Chameleon Privacy Policy

On the 25th May 2018, the General Data Protection Regulation (GDPR) came into effect across Europe and it gives more control to individuals over how their personal data is used.

Here at Chameleon, we take our obligations to preserve, protect, manage and control the data/personal information of our customers, staff and other business partners very seriously. We have therefore updated this notice to let you know how we collect and use information in the course of our day to day operations.

Who are we?

We are Chameleon.

Chameleon (“we”, “us”) is committed to keeping your information secure and managing it in accordance with our legal responsibilities, under the privacy and data protection laws applicable wherever we operate in the world (predominantly the UK and Europe), as well as the General Data Protection Regulation (Regulation (EC) 2016/679 (“GDPR”) in the European Union (“EU”).

We are a data controller. This means we are responsible for deciding how we control and use personal information about you. You are being provided with a copy of this privacy policy because you are visiting our website, or your details have been obtained either directly from your submission through our website or staff contact or staff research and you have requested a copy of the policy via our Data Protection Officer.

This policy makes you aware of why and how your data will be used, namely for the purposes of event production (see for a full list of services) and related event services and how long it will usually be retained for. It provides you with certain information that must be shared under the GDPR.

We keep this Privacy Policy under regular review and update it from time to time. We, therefore, encourage you to review it regularly. It was last updated in May 2018.

Who does this policy apply to?

This policy will apply to enquirers, clients, suppliers and sources of information.

How is your personal information collected?

We may collect personal information about enquirers, clients, suppliers and sources from:

  1. You
  2. Named contacts within your organisation
  3. Other third party data subjects publicly accessible sources eg LinkedIn


How we use your personal data

We need the information we source primarily to allow us to perform our contract with our clients and to enable us to comply with our legal obligations. In some cases, we may use your personal information to pursue legitimate interests of our own or those of third parties, provided your interests and fundamental rights do not override those interests.

The situations in which we will process your personal information are listed below:

  • The planning and coordination of events and event activities
  • Targeting specific communications
  • Business management and planning, including accounting and auditing
  • To conduct data analytics
  • Fulfilment of our contractual obligations
  • Comply with legal requirements – HMRC etc.

Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.


Data sharing

We may need to pass your personal data to other companies which may include:

  • Other companies within our network of suppliers should we require to source additional resources to produce events.
  • Firms that provide administration and processing services to us or on our behalf under contract in order to complete activities such as IT systems and administrative services and other activities set out in this privacy notice, as well as support activities such as finance and auditing services
  • Organisations that have a specific role laid out in law, such as statutory bodies, regulatory authorities and other authorised bodies
  • Other organisations where we have a duty to or are permitted to disclose your personal information by law, for example if we received a valid request from the police or other third party organisation in the interest of preventing and detecting crime
  • Fraud prevention agencies and operators of registers available to the events industry to check information and prevent fraud
  • Credit reference agencies to check your credit history. This check will be recorded on your credit reference file without affecting your ability to apply for credit or other financial products
  • Third parties we use to recover money you may owe us or to whom we may sell your debt
  • Another company, if our business or part of it is bought or taken over by that company to make sure your event can continue to be serviced or as part of preliminary discussions with that company about a possible sale or take over


Data retention

It is our policy to only keep your personal data for as long as is required to provide our services to our clients, and in accordance with our fiduciary obligations to fulfil legal, tax and accounting requirements. Where your personal data is no longer required, we will ensure it is disposed of in a secure manner. Where required by law, we will notify you when this has happened.


Rights of access, correction, erasure and restriction

Under certain circumstances, by law, you have the right to:

  1. Request access to your personal information (commonly known as a “data subject access request”). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it.
  2. Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate information we hold about you corrected.
  3. Request erasure of your personal information. This enables you to ask us to delete or remove personal information where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal information where you have exercised your right to object to processing (see below).
  4. Object to processing your personal information where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object where we are processing your personal information for direct marketing purposes.
  5. Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of personal information about you, for example if you want us to establish its accuracy or the reason for processing it.
  6. Request the transfer of your personal information to another party.


If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal data, or request that we transfer a copy of your personal information to a third party, or if you would like to view a copy of our full privacy policy, please contact our Data Protection Officer (DPO) in writing as outlined below:


The Data Protection Officer
AV Networks T/A Chameleon
8 Vincent Avenue
Milton Keynes


Please note that our Privacy Policy sits on the Chameleon website and is managed by AV Networks Ltd Trading as Chameleon.  We comply fully with that policy and we take your rights under the legislation seriously. Any further information relating to your rights and our GDPR policies may be obtained by contacting