AuthZone Logo
More than just a badge
Privacy and data protection

Privacy Policy

How AuthZone Limited collects, uses, stores, and protects personal information across our accreditation and access control services.

AuthZone Limited Privacy Policy

Last updated: November 2025

1. Introduction

This Privacy Policy explains how AuthZone Limited collects, uses, stores, and protects personal information in connection with our accreditation management and access control services.

AuthZone Limited operates in the United Kingdom and follows the UK GDPR, the Data Protection Act 2018, and other applicable legislation. This Policy applies to event organisers using the platform and individuals whose information is entered or processed within the system.

2. Definitions

AuthZone

The provider of the accreditation and access control services.

Data Controller

The organisation that determines how personal data is used. For most events, the event organiser acts as the Data Controller.

Data Processor

AuthZone processes data on behalf of the Data Controller.

Data Subject

Any identifiable person whose data is processed, including staff, talent, crew, vendors, volunteers, and contractors.

Personal Data

Any information relating to an identifiable person, including names, emails, photos, roles, organisations, QR codes, and logs.

Special Category Data

Data requiring higher protection. AuthZone does not intentionally collect this unless provided by the event organiser.

Processing

Any operation performed on data such as storage, modification, retrieval, transfer, scanning, or deletion.

Platform

The AuthZone accreditation system, tools, scanners, and supporting applications.

Event Organiser

The party using AuthZone to manage accreditation, usually acting as Data Controller.

Account Administrator

Individuals authorised by the organiser to manage system data and permissions.

Subprocessor

A third party that processes data on AuthZone�s behalf, such as DigitalOcean and Cloudflare.

Service Communications

Automatic messages sent by the system, such as approvals, updates, or onboarding links.

Data Breach

A confirmed or suspected incident involving unauthorised access, loss, or disclosure of data.

ICO

The Information Commissioner�s Office in the United Kingdom.

3. Data We Collect

AuthZone may process the following information:

  • Name
  • Email
  • Phone number
  • Job title or role
  • Organisation or company
  • Profile photo
  • Accreditation category
  • Zone permissions
  • QR or credential data
  • Scan history
  • Login history
  • Operational logs

Children and Minors

Where minors are accredited, the event organiser is responsible for ensuring that appropriate parental or guardian consent has been obtained.

4. Purpose and Lawful Basis

Data is processed for operational event purposes such as:

  • Issuing passes
  • Managing secure access
  • Checking identity
  • Maintaining audit logs
  • Providing operational reporting

Lawful bases include Legitimate Interests and Contractual Necessity. For system monitoring and logs, AuthZone may act as the Controller.

5. Data Storage and Security

Data is hosted on DigitalOcean and protected via Cloudflare. Security measures include encryption, controlled access, logging, monitoring, and permission-based roles.

6. Data Retention

Accreditation records and logs are retained indefinitely for traceability and security. Individuals may request deletion where applicable, but some data must be retained for operational and security reasons. Requests relating to accreditation should be made to the event organiser.

7. Data Access and Disclosure

AuthZone does not sell or share data with third parties unrelated to service operation. Data is shared only with authorised organisers and subprocessors operating under GDPR-compliant agreements.

8. International Access

Data may be stored or accessed from outside the UK due to global cloud infrastructure. All transfers are protected using SCCs and other safeguards.

9. Cookies and Website Usage

AuthZone uses Cloudflare for security and performance. Cloudflare sets essential cookies and processes IP addresses and browser data to prevent malicious traffic and deliver fast, secure access. No advertising tracking is used.

10. Your Rights

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to object

For accreditation data, requests must usually be made to the event organiser. AuthZone can handle requests where it acts as Controller.

11. Automated Decision Making

Automated processes exist for scanning and access checks. No automated profiling with significant effects is performed.

12. Subprocessors

AuthZone uses:

  • DigitalOcean
  • Cloudflare

Additional subprocessors will be added to this policy if introduced.

13. Data Breach Notification

AuthZone will notify the Data Controller without undue delay if a breach occurs and assist with investigations and regulatory reporting. Where AuthZone is Controller, required ICO notifications will be made.

14. Contact Information

AuthZone Limited
Email: [email protected]
4th Floor, Silverstream House, 45 Fitzroy Street, London, W1T 6EB

15. Complaints

Complaints may be made to AuthZone or to the ICO at www.ico.org.uk.

16. Updates

This Policy may be updated at any time. The latest version will always appear on this page.