-2.png?width=130&height=102&name=Cavea%20Logo%20Option%201%20(6)-2.png "Cavea Logo Option 1 (6)-2")
Privacy Policy for Cavea Group
Last updated: 28 May 2026
This Privacy Policy explains how Cavea Group Limited (“we”, “our”, “us”) collect, use, and protect your personal data when you visit https://www.caveagroup.com (the “Website”), and when you participate in our Emotional Response Sensor Initiative at live experiences.
1. Who We Are
Cavea Group Limited is registered in England and Wales (Company No. 16441752).
Registered Office: 167–169 Great Portland Street, London, W1W 5PF, United Kingdom.
Email: admin@caveagroup.com
2. The Information We Collect
- Identity details such as name, job title, and organisation.
- Contact details such as email address and telephone number.
- Technical data such as IP address, browser type, and operating system.
- Usage data, including visited pages and site interactions.
- Cookies and similar technologies as described in our separate Cookie Policy.
3. How We Use Your Information
- To respond to your enquiries.
- To operate and improve our website and services.
- To analyse trends and monitor website performance.
- To ensure website security and prevent misuse.
- To comply with legal obligations.
4. Lawful Basis for Processing
We rely on consent, legitimate interests, contractual necessity, and legal obligations under the UK GDPR and the Data Protection Act 2018.
5. Data Retention
Data is kept for only as long as needed: up to three years for general correspondence, anonymised analytics after 26 months, and statutory records as required by law.
6. Sharing and Transfers
We may share limited data with trusted service providers (e.g. hosting, analytics). If any data is transferred outside the UK or EEA, we apply appropriate safeguards such as Standard Contractual Clauses or UK adequacy regulations.
7. Your Data Protection Rights
Under UK data protection law, you have rights to access, correct, delete, restrict, or transfer your personal data, and to withdraw consent at any time.
You can contact us at admin@caveagroup.com. You may also raise any concerns with the Information Commissioner’s Office (ICO).
8. Data Security
We employ encryption, access control, and secure hosting to protect your information. Access to data is strictly limited to authorised personnel.
9. Third-Party Websites
Our website may link to third-party sites. We are not responsible for their content or privacy practices and encourage you to review their policies.
Emotional Response Sensor Initiative
The following sections explain how Cavea and our Experience Partner handle your information in relation to the Emotional Response Sensor Initiative at live experiences.
10. Who Is Responsible For The Initiative
The Emotional Response Sensor Initiative is a joint arrangement between Cavea and the Experience Partner.
- Joint responsibility: We have collectively determined how and why your personal data is processed, making us “joint controllers” under data protection laws.
- Contact point: Cavea remain your primary point of contact. For any questions, to understand the arrangement, or to exercise your rights, please contact admin@caveagroup.com.
For activities beyond the scope of the initiative, each of Cavea and the Experience Partner will act as an independent controller, pursuant to their own privacy policies.
The Experience Partner’s identity will be clearly listed on the notice presented to you at the time of consent. If you are unsure of the identity of the Experience Partner, please contact Cavea at the address listed above.
11. Why We Are Processing The Data
We are processing the data listed below in order to measure, understand, and report on the engagement or emotional response of Experience attendees to specific environmental, venue, location, or experience triggers.
The goal of the initiative is to understand generally how Experience attendees react, and not to build any profile on you, or any individual, specifically.
12. What Data We May Collect, And Why
| Data Category | Purpose | Lawful Basis |
|---|---|---|
| Identity data: email address, name, consent status | To record your participation in, and consent to, the initiative. | Consent. Compliance with laws. |
| Physiological data: heart rate, electrodermal activity (skin conductance) | To understand your levels of engagement, or emotional responses to triggering events. | Explicit Consent |
| Location data (if a location-enabled sensor is used, as indicated at the time of entry) | To understand where you are at the Experience, and to then synchronise with the physiological data to understand the locations you were at when your engagement or emotional responses occurred. | Consent |
| Feedback data | To understand your experience with the initiative, and how it could be improved in the future. | Legitimate Interests |
| Consent data | To record that you have consented to the initiative. | Legal Obligation. Legitimate Interests (to ensure we have the required consent). |
| Sensor metadata: sensor ID, MAC address, Participant ID | To ensure that the devices are connected, and able to share the data with us. To separate one participant’s records from another’s. | Legitimate Interests (to manage the initiative you have consented to). |
13. Data Minimisation And Purpose Limitation
- We take steps, and apply technical measures, to separate the Physiological Data and Location Data from any data that could be used to identify you (such as Identity data, or Sensor metadata), so that individuals can no longer be identified. At this point, the data is considered anonymous.
- We use this anonymous data to give the Experience Partner a report on the Experience attendees, and to help us improve our technology in the future.
14. Collection And Withdrawal Of Consent
- We will only provide you with a sensor and process the data above if you consent for us to do so. We will ask you for this explicit consent either directly (at the stand when you collect the sensor) or through the Experience Partner.
- If you change your mind, you can remove the sensors, and return the sensors to us with a request to cease the processing.
15. Who We May Share Your Personal Data With
- Between Cavea and the Experience Partner.
- With our Service Providers. This includes third parties acting on our behalf to provide IT and data infrastructure, marketing tools, feedback tools, and security services.
- With legal or regulatory authorities. We may share your personal data with a legal, or regulatory authority if we are required to do so by law, or pursuant to a binding regulatory request.
16. International Transfers Of Initiative Data
We do not currently plan to transfer your personal data outside of the UK or European Economic Area (EEA). If this changes, and an international transfer is required, we will ensure that such transfer is afforded an equivalent level of protection through legal safeguards such as adequacy decisions, or contractual safeguards. You have the right to request a copy of the specific safeguards applied to your data by contacting Cavea at admin@caveagroup.com.
17. How We Keep Initiative Data Secure
We have implemented industry standard security measures to prevent unauthorised access to, use of, or loss of your data. We also make sure that third parties who need to handle your data when helping us to deliver our services are bound by appropriate confidentiality and security obligations.
18. How Long We Keep Initiative Data
We will only keep your data for as long as necessary to fulfil the goals of the initiative.
To comply with our legal obligations, and to be able to defend against potential legal claims, we typically retain consent data for a period of 6 years following the end of our relationship with you.
Please note: we may retain anonymised data (where you can no longer be identified) indefinitely for statistical and research purposes without further notice to you.
19. Your Rights In Relation To The Initiative
You may have various rights under applicable data protection and privacy laws which entitle you, in certain circumstances, to:
- ask us for a copy of the personal data we hold about you;
- correct or update your personal data, which you can do yourself by logging into your account (if relevant) or, if you would prefer, please contact us and we can assist;
- request that we delete your personal data;
- object to the handling of your personal data where we are relying on a legitimate interest (as set out in the table above);
- restrict the processing of your personal data;
- request the transfer of your personal data (or some of it) to a third party; or
- where you have provided your consent for something, you may withdraw this consent (but note that we may continue to use your personal data if we have other legal grounds for doing so).
Please contact us if you would like to exercise your rights, which you can do for free in most cases. There are some circumstances where we may charge a reasonable fee, for example where your request is clearly unfounded, repetitive or excessive. Alternatively, we may refuse to comply with your request in these circumstances. Otherwise, we will always respond within one month (unless there is a legal reason for us to take longer).
If it is not clear to us who is making the request, we may ask you to confirm your identity before we proceed.
You may also contact your national data protection authority if you have any concerns about the way we are handling your personal data. However, where possible, please speak to us first as we would appreciate the opportunity to help with your concern.
20. Updates To This Policy
This policy may be updated periodically. The latest version will always be posted on this page with the current revision date.
21. Contact Us
Cavea Group Limited
167–169 Great Portland Street, London, W1W 5PF, UK
Email: admin@caveagroup.com
Website: https://www.caveagroup.com