Privacy Policy — NextGen Investor Registration Portal

Last updated: 16 September 2025

Welcome to the NextGen Investor Registration Portal (the “Portal”) for the NextGen Grand Finale (9 October 2025) and the Executive Business Dinner (10 October 2025), hosted by NextGen Innovation and event partners (“we”, “us”, “our”).

This Privacy Policy explains what personal data we collect through the Portal at nextgeninnovation.ng (and any sub‑pages used for registration), why we collect it, how we use and share it, and the rights available to you.

Who this applies to: investors and their delegates registering for the events, media/admin users with view access, and visitors to the registration pages.

1) Who we are & how to contact us

Data Controller: NextGen Innovation (on behalf of the NextGen events program) and, where applicable, co‑hosts NBTI and UKALD (together, the “Organizers”).

Event correspondence address: Hilton London Paddington, 146 Praed St, London W2 1EE, United Kingdom
Email: privacy@nextgeninnovation.ng

If you have questions about this notice or wish to exercise your rights, please contact us using the details above. You may also have the right to contact your local data protection authority.

2) Scope of this policy

This policy covers personal data processed via the Portal for:

Event registration and attendance (Grand Finale, Executive Dinner)
Approvals and seating allocation
Badge generation and onsite check‑in
Media coordination (logos, bios, headshots)
Event communications (confirmations, reminders, logistics)
Post‑event follow‑ups (thank‑you notes, investor materials, feedback)

This policy does not cover third‑party websites you may access via links (e.g., airline or hotel sites) or public media coverage produced by external outlets.

3) What data we collect

We only collect data necessary to deliver the events and related services. Categories include:

A. Organisation data

Organisation / Investment firm name (required)
Trading/brand name (if different)
Website URL
Company profile (public blurb, 80–120 words)
Company logo (SVG/AI/EPS/PNG; processed for badges/screens)
Headquarters country/city

B. Investor profile

Portfolio type (e.g., VC, PE, Family Office, Corporate Venture, Angel Network, Impact Fund, Sovereign, Development Finance, Other)
Typical ticket range
Sectors and stages of interest
Geographic focus

C. Delegate data (up to 3 by default)

Full name and job title (required)
Work email (required) and phone/WhatsApp (E.164)
Dietary or accessibility needs
Consent to appear in attendee lists/media

D. Event selection & logistics

Chosen events (Grand Finale; Executive Dinner)
Dinner seating preferences (e.g., sector tables)
1:1 matching interests (optional)
Visa support (if requested): passport details and related identifiers strictly for issuing letters

E. Media & permissions

Media interview interest (yes/no) and on/off‑record preference
Executive headshot (JPG/PNG) and approved public bio

F. System & usage data

Portal usage logs, device/browser metadata, IP address, cookie identifiers, basic analytics (see Cookies & Analytics below)

Special category data: We do not intentionally collect sensitive data. Limited health‑related information may be provided only to address dietary/allergy or accessibility needs, and is handled with heightened care and access restrictions.

4) Why we process your data (purposes & lawful bases)

We process personal data under one or more of the following lawful bases:

Purpose	Examples	Lawful basis
Registration & participation	collecting submissions; eligibility checks; admin review; approvals/declines; confirmations with QR tickets and .ics calendar	Contract (to perform our agreement with you); Legitimate interests (to run the events)
Seating & logistics	allocating tables; capacity management; generating badges; onsite check‑in; supporting walk‑ins	Legitimate interests (efficient event operations; safety)
Media coordination	managing logos, headshots, bios; press/interview lists	Consent (where required for publicity); Legitimate interests (event communications)
Communications	acknowledgments; reminders; updates; post‑event thank‑you and materials	Legitimate interests; Consent for optional marketing updates
Visa support	issuing support letters based on provided passport info	Legal obligation/Vital interests/Legitimate interests (facilitating entry)
Security & fraud prevention	CAPTCHA/bot checks; abuse monitoring	Legitimate interests; Legal obligation
Analytics & service improvement	conversion, drop‑off, performance	Legitimate interests; Consent where required for cookies/GA4
Compliance & record‑keeping	audit trails; responding to data rights	Legal obligation

You can withdraw consent at any time where we rely on consent (e.g., appearing in public materials, optional comms), without affecting prior processing.

5) Where we get your data

Directly from you (forms, emails, onsite check‑in)
From your colleagues where they register delegates on behalf of your organisation
From public sources you provide (e.g., company website, official logo files)

6) How we use automated processing

We do not make decisions with legal or similarly significant effects based solely on automated processing. Seating suggestions and badge layouts may be semi‑automated but reviewed by staff.

7) How long we keep your data (retention)

Registration & attendance records: retained for the event cycle and up to 24 months thereafter to support reporting and follow‑ups, unless a shorter period is required by law or you request deletion sooner.
Visa support data: kept only as long as necessary to issue letters and for a short verification window, typically 90 days after the event.
Media assets (logos/headshots): retained for event collateral and post‑event galleries unless you revoke consent or request removal.
System logs & backups: operational logs per our security practice; daily backups with 14–30 days retention.

When data is no longer needed, it is deleted or anonymized.

8) How we share data

We share data only as needed for the purposes described:

Service providers (processors): email delivery (e.g., SendGrid/Mailgun/SES), cloud storage/CDN (e.g., AWS S3/CloudFront or equivalent), analytics (e.g., GA4/Matomo), CRM (e.g., HubSpot/Salesforce/Airtable), badge & QR tooling. These providers are bound by contracts and confidentiality.
Event operations: venue and security (guest lists, seating), check‑in teams, printing vendors for badges/table cards.
Media partners: only for participants who opted into interviews or public listing.
Legal & safety: regulators, law enforcement, or to defend legal claims when required by law.

We do not sell your personal data.

9) International transfers

Because our events occur in the UK and our systems may use global cloud providers, data may be transferred outside your country. Where we transfer personal data from the UK/EU, we rely on lawful transfer mechanisms (e.g., UK/EU Standard Contractual Clauses, adequacy decisions) and implement appropriate safeguards.

10) Security

We use administrative, technical, and physical safeguards to protect data, including:

HTTPS/TLS 1.2+ across the Portal
Role‑based access controls (admin, media/read‑only)
File type/size validation and antivirus scanning on uploads
Least‑privilege access and audit logging of admin actions
Regular backups and disaster‑recovery planning

No system is 100% secure; please notify us promptly if you suspect any misuse or breach.

11) Your rights

Depending on where you live, you may have rights to:

Access a copy of your personal data
Correct inaccurate or incomplete data
Delete your data (erasure) and withdraw consent
Restrict or object to certain processing
Port your data to another provider (where technically feasible)
Lodge a complaint with your data protection authority

How to exercise your rights: email us at privacy@nextgeninnovation.ng. We aim to acknowledge requests within 72 hours and respond within the timelines required by law (typically 30 days under GDPR/UK GDPR and the Nigeria Data Protection Act 2023 (NDPA)).

12) Cookies & analytics

We use cookies and similar technologies to operate the Portal and understand engagement.

Strictly necessary: session management, security (e.g., CAPTCHA)
Functional: remembering draft progress, form validation states
Analytics: measuring registrations, conversion, and performance (e.g., GA4 or Matomo)

Where required, we will present a cookie banner with controls for non‑essential cookies. You can also control cookies via your browser settings.

13) Children

The Portal is for professional investors and their delegates. We do not knowingly collect data from children under the age of 16 (or as defined by local law).

14) Event photography & media

Official photographers and videographers may capture images during the events. We may use these in post‑event materials and publicity. We will respect your stated on/off‑record preferences and media consent choices. You may request removal of identifiable images where feasible.

15) Third‑party links

The Portal may link to third‑party sites or services. Their privacy practices are governed by their own policies; please review those separately.

16) Changes to this policy

We may update this policy to reflect operational or legal changes. Material changes will be highlighted on the Portal. Continued use of the Portal after changes means you accept the updated policy.

17) Local legal bases & frameworks

We process data in accordance with applicable laws, including UK GDPR, EU GDPR, and Nigeria’s NDPA (2023). Where frameworks differ, we apply the stricter standard when feasible and ensure appropriate contractual safeguards with processors.

18) Contact details & complaints

Email: privacy@nextgeninnovation.ng
UK queries: You can contact the UK Information Commissioner’s Office (ICO) via ico.org.uk
Nigeria queries: You can contact the Nigeria Data Protection Commission (NDPC)

We encourage you to contact us first so we can address your concerns directly.

Quick summary (plain language)

We collect only what we need to run the events (org info, delegates, logistics, media assets).
We use it to register you, seat you, send tickets/reminders, and coordinate media.
We protect your data and don’t sell it.
You control optional publicity and marketing. You can ask to view, correct, or delete your data.
Questions? Email privacy@nextgeninnovation.ng.