Date and time of registration
After initial registration, we may request additional information (such as job title, company revenue, and industry vertical) to provide more relevant content and communications. The legal basis for this processing is your consent or our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR.
For the processing of data beyond the user's e-mail address, your consent is obtained during the registration process and refers to this privacy policy.
If you book participation in events or other services on our website and enter your e-mail address, this may subsequently be used by us to send you a newsletter. In such a case, only direct advertising for our own similar events or services will be sent via the newsletter.
Where you have separately opted in to receive an editorial newsletter (such as the CRN Daily Newsletter) during event, webinar, or content registration, you will receive that newsletter in addition to any communications about similar events or services. Editorial newsletters may include daily or regular news content, industry updates, and related editorial information, and are distinct from direct marketing communications relating to our own events or services.
Where you register for site membership, your membership may include newsletters as part of the membership offering. In such cases, the newsletters you will receive are identified at the point of registration.
2. Legal basis for data processing
The legal basis for the processing of data after registration for the newsletter by the user is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
The legal basis for sending the newsletter as a result of booking participation in events or other services is Art. 6 (1) lit. f GDPR.
The legal basis for sending editorial newsletters (such as the CRN Daily Newsletter) to users who have opted in during event, webinar, or content registration is the user's consent pursuant to Art. 6 para. 1 lit. a GDPR or equivalent consent requirements under applicable local data protection laws. This consent may be withdrawn at any time with effect for the future by using the unsubscribe link contained in each newsletter or by contacting our Data Protection Officer at the address set out in Section I above. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
3. Purpose of data processing
The collection of the user's e-mail address is used to deliver the newsletter. The remaining data is used for the interest-based playout of the content associated with the newsletter subscription.
The collection of additional personal data during the registration process serves to prevent misuse of the services or the e-mail address used.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. Accordingly, the user's e-mail address will be stored as long as the subscription to the newsletter is active or the site membership remains in effect, or upon receipt of your objection.
The other personal data collected during the registration process is usually deleted after a period of seven days.
5. Possibility of objection and elimination
The subscription to the newsletter can be cancelled by the user concerned at any time. For this purpose, a corresponding link can be found in each newsletter. To this end, the user can object at any time to the sending of interest-based information in connection with bookings for events or the use of our services.
This also enables the revocation of consent to the storage of personal data collected during the registration process.
Where you have opted in to receive an editorial newsletter during event, webinar, or content registration, you may withdraw your consent and unsubscribe at any time by clicking the unsubscribe link included in each newsletter or by contacting our Data Protection Officer at the address set out in Section I above. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
6. Use of Marketo
We use the services of Marketo EMEA Limited to send our newsletter and other mailings (call for papers), to manage advertising permits and to collect statistical data on the use of our website and to optimise our offer accordingly. The legal basis for this is Art. 6 para. 1 lit. f) GDPR.
We would like to point out that Marketo evaluates your user behaviour on our behalf when sending the newsletter or other requested information. For this evaluation, the emails sent contain so-called web beacons, also called tracking pixels. These are single-pixel image files that link to our web portal and thus enable us to evaluate your user behaviour on a session basis. We record when you read our newsletters, which links you click on and infer your personal interests from this. Marketo stores the information collected in this way on its server in the EU / EEA.
Tracking is not possible if you have deactivated the display of images by default in your e-mail program. In this case, however, the newsletter will not be displayed in full and you may not be able to use all the functions. If you display the images manually, the above-mentioned tracking will take place.
If you purchase a product or service from us, then your e-mail address and name will be transferred to Marketo so that we can send you information e-mails for similar goods or services in the future (legal basis for this is Art. 6 para. 1 lit. f) GDPR).
Address of Marketo and URL with their data protection information:
Marketo EMEA Ltd.
Cairn House
South County Business Park
Leopardstown Road
Dublin 18
Ireland
Marketo US
901 Mariners Island Blvd.
Suite 500
San Mateo, CA 944094
United States
VI. Contact form and contact by e-mail
1. Description and scope of data processing
Our websites may contain contact forms or provide email addresses for electronic contact. Where a contact form is available and a user submits an inquiry, the data entered in the input mask is transmitted to us and stored. Depending on the form, this data may include:
(1) First Name
(2) Surname
(3) Business email address
(4) Company Name
(5) Job Title
(6) Phone Number
(7) Country
(8) Type of Organization
Not all fields are required on every form. All other information is voluntary.
The following data is also stored at the time the message is sent:
(1) The IP address of the user
(2) Date and time of submission
Where no contact form is available, users may contact us via the email addresses provided on the relevant website. In this case, the personal data transmitted with the email will be stored.
2. Legal basis for data processing
The legal basis for the processing of the user's contact data is Art. 6 para. 1 lit. f GDPR. The legal basis for the processing of all other data is Art. 6 para. 1 lit. a GDPR if the user has given his consent.
3. Purpose of data processing
The processing of the user's contact data serves us solely to process the contact.
The other personal data processed during the submission process are used to prevent misuse of the contact form and to ensure the security of our information technology systems.
4. Duration of storage
The data is deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input mask of the contact form, this is the case when it can be inferred from the circumstances that the matter concerned has been conclusively clarified.
The additional personal data collected during the sending process will be deleted after a period of seven days at the latest.
5. Possibility of objection and removal
The user has the possibility to revoke his consent to the processing of his personal data at any time. The will in this regard you can notify us by mail to [email protected].
All personal data stored in the course of contacting us will be deleted in this case.
Furthermore, the user can object to the storage of his personal data at any time. In such a case, the conversation cannot be continued.
VII. Recipients of data and transmission
Within The Channel Company, access to your data is granted to those offices that require it in order to fulfill our contractual and legal obligations. Service providers and vicarious agents employed by us (e.g. technical service providers, transport companies, waste disposal companies) may also receive data for these purposes. We may transfer your personal data to companies affiliated with us, insofar as this is permissible within the scope of the purposes and legal bases stated in this data protection information. We have concluded a Data Processing Agreement with our service providers in accordance with Art. 28 GDPR.
Categories of recipients in this case are providers of Internet service, providers of customer management systems and software, and providers of content management systems and software. Your data will only be passed on to recipients outside the company if this is permitted or required by law, if the transfer is necessary for the processing and thus the fulfillment of the contract or at your request for the implementation of pre-contractual measures or if we have your consent.
In addition, we process data under joint responsibility with The Channel Company, Inc. pursuant to Article 26(1) of the GDPR.
Subprocessors
We use the following service providers to process personal data on our behalf pursuant to Art. 28 GDPR:
|
Subprocessor |
Purpose |
Location |
|
Salesforce |
CRM data management, customer relationship tracking, and workflow enablement |
San Francisco, CA, USA |
|
Convertr |
Campaign execution, lead flow management, and marketing automation |
London, UK |
|
DOMO |
Business intelligence, analytics, reporting, and data visualization |
American Fork, UT, USA |
|
ChannelMetrics |
Performance measurement, attribution, and campaign analytics |
London, UK |
|
Datamatics Business Solutions |
Media-based data collection and campaign audience sourcing |
Jackson Heights, NY, USA |
|
Proffer Media Group |
Media-based data collection and campaign audience sourcing |
Navi Mumbai, India |
For subprocessors located outside the European Economic Area (Salesforce, DOMO, Datamatics Business Solutions, Proffer Media Group), transfers are protected by the European Commission's standard contractual clauses or other appropriate safeguards in accordance with Chapter V of the GDPR.
Sharing of data with event sponsors and partners
Where you register for an event, webinar, or content download (such as a whitepaper) that is sponsored by or produced in partnership with a third party ("Sponsor"), and you have provided your explicit consent at the point of registration, we may share certain personal data with the relevant Sponsor(s).
The data shared may include:
(1) Name
(2) Business email address
(3) Company name
(4) Job title
(5) Job function
(6) Country
(7) Phone number
Sponsors receive this data as independent data controllers and will process it in accordance with their own privacy policies for purposes that may include contacting you about their products, services, and related offerings. The identity of the Sponsor(s) and a link to their privacy policy will be made available to you at the point of registration.
The legal basis for sharing your data with Sponsors is your consent pursuant to Art. 6 para. 1 lit. a GDPR or equivalent consent requirements under applicable local data protection laws. You may withdraw your consent at any time by contacting our Data Protection Officer at the address set out in Section I above. However, please note that withdrawal of consent does not affect data already shared with a Sponsor prior to withdrawal. To exercise your rights in respect of data already held by a Sponsor, you must contact the Sponsor directly.
Where an event, webinar, or content download is not sponsored, or where you do not provide consent, your registration data will not be shared with third parties for their marketing purposes.
International data transfers
Personal data may be processed or accessed in countries outside your country of residence. In the course of using our website, your personal data may be transferred outside the European Economic Area (EEA), including to The Channel Company, Inc. in the United States. Such processing is only carried out to fulfill contractual and business obligations and to maintain your business relationship with us.
Where such processing involves transfers outside the European Economic Area or other jurisdictions with comparable data protection laws, appropriate safeguards are implemented to ensure an adequate level of data protection in accordance with applicable law. This may include adequacy decisions, standard contractual clauses, or other lawful transfer mechanisms in accordance with Chapter V of the GDPR or equivalent international transfer requirements.
Details of the applicable safeguard will be made available to you upon request.
Data retention
Personal data is retained only for as long as necessary to fulfil the purposes described in this privacy notice. Registration data is deleted or anonymized once the relevant purpose has been fulfilled, unless statutory retention obligations or valid consent justify further storage.
VIII. Rights of the data subject
In accordance with Art. 15 para. 1 GDPR, you have the right to request information free of charge about the personal data we have stored about you. In addition, you have a right to correction (Art. 16 GDPR), deletion (Art. 17 GDPR), restriction of processing (Art. 18 GDPR) and data transfer (Art. 20 GDPR) of your personal data if the legal requirements are met. If the data processing is based on Art. 6 para. 1 lit. e or f) GDPR, you have the right to object according to Art. 21 GDPR. If you object to data processing, this will not take place in the future unless the controller can demonstrate compelling legitimate grounds for further processing that outweigh the interest of the data subject in objecting.
If the data processing is based on consent pursuant to Art. 6 para. 1 lit. a or Art. 9 para. 2 lit. a GDPR, you may withdraw your consent at any time with effect for the future without affecting the lawfulness of the previous processing. In the aforementioned cases, in the event of unanswered questions or in the event of complaints, please contact the data protection officer in writing or by e-mail using the contact details provided above. You also have the right to lodge a complaint with a data protection supervisory authority. The data protection supervisory authority of the federal state in which you live or in which the controller has its registered office is responsible.
IX. Additional information for users in certain jurisdictions
1. Germany
If you are located in Germany, your personal data is processed in accordance with the GDPR and the German Federal Data Protection Act (Bundesdatenschutzgesetz, BDSG). Consent for newsletters or sponsor data sharing is obtained through explicit opt-in and is not a condition for participation in events, webinars, or content downloads. You may exercise your rights under the GDPR and BDSG by contacting our Data Protection Officer at the address set out in Section I above. For unresolved concerns, you may lodge a complaint with your competent data protection supervisory authority.
2. United Kingdom
If you are located in the United Kingdom, your personal data is processed in accordance with the UK GDPR and the Data Protection Act 2018. You have the same rights as described in Section VIII above. For unresolved concerns, you may lodge a complaint with the Information Commissioner's Office (ICO) at www.ico.org.uk.
3. Australia
If you are located in Australia, we handle your personal information in accordance with the Australian Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs). In addition to the rights described in Section VIII above:
You may request access to the personal information we hold about you and request correction of any inaccurate, incomplete, or out-of-date information by contacting our Data Protection Officer.
If we collect personal information about you from a third party, we will take reasonable steps to notify you of the collection and the circumstances of that collection.
We will only use or disclose your personal information for direct marketing purposes if you have consented or would reasonably expect us to use the information for that purpose. You may opt out of direct marketing at any time by using the unsubscribe link in any marketing communication or by contacting our Data Protection Officer.
If you are not satisfied with our response to a privacy-related complaint, you may contact the Office of the Australian Information Commissioner (OAIC) at www.oaic.gov.au.
4. Singapore
If you are located in Singapore, we process your personal data in accordance with the Personal Data Protection Act 2012 (PDPA). In addition to the rights described in Section VIII above:
You may withdraw your consent to the collection, use, or disclosure of your personal data at any time by contacting our Data Protection Officer. Upon withdrawal, we will cease (and cause our data intermediaries and agents to cease) collecting, using, or disclosing your personal data, unless such collection, use, or disclosure is required or authorized under applicable law.
You may request access to your personal data in our possession and information about the ways in which your personal data has been or may have been used or disclosed in the year preceding your request.
You may request correction of an error or omission in your personal data.
For unresolved concerns, you may contact the Personal Data Protection Commission (PDPC) at www.pdpc.gov.sg.
5. Japan
If you are located in Japan, we handle your personal information in accordance with the Act on the Protection of Personal Information (APPI). In addition to the rights described in Section VIII above:
You have the right to request disclosure of retained personal data, including the purposes for which it is used.
You have the right to request correction, addition, or deletion of retained personal data if that data is inaccurate.
You have the right to request that we cease using or erase your personal data if we have obtained it improperly or are using it beyond the scope of the originally specified purpose.
You have the right to request that we cease providing your personal data to third parties.
Requests can be made by contacting our Data Protection Officer at the address set out in Section I above.
6. Other jurisdictions
For users in other jurisdictions, the rights and protections described in this policy apply to the extent required by applicable local law. If your local law provides greater protections than those described here, we will comply with those requirements. To exercise any rights under your local law, please contact our Data Protection Officer.
X. Automated decision making/profiling
Personal data collected through event, webinar, content, or newsletter registration is not used for automated decision making, including profiling, within the meaning of Art. 22 GDPR or equivalent provisions under applicable law.
XI. Amendment of this privacy notice
This privacy notice is effective as of 5th March 2026.
Due to the further development of our website and offers on it or due to changed legal or regulatory requirements, it may become necessary to change this privacy policy.
