Privacy Policy

Data Controller: VAP Digital Media FZ LLC (Trade Licence No. 103992) | Primary Legal Basis: UAE PDPL Federal Decree-Law No. 45/2021 + Executive Regulations | Secondary Frameworks: KSA PDPL (Royal Decree M/19 as amended) + HK PDPO (Cap.486) + SG PDPA 2012 (amended 2020) + EU GDPR + UK GDPR + CCPA/CPRA

1-Introduction & Scope

VAP Digital Media FZ LLC (“we”, “us”, “our”), operating Global Games Show as a trading brand, is committed to protecting your personal data. This Privacy Policy governs all personal data collected through www.globalgamesshow.com, Event registrations, ticketing, and any other interaction with the Organiser worldwide.
Because our Website is accessed globally and we run advertising campaigns worldwide, we acknowledge the applicability of multiple data protection frameworks and apply the highest applicable standard for each category of data subject.

2-Personal Data We Collect

Category Data Points Source & Legal Basis
Identity Full name, title, nationality, ID/passport number (accreditation only) Registration / contract necessity
Contact Email, phone, postal address, country Registration / contract necessity
Professional Job title, company name, industry, LinkedIn URL, company logo Registration / legitimate interests
Financial Payment records, VAT number (card data held only by PCI-DSS processor) Ticket purchase / contract necessity
Technical IP address, browser, device, OS, pages viewed, referral URLs, cookies, advertising interaction data Automatic collection / consent (marketing cookies)
Event / Badge Attendance records, session access, badge scan data, networking interactions Event management / contract necessity
Communications Emails, enquiries, feedback, survey responses Direct submission / legitimate interests
Media Photographs, video, audio in which you appear at Events Consent / legitimate interests
Badge Scan Data Contact details shared with exhibitors/sponsors when badge scanned Your choice at Event (see Article 7 of T&C)

3- Legal Basis for Processing

UAE PDPL (primary): Contract necessity, consent, legitimate interests, legal obligation. KSA PDPL: Same bases; note data localisation requirements under Article 29. HK PDPO: Specified purpose notification under DPP1(3) at point of collection. SG PDPA: Consent or deemed consent under Parts III-IV; Do Not Call Registry compliance for SMS. EU/UK GDPR: Article 6 lawful bases; separate Article 9 basis for special categories. CCPA/CPRA: Right to opt out of sale/sharing; right to know and delete.

4-Use of Your Data

We use your data to: (a) process registrations and Ticket purchases; (b) send Event operational communications; (c) manage access control and security; (d) send marketing communications about future Events (with your consent); (e) conduct analytics; (f) comply with legal and tax obligations; (g) enforce our Terms; (h) share contact data with Event sponsors and exhibitors where you have consented or scanned your Badge; (i) produce and distribute Event photography and video; (j) deliver and measure global advertising campaigns; (k) use registered company names and logos in Event marketing materials (as per Article 3 of the T&C).

We do not sell your personal data to any third party for that party’s own marketing purposes without your express consent.

5-Global Advertising & Data Transfers

5.1  VAP Digital Media FZ LLC runs digital advertising campaigns globally through Google Ads, Meta (Facebook/Instagram), LinkedIn, and other platforms. These platforms may process your data as independent controllers when you interact with our advertisements.

5.2  International transfers outside the UAE: only to jurisdictions with adequate protection or subject to appropriate safeguards (standard contractual clauses, binding corporate rules, or explicit consent) per UAE PDPL Executive Regulations. KSA PDPL Article 29 cross-border restrictions are observed for KSA resident data.

6-Data Sharing

We share your data with: (a) Event Sponsors/Exhibitors (where you have consented or scanned your Badge at their stand); (b) Service Providers acting under data processing agreements; (c) Venue Operators and Security for access control; (d) Regulatory and Legal Authorities where required by law; (e) VAP Group affiliated entities for operational purposes; (f) Global advertising platforms (subject to cookie consent); (g) Government entities as required by applicable law.

Fraud prevention notice: VAP Digital Media FZ LLC will never sell or provide attendee personal data to third parties who have not been involved in the Event as a sponsor, exhibitor, or official service provider. Any third party claiming to sell or have access to our attendee database should be treated as fraudulent and reported immediately to legal@vapgroup.co.

7-Retention

Event registration and attendance data: 7 years (UAE VAT/legal compliance). Marketing consent records: until withdrawal plus 3 years. Financial transactions: minimum 5 years (UAE VAT Law). Technical/cookie data: per Cookie Policy. Badge scan data shared with third parties: governed by that third party’s retention policy. KSA: per SDAIA guidelines. HK PDPO DPP2: only as long as necessary. SG PDPA retention limitation obligation: until purpose fulfilled.

8-Your Rights

Right UAE PDPL HK PDPO / SG PDPA Action
Access 30 days HK: 40 days / SG: 30 days Email legal@vapgroup.co
Correction 30 days HK: 40 days / SG: 30 days Email legal@vapgroup.co
Erasure Where no overriding basis Where no longer necessary Email legal@vapgroup.co
Portability Yes (PDPL) SG PDPA: Yes Email legal@vapgroup.co
Withdraw consent Immediate Immediate Unsubscribe link / email
Breach notification UAE Data Office HK: PCPD (recommended) / SG: PDPC within 3 days Internal — legal@vapgroup.co

9-Photography, Media & Events

Events are recorded, photographed, and filmed for promotional and archival purposes. By attending, you acknowledge and consent to your likeness, voice, and appearance being captured and used by the Organiser for marketing across all media worldwide without additional compensation. If you object, notify us in writing before the Event at legal@vapgroup.co.

10-Children's Data

Our Events are directed at business professionals aged 18 or over. We do not knowingly collect personal data from persons under 18. If we become aware we have collected such data, we will delete it promptly.

11-Security & Breach Response

We implement appropriate technical and organisational security measures per UAE PDPL requirements. In the event of a data breach, we will notify the UAE Data Office. For KSA resident data, we will notify SDAIA. For Singapore resident data, we will notify the PDPC within 3 calendar days of assessment. For HK resident data, notification to the PCPD is recommended.