Worldwide Events, a trading name of Big Worldwide Limited (company number 03210436), operates a family of brands including m&i, Private Luxury Events, Amour, Love Travel Awards, RendezVerse, and tosavenow.space. Safeguarding your personal data across each of these experiences is central to how we work.

This notice explains how we collect, store, and use the information you share when browsing our websites, joining our mailing lists, purchasing services, or attending our experiences. It also summarises your privacy rights and how legislation protects you. Our services are built for adults; if we learn that data relating to children has been captured, we will remove it. Please notify us at help@tosavenow.space if you believe a child’s information is in our systems.

A glossary at the end of this document clarifies key terms for quick reference.

1. Key information & who we are

Always read this policy alongside any additional privacy notice we provide at the point of data capture so you know exactly how your details will be used.

Controller. Worldwide Events is the controller responsible for your information (referred to as “we”, “us”, or “our”). Our dedicated Data Protection Officer (DPO) can be reached at:

• Email: help@tosavenow.space
• Address: Data Protection Officer, Worldwide Events, 5–7 Marshalsea Rd, London, SE1 1EP
• Phone: 020 7380 8584

Policy changes. We refresh this statement regularly; the latest update is dated 9 September 2025. Let us know whenever your personal details change so our records remain accurate.

Third-party links. Our digital platforms may contain links to partner services. Once you leave our domain, their privacy rules apply, so we encourage you to review them.

2. Data we collect

“Personal data” means information that can identify you. Data that has been anonymised is not considered personal data.

Depending on the touchpoint, we may gather:

• Identity data: name, title, job role, and similar identifiers.
• Contact data: addresses, email accounts, and telephone numbers.
• Transaction data: payment history and service purchases.
• Technical data: IP address, login details, browser type, time zone, plug-ins, and device information.
• Profile data: biography, dietary or access requirements, nationality, prior events, interests, and survey responses.
• Usage data: how you interact with our sites, content viewed, and features accessed.
• Professional data: bios, imagery, or video used in promotional outputs.
• Event imagery: photos and video captured during events.
• Marketing preferences: choices about which communications you wish to receive.

We do not routinely collect sensitive personal data or criminal offence information. When you voluntarily share medical, dietary or accessibility notes, we only use them to support your event experience.

Aggregated insights derived from personal data (for example, anonymised statistics) may be used for analysis. If those insights can once again identify you, they are treated as personal data.

If a law or contract requires certain information and you choose not to supply it, we might be unable to deliver a service. We will let you know when that situation arises.

3. How we collect data

We capture personal data in three primary ways:

• Direct interactions: submitting a form, registering for an event, engaging with our app, subscribing to newsletters, requesting marketing, joining competitions, or providing feedback.
• Automated technologies: cookies, server logs, and similar tools gather Technical and Usage data when you browse our sites. See our Cookie Policy for details.
• Third-party sources: analytics providers, advertising networks, search engines, payment processors, data brokers, or social platforms may send Identity, Contact, or Technical information where laws permit.

4. How we use your data

We only handle personal data when the law allows. The main legal bases are:

• fulfilling a contract with you;
• pursuing our legitimate interests (or those of a third party) where your rights do not override them; and
• meeting legal or regulatory obligations.

On the rare occasion we rely on consent, you can withdraw it at any time by contacting us.

Typical reasons for processing include event registration, payment handling, personalised communications, customer support, analytics, security, and legal compliance. Some activities may rely on more than one legal basis.

Marketing preferences

We want you to control how we communicate. We use Identity, Contact, Technical, Usage, and Profile data to determine what content might be relevant. You’ll hear from us if you’ve asked for information, purchased services, or opted into our newsletters—and you can unsubscribe at any time via the link in each message or by emailing the DPO.

We never share your information with third parties for marketing unless the law allows and, where required, you have explicitly opted in.

Cookies can be disabled in your browser, but doing so may impact site functionality.

If we plan to use data for a new purpose that’s incompatible with the original reason you provided it, we’ll inform you and explain the legal basis.

5. Sharing your data

We may disclose personal data to:

• other companies within the Worldwide Events group, where permitted;
• event partners and fellow attendees (to facilitate networking elements that form part of our services);
• professional advisers in the UK such as lawyers, bankers, auditors, and insurers; and
• HMRC, regulators, or other authorities when legally required.

During corporate transactions (mergers, acquisitions, etc.), your data may transfer to a new owner under the same safeguards.

We require all recipients to treat your personal data confidentially and in line with the law.

6. International transfers

Some Worldwide Events group entities are based outside the UK, so your data may move internationally. We protect it by:

• using binding corporate rules within our group;
• transferring data only to countries recognised as providing adequate protection; or
• putting UK-approved contractual safeguards in place with service providers.

Contact us if you’d like more detail on these protections.

7. Data security

We employ administrative, technical, and physical safeguards to prevent personal data from being lost, misused, or accessed without authorisation. Access is limited to people who genuinely need it to perform their roles.

Information is stored in encrypted cloud infrastructure (AES-256 encryption for databases, backups, replicas, and snapshots), and we have incident-response procedures for suspected breaches. If legally required, we will notify you and relevant regulators.

8. Data retention

We retain personal data only for as long as necessary to fulfil the purposes we collected it for, including satisfying legal, accounting, or reporting requirements. In most cases this is two years, unless a longer period is required by law.

Where data is anonymised, we may use it for research or statistical purposes indefinitely without further notice.

9. Your rights

Under data-protection law you can request to access, correct, erase, restrict, or transfer your personal data, and you can object to certain processing. Where we rely on consent, you may withdraw it at any time.

To exercise these rights, contact the DPO at help@tosavenow.space. We typically respond within one month, although complex or repeated requests may require a reasonable fee.

You may lodge a complaint with the Information Commissioner’s Office (ico.org.uk), but we encourage you to speak with us first so we can resolve concerns directly.

10. Glossary

• Legitimate interest: the interest of our business (or a third party) in conducting and managing our services, balanced against your rights.
• Performance of a contract: processing needed to deliver a contract we have with you or to take preparatory steps at your request.
• Legal obligation: processing necessary to comply with UK law or regulation.