NPI Privacy Notice – Regional IT Procurement Summit 
London February 25, 2026 

Last updated: December 22, 2025 

Scope 

This Privacy Notice explains how NPI, LLC 3340 Peachtree Road NE, Suite 1280, Atlanta, GA 30326, United States (“NPI”, “we”, “us” or “our”) collects and uses personal data in connection with an inperson event held in London, United Kingdom (the “Event”) and applies to the processing of personal data of individuals who register for, attend, or otherwise interact with the Event, including business contacts acting in a professional capacity. 


NPI is a company established in the United States and does not have an establishment in the European Union or the United Kingdom. It is intended to meet the information requirements of the EU General Data Protection Regulation (GDPR) and the UK GDPR for individuals attending or registering for the Event. 


What do we collect - Categories of Personal Data 

We collect business contact information and related registration details, which may include: 


  • Business contact information (e.g., first and last name, job title, company name) 
  • Professional contact details (e.g., business email address, business telephone number, country of residence and industry or sector) 
  • Registration and attendance details (e.g., event registration status, attendance confirmation) 
  • Communication data (e.g., questions submitted, email correspondence related to the Event) 
  • Technical data collected via our website during registration (e.g., IP address, browser type, device information, timestamps) 


We do not intentionally collect special categories of personal data (as defined under GDPR Article 9). 


If any dietary or accessibility information reveals healthrelated data, this may constitute special category data, which will only be collected where voluntarily provided and strictly as necessary for the organization of the Event. 


How do we collect - Sources of Personal Data 

We collect personal data from the following sources: 


  • Directly from you, when you register for the Event via NPI’s website, communicate with us, or interact with us during the Event; 
  • From third parties and subcontractors, such as event management platforms, registration providers, and marketing or CRM service providers acting on our behalf; and 
  • From publicly available sources, including professional social networks (e.g., LinkedIn), where you interact with NPI content or choose to connect with us in relation to the Event or as otherwise permitted by applicable law. 
  • Automatically through your use of our website and registration pages, using cookies and similar technologies that capture technical and usage data such as IP address, device information, and basic analytics. 


Purposes of Processing and Legal Bases 

We process personal data for the following purposes and legal bases: 

Purpose Legal Basis
Event registration, administration, and logistics Performance of a contract or steps prior to entering into a contract (Article 6(1)(b))
Communication regarding the Event (including updates and logistical information) Performance of a contract (Article 6(1)(b)) and Legitimate interests (Article 6(1)(f)
Managing on-site access, security, and attendance Performance of a contract (Article 6(1)(b)) and Legitimate interests (Article 6(1)(f)
Sharing data with service providers supporting the Event (e.g. provision of badges, on-site access control) Performance of a contract (Article 6(1)(b)) and Legitimate interests (Article 6(1)(f)
Marketing follow-up communications related to NPI’s products and services or feedback surveys Consent (Article 6(1)(a)) or Legitimate interests (Article 6(1)(f) with the ability to opt out at any time
Compliance with applicable legal obligations Legal obligation (Article 6(1)(c)) and Legitimate interests (Article 6(1)(f)

Where marketing communications are based on your consent or legitimate interest, you may withdraw your consent at any time by using the unsubscribe mechanism included in our communications or by contacting us using the details below. 


Our legitimate interests include the effective organization, delivery, security of the Event, and maintaining and developing our business relationships. 


How do we share - Data Sharing and Recipients 

We may share personal data with carefully selected subcontractors and service providers that support the Event and our website, such as: 


  • Subcontractors and service providers supporting the Event (e.g., event management platforms, venue operators, IT and hosting providers, registration and badge-printing vendors, CRM and email communication providers) 
  • Professional advisors (e.g., legal, audit, or compliance advisors) 
  • Public authorities where required by applicable law 


All subcontractors and subprocessors are carefully selected and engaged under written agreements that include appropriate data protection, confidentiality, and security obligations in accordance with GDPR and UK GDPR. Subcontractors process personal data only on our documented instructions. 


International Data Transfers 

As NPI is based in the United States, your personal data may be transferred to and processed in the United States or other countries outside the EU or the UK. 


Where required, such transfers are safeguarded by appropriate transfer mechanisms, including: 


  • Standard Contractual Clauses approved by the European Commission and/or the UK International Data Transfer Addendum; or 
  • Other lawful transfer mechanisms recognized under GDPR and UK GDPR. 


Data Retention 

Personal data will be retained only for as long as necessary to fulfill the purposes described in this Privacy Notice, including: 


  • For the duration of the Event and related follow-up activities; 
  • For marketing purposes, until you object or withdraw your consent, or until we determine the data is no longer needed; and 
  • As required to comply with applicable legal, accounting, or reporting obligations. 


When personal data is no longer required, it will be securely deleted, anonymized, or archived in line with our data retention practices. 


Data Subject Rights 

Under the GDPR and UK GDPR, you may have the following rights in relation to your personal data, subject to applicable conditions and exemptions: 


  • Right of access to your personal data and to receive a copy 
  • Right to rectification of inaccurate or incomplete data 
  • Right to erasure (“right to be forgotten”) in certain circumstances 
  • Right to restriction of processing in certain circumstances 
  • Right to data portability, where processing is based on consent or contract and carried out by automated means 
  • Right to object to processing based on legitimate interests, including profiling, and to object at any time to direct marketing 
  • Where processing is based on consent, the right to withdraw consent at any time 


You also have the right to lodge a complaint with an EU supervisory authority or the UK Information Commissioner’s Office (ICO) if you believe your data protection rights have been infringed. 


Complaints 

You also have the right to lodge a complaint with a supervisory authority, including: 


  • Your local EU data protection authority; or 
  • The UK Information Commissioner’s Office (ICO) www.ico.org.uk 


Security Measures 

We implement appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include administrative, technical, and physical safeguards aligned with industry standards. 


NPI is SOC 2 certified, demonstrating that its systems and controls meet recognized standards for security, availability, and confidentiality. 


Link to NPI’s General Privacy Policy 

This Privacy Notice should be read together with NPI’s general privacy policy, which provides additional information about how NPI processes personal data more broadly: privacy 


Updates to This Privacy Notice 

We may update this Privacy Notice from time to time. Any changes will be posted on our website, and the updated version will be effective as of the date indicated above. 


Contact 

If you have any questions about this Privacy Notice or our data protection practices, please contact: 


NPI, LLC 

3340 Peachtree Road NE, Suite 1280 

Atlanta, GA 30326 

United States 

Email: m@npifinancial.com 

Website: https://www.npifinancial.com/](https://www.npifinancial.com/ 


For the purposes of the GDPR and UK GDPR, NPI is the controller of personal data processed in connection with the Event. If we are required to appoint an EU and/or UK representative under Article 27 GDPR or the UK GDPR, that representative’s contact details will be made available in this section or in the Event registration materials. 


You can contact NPI regarding this Privacy Notice or your personal data rights using the contact details provided on our website or in your Event registration confirmation. 


Updates to this Privacy Policy 

We may update this Privacy Notice, for example to reflect changes in law, our data processing practices, or the Event. Where changes are material, we will take appropriate steps to inform participants, such as by updating the version date at the top of this notice or providing a prominent notice on our website.