Privacy Policy

This Privacy Policy explains how we collect and process personal data when you visit our website, including uk.healthoptimisation.com and our event booking pages at book.healthoptimisation.com, and when you interact with our services.

Last Updated: 1 April 2026

1. Introduction

Health Optimisation Summit Ltd (“we”, “us”, or “our”) is committed to protecting your privacy and handling your personal data in a transparent, secure, and lawful manner.

This Privacy Policy explains how we collect and process personal data throughout the full lifecycle of our events, including pre-event marketing, ticket purchase and registration, event attendance, and post-event communications.

This includes the Health Optimisation Summit taking place in the United Kingdom from 11–13 September 2026, as well as our websites, communications, and related services.

We process personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR).

2. Data Controller

The data controller is:

Health Optimisation Summit Ltd
Company No: 11881895
Registered Office:
23 High Street
Bagshot, Surrey
United Kingdom
GU19 5AF

Email: enquiries@healthoptimisation.com

We have not appointed a Data Protection Officer, as we are not required to do so under applicable law. However, you can contact us using the details above for any data protection queries.

3. Personal Data We Collect

3.1 Information You Provide

We may collect and process personal data that you provide when purchasing tickets, registering, or interacting with us, including:

  • name

  • email address

  • telephone number

  • company name (where applicable)

  • job title

  • gender

  • date of birth

  • ticket purchases, bookings, and payment information

  • identification details where required for event access or eligibility verification

  • identification documents submitted for eligibility-based tickets (e.g. NHS or discounted tickets)

  • dietary requirements and accessibility needs

  • health-related information provided via onboarding or event forms

  • correspondence and communications with us

3.2 Automatically Collected Information

When you use our website, we may automatically collect and process:

  • IP address

  • browser type and version

  • device type and operating system

  • referring URLs

  • pages viewed and time spent on the Site

  • cookies and similar tracking technologies

4. Special Category Data (Health Information)

For certain events, we may process limited health-related information, such as:

  • allergies or intolerances

  • injuries or medical considerations

  • dietary requirements relevant to safety or wellbeing

This data is processed solely to support attendee safety and wellbeing.

Providing this information is optional; however, failure to do so may affect our ability to accommodate certain needs.

We process this data only with your explicit consent in accordance with Article 9(2)(a) UK GDPR.

5. How We Use Your Information

We process personal data to:

  • operate, manage, and improve our websites

  • process ticket purchases and bookings

  • administer your participation in events

  • send service communications necessary to deliver your booking (including event updates, logistics, and important information)

  • manage on-site operations, including registration, badge scanning, and access control

  • verify attendee identity at event entry, including checking identification where required to match registration details

  • verify eligibility for restricted or discounted tickets (such as NHS tickets)

  • prevent ticket fraud, misuse, or unauthorised transfers

  • coordinate venues, catering, accommodation, and event logistics

  • ensure attendee safety, safeguarding, and wellbeing

  • understand attendee demographics and improve event experience (using aggregated and anonymised data where possible)

  • analyse website usage and improve performance

  • comply with legal and regulatory obligations

  • prevent fraud and maintain security

  • send marketing communications in accordance with your preferences and applicable law

  • follow up after events with content, feedback requests, and future event information

  • capture photography and video during events for documentation and promotional purposes

Identity Verification:
We may require attendees to present identification at the event to confirm that the individual attending matches the registration details. We do not collect or retain copies of identification documents for general event entry.

Eligibility Verification (e.g. NHS Tickets):
Where you purchase a restricted or discounted ticket, you may be required to upload proof of eligibility. This information is used solely to verify eligibility prior to the event.

Photography and Filming:
We may capture photography and video during events as part of our legitimate interests in documenting and promoting our events. Attendees will be informed via signage and event communications.

If you prefer not to be photographed or recorded, you may notify event staff or avoid designated filming areas where reasonably practicable. Where individuals are the primary focus of images or recordings, we may seek additional consent where appropriate.

6. Legal Bases for Processing

We rely on the following legal bases under UK GDPR:

Performance of a Contract
To process ticket purchases, manage bookings, verify attendee identity at entry, and deliver event services.

Legitimate Interests
To operate, manage, analyse, and improve our events and services, including fraud prevention, security, access control, safeguarding, and understanding attendee demographics in a proportionate and non-intrusive way.

Consent

  • For marketing communications (where required under PECR)

  • For processing special category (health) data

You may withdraw consent at any time or unsubscribe using the link in our emails.

Soft Opt-in (Existing Customers)
Where you purchase a ticket or engage our services, we may send you information about similar events or services, unless you opt out at the time of data collection or via subsequent communications.

Legal Obligation
Where processing is necessary to comply with applicable laws or regulatory requirements.

We do not carry out automated decision-making or profiling that produces legal or similarly significant effects.

7. How We Share Your Information

We do not sell your personal data.

We may share personal data with:

  • event venues, catering providers, accommodation partners, and event staff where necessary

  • service providers (e.g. payment processors, email platforms, analytics tools, hosting providers, and ticketing systems)

  • professional advisers (legal, accounting, insurance)

  • regulatory authorities or law enforcement where required by law

Exhibitors and Badge Scanning
Our events may include exhibitors or vendors who use badge scanning technology.

If you allow your badge to be scanned, your personal data (such as name, email address, and company) will be shared directly with that exhibitor, who becomes an independent data controller.

We do not control how exhibitors use your data after it has been shared and recommend reviewing their privacy policies.

Badge scanning is entirely optional and you may decline at any time.

We take steps to ensure that third parties process personal data securely and only for authorised purposes.

8. International Transfers

Some service providers may process personal data outside the United Kingdom.

Where this occurs, we ensure appropriate safeguards are in place, including:

  • UK adequacy regulations

  • the UK International Data Transfer Agreement (IDTA)

  • or Standard Contractual Clauses (SCCs)

9. Cookies and Tracking Technologies

We use cookies and similar technologies to:

  • enable essential website functionality

  • analyse usage and performance

  • support marketing and advertising

Where required by law, we obtain your consent before placing non-essential cookies.

You can manage cookie preferences via your browser settings or our consent tools.

For more detailed information, please see our Cookie Policy.

10. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy.

We aim to retain personal data in line with the following general timeframes, depending on legal, operational, and business requirements:

  • transaction and ticketing data: typically up to 6 years

  • marketing data: until you withdraw consent or unsubscribe

  • customer communications: typically up to 2 years

  • health data: retained only as long as necessary for event safety and then securely deleted

  • identification documents for eligibility verification: retained only until verification is completed and then securely deleted within a short period

Event-related data may be retained for a limited period after the event (11–13 September 2026) for operational, legal, and analytical purposes.

11. Your Rights

Under UK GDPR, you have the right to:

  • access your personal data

  • request correction of inaccurate data

  • request erasure (where applicable)

  • restrict or object to processing

  • request data portability

  • withdraw consent at any time

  • object to direct marketing at any time

To exercise your rights, contact: enquiries@healthoptimisation.com

12. Complaints

If you are dissatisfied with how we handle your personal data, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO):
https://www.ico.org.uk

We encourage you to contact us first so we can resolve your concern.

13. Children’s Data

We offer tickets for children under the age of 16.

All tickets for children must be purchased by a parent or legal guardian, who is responsible for providing personal data and giving consent on their behalf.

We set a higher age threshold of 16 for safeguarding purposes.

Children’s personal data is used solely for registration, safety, and operational purposes and is not used for marketing.

14. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, misuse, or alteration.

Where identification documents are processed for eligibility verification, we minimise the data processed, restrict access, and do not retain such documents longer than necessary.

15. Failure to Provide Data

Where we require personal data to fulfil a contract or provide services and you do not provide it, we may not be able to deliver those services.

16. Changes to This Policy

We may update this Privacy Policy from time to time. Updates will be posted on this page with the revised “Last Updated” date.

17. Contact Us

If you have any questions about this Privacy Policy or how we handle your data, please contact:
enquiries@healthoptimisation.com

Terms & Conditions >