Legal
Privacy Policy
How we collect, use, and protect personal information related to the Sovereignty Summit.
Privacy Policy
Last updated: 17 June 2026
1. Introduction
- We understand that protecting your personal information is important.
- This Privacy Policy (Privacy Policy) sets out our commitment to protecting the privacy of personal information provided to us, or otherwise collected by us, when you visit and use our Website, register for or attend the Summit, communicate with us, or otherwise interact with us. We have used examples in this Privacy Policy to help explain some points — please remember that these examples describe common scenarios but do not necessarily cover all situations.
- Please note that this Privacy Policy should be read in conjunction with our general terms & conditions which are available at https://sovereigntysummit.nz/terms (Terms). To the extent that any such Terms conflict with this Privacy Policy, the terms of this Privacy Policy will apply instead in relation to the handling of your personal information.
- We encourage you to read this Privacy Policy carefully. If you provide personal information to us, you understand we will process it in accordance with this Privacy Policy. If you do not provide personal information to us, however, it may impact our ability to register you for the Summit, provide you with access to and the full functionality of our Website, or otherwise deliver the Summit to you. If you have any questions, please contact us using the details set out at the bottom of this Privacy Policy.
- This Privacy Policy explains:
- the kinds of personal information we may collect from you and how we might collect that information;
- how we may use your personal information and the reasons for which we collect it;
- how we share your personal information, including with sponsors, exhibitors, speakers, and service providers, and when attending the Summit;
- how we will store and protect your personal information, and how long we keep it;
- the circumstances in which we may disclose your personal information overseas, and the safeguards we apply;
- our use of cookies and analytics tools in connection with our Website;
- how we handle photography, audio and video recording at the Summit;
- your rights in relation to your personal information; and
- how you can contact us if you have any questions regarding our processing of your personal information, or wish to make a complaint.
2. Territorial applicability
- The Summit is open to attendees from around the world. In addition to complying with New Zealand's Privacy Act 2020, we endeavour to comply with additional obligations that apply where we process the personal information of individuals resident in the EU, the UK, or the US, to the extent those obligations apply to us.
3. Definitions
In this Privacy Policy:
applicable privacy laws means the privacy and data protection laws, codes and regulations applicable to the processing of your personal information, including, as relevant, (a) the Privacy Act 2020 of New Zealand (PA20) and the Information Privacy Principles set out in that Act (the IPPs), (b) in relation to data subjects in the EU, the GDPR of the European Union (and applicable national implementing legislation) (GDPR), (c) in relation to data subjects in the UK, the Data Protection Act 2018 and (d) in relation to data subjects in the US, the California Consumer Privacy Act of 2018 as amended by the California Privacy Rights Act of 2020 and other state privacy and consumer protection laws of general application;
lawful basis means lawful basis under and for the purposes of the GDPR;
personal information means identifiable data about you, which includes "personal information" as defined under the PA20 and "personal data" as defined under the GDPR, provided that if you cannot be identified (for example, where personal information has been aggregated and anonymised to the extent that you can no longer reasonably be identified) then parts of this Privacy Policy may not apply to that information;
processing of personal information means all activities relating to our use of that personal information, from its collection through to its storage and disposal and everything in between, and process shall be interpreted accordingly;
sensitive personal information means personal information that receives heightened protection under applicable privacy laws;
Sovereignty Events, we, us or our is to Sovereignty Events Limited (New Zealand company number 9420314; NZBN 9429053583208);
Summit means Sovereignty Summit 2027, the conference to be held by us in Queenstown New Zealand from 2-3 April 2027, and includes any associated networking, social, educational, exhibitor, sponsor, side, virtual and hybrid events that we host or organise in connection with it;
Website is to our website at https://sovereigntysummit.nz/, any conference registration platform, mobile application, networking app or other digital service that we operate or make available in connection with the Summit, and any content or functionality available on any of them; and
You, your is to any user of the Website, registrant for or attendee of the Summit, speaker, sponsor, exhibitor, supplier or other individual whose personal information we process in connection with the Summit or our business.
4. The types of personal information we may collect about you
The types of personal information we may collect include:
- identity data (including first, middle and last name, title, preferred name and pronouns (where you choose to provide them), date of birth and, where required for entry to age-restricted events or verification, copies of government-issued photo identification);
- contact data (including postal address, country of residence, email address and telephone numbers);
- professional data (including your employer or organisation, job title, industry, professional affiliations, professional qualifications and (for speakers, sponsors, exhibitors and media) biographical information, headshots and presentation materials);
- financial data (including bitcoin wallet addresses, bank account and payment card details, billing address, and (for sponsors, exhibitors, suppliers and certain speakers) GST and tax-related information; payment card details are processed through our third party payment processor (Stripe, Inc. and its affiliates) — we do not store full card numbers on our systems);
- transaction data (including details of registration fees, exhibitor and sponsorship fees and other amounts paid by you to us, your ticket type, any add-ons purchased, and refund or transfer history);
- dietary, accessibility and health data (where you provide it to us so we can cater for you, accommodate accessibility needs or respond to medical situations at the Summit; some of this is sensitive personal information, which we collect with your consent and process in accordance with clause 6.2(c));
- technical and usage data (including IP address, login data, browser session data, device and network information, page views, sessions, acquisition sources, search queries and browsing behaviour, information about access and use of, or communications with, our Website, including through the use of cookies, the type of browser being used to access the Website, the type of operating system being used, and the ISP domain name);
- profile data (including your login for the Website, support requests, your interests, preferences, feedback and survey responses, networking-app profile (including any photo, profile description or interests you choose to add), and additional personal information that you provide to us, directly or indirectly, through your use of the Website or our applications);
- Summit attendance data (including check-in records, badge scan data captured at session entry points and (where you consent) at sponsor and exhibitor stands, sessions attended, networking app activity, meeting requests and exchanges, and engagement with Summit materials);
- audio, visual and recording data (including photographs, audio and video recordings of you taken at the Summit, and any livestream or recorded sessions in which you appear or speak — see clause 8);
- CCTV data (closed-circuit television footage captured at the Summit venue by us, the venue operator or our security providers, for safety and security purposes);
- marketing and communications data (including communication preferences, your preferences in receiving marketing material from us and (where you consent) from our sponsors, exhibitors and third party partners, and any record of your consents and opt-outs); and
- requested data (including any other personal information requested by us and/or provided by you or a third party in connection with the Summit).
5. When and how we may collect your personal information
The ways we collect your personal information can be categorised into: (a) information you provide to us directly, (b) information that is collected automatically, and (c) information we indirectly collect from third parties.
5.1 Information you provide to us directly
The personal information we collect directly from you may include:
- communication data — information contained in or relating to any communication that you send to us or that we send to you, including the communication content and metadata associated with the communication;
- contact data — data allowing us to get in touch with you, including your name, email address, telephone number, postal address and other information you provide us when you send us communication data;
- registration data — information you provide when you register yourself or a colleague for the Summit, including identity data, contact data, professional data, ticket type, and any dietary, accessibility or other accommodation requirements;
- account data — information relating to your account on the Website or networking app, including login credentials, account creation, organisation, settings and preferences;
- transaction data — information relating to transactions, including registration fees, sponsorship and exhibitor payments, merchandise purchases and refunds, processed through our payment processor(s);
- speaker, sponsor, exhibitor and media data — biographical information, headshots, presentation materials, organisational information and credentials provided in connection with a speaking, sponsorship, exhibition or media role at the Summit; and
- user-generated content — posts, comments, questions submitted during sessions, networking app messages, survey responses and feedback.
5.2 Information that is collected automatically
Our Website uses cookies and similar technologies, which means we automatically collect certain personal information when you use the Website. A cookie is a small file created by our Website host server (and stored on your web browser) when you browse the Website which stores information about you and your behaviour on the Website. We also use pixels, tags, software development kits (SDKs) and similar technologies in the Website, in marketing emails, and in our networking app.
We use cookies and similar technologies to:
- help us analyse the use and performance of our Website and the networking app;
- identify you as you navigate our Website (for example, to record items in your registration cart and the location from which you are accessing the Website);
- collect information about the device you use to access the Website;
- protect our user accounts and the Website generally; and
- (where you have consented) deliver tailored content and advertising to you, including in respect of future events.
Most internet browsers give you the option to reject all cookies, accept all cookies, erase cookies stored on your device, or be notified before a cookie is stored on your device. However, if you reject or erase the cookies, some functionality or features of the Website may not function properly or be fully available. Where required by applicable privacy laws, we will obtain your consent before placing non-essential cookies on your device, and you can withdraw that consent at any time using our cookie preferences tool.
We also automatically collect personal information when you attend the Summit, including through badge scanning at session entry points, the networking app, and venue CCTV.
5.3 Information collected indirectly from third parties
We may indirectly collect personal information about you from third parties with your authorisation or where otherwise permitted by law. Examples include:
- your employer or sponsoring organisation, where they register you for the Summit or pay your fees on your behalf;
- our registration and ticketing platform (including Satlantis — https://www.satlantis.io/), networking app provider, payment processor and other service providers;
- sponsors and exhibitors, where you have consented to share your details with them (for example, by having your badge scanned at their stand or entering their prize draw);
- our travel and accommodation partner, where you have made travel or accommodation arrangements through them; and
- publicly available sources (such as professional networking platforms), where we are considering potential speakers, sponsors or partners.
Where you provide us with any personal information about somebody else (for example, a colleague you are registering, a guest, an emergency contact, or an attendee referred by you), you must have that person's authority to do so. By providing us with anybody else's personal information, you represent and warrant that you have such person's permission to provide the personal information to us and for us to process that personal information in accordance with this Privacy Policy, and that you have provided them with a copy of this Privacy Policy or otherwise made them aware of it.
6. How we may use your personal information and the reasons we collect it
- 6.1 We only collect personal information for lawful purposes connected with our functions and activities, where collection is necessary for those purposes. Where applicable privacy laws require it, we will only process your personal information where we have a lawful basis to do so.
- 6.2 In particular, we may use your personal information for the following purposes:
- Summit delivery — to register you for the Summit, manage your account, process payments, issue tickets, badges and entry credentials, communicate with you about your registration, provide entry to the Summit, deliver sessions and activities, manage networking features, respond to your enquiries, and provide on-site support. Lawful basis under the GDPR: performance of a contract with you or, where you are not a party to the contract, our legitimate interests in delivering the Summit;
- Communications — to monitor, respond to and keep records of our electronic and other communications and correspondence with you. Lawful basis: performance of a contract or our legitimate interests in responding to enquiries;
- Dietary, accessibility and health needs — to accommodate your dietary needs, provide accessibility support at the Summit and to respond to medical situations and emergencies. Lawful basis: your explicit consent for any sensitive personal information, our legitimate interests, compliance with our legal obligations (such as under New Zealand's Health and Safety at Work Act 2015 and equivalent overseas laws) and (in an emergency) the vital interests of you or another person;
- Marketing and Summit communications — to send you operational communications about the Summit, and (where permitted) information about future events, related products and services, and (where you consent) sponsor offers, partner offers and other commercial communications. Lawful basis: your consent, where required, otherwise our legitimate interests in promoting our events to existing contacts;
- Photography, audio and video recording — to photograph, film and audio-record the Summit for marketing, promotional, editorial, educational, livestream and archival purposes. Lawful basis: our legitimate interests in promoting and documenting the Summit; your consent, where required (for example, for close-up photography or interviews);
- Operations, analytics and improvement — to operate, secure, improve and enhance the Website, the networking app and the Summit; to analyse use of our digital channels and Summit engagement; to produce aggregated and anonymised analytics and reports (which we may share publicly or with sponsors and third parties); and to develop future events and services. Lawful basis: our legitimate interests, your consent for non-essential cookies and tracking technologies;
- Sponsors, exhibitors and lead capture — to enable sponsors and exhibitors to engage with attendees, including by sharing attendee contact details with a particular sponsor or exhibitor where you have consented (for example, by allowing your badge to be scanned at their stand, entering a competition or downloading sponsor materials). Lawful basis: your consent;
- Customer support — to support your registration and attendance, including assisting with the resolution of any issues, whether by email or otherwise. Lawful basis: performance of a contract, our legitimate interests;
- Record keeping and reporting — to create and maintain our databases, back-up copies of our databases and business records generally. Lawful basis: our legitimate interests and compliance with legal obligations;
- Security and safety — to protect the security of the Website, the Summit venue, the networking app and our attendees, to operate CCTV at the venue, to prevent and investigate fraud, misuse, harassment, breaches of the Terms; and to safeguard the personal safety of attendees, our staff and others. Lawful basis: our legitimate interests, compliance with legal obligations and (in an emergency) the vital interests of an individual;
- Risk management — where necessary for the establishment, exercise or defence of legal claims, for the purposes of obtaining or maintaining insurance, managing risks and/or obtaining professional advice. Lawful basis: our legitimate interests, establishment, exercise or defence of legal claims for personal information; and
- Legal compliance — to comply with any applicable laws and regulations (including in respect of taxation, immigration, anti-money laundering, health and safety, and lawful requests by regulators or law enforcement) and to protect your vital interests or the vital interests of another natural person. Lawful basis: compliance with a legal obligation and vital interests.
7. How we share your personal information
- 7.1 We will only share personal information when we are permitted to do so under applicable privacy laws, or where we are legally required to do so. We will only disclose your personal information for a purpose that is directly related to the purpose for which it was obtained, or otherwise as authorised under that principle.
- 7.2 We may disclose your personal information:
- to our third party service providers for the purpose of enabling them to provide their services to us and to you, including our registration and ticketing platform (Satlantis — https://www.satlantis.io/), payment processor(s) (Stripe, Inc. and its affiliates), web hosting and cloud storage providers, IT service providers, security and CCTV providers, venue operators, audio-visual production companies, photographers and videographers, travel and accommodation partners, professional advisers (including our lawyers, accountants and insurance brokers), and debt collectors;
- to our sponsors and exhibitors where you have consented to share your details with a particular sponsor or exhibitor (for example, by allowing your badge to be scanned at their stand, opting in to receive information from them at registration, entering their prize draw, or downloading materials from them). Once your personal information has been shared with a sponsor or exhibitor, that sponsor or exhibitor will become an independent controller of that personal information and will process it in accordance with its own privacy policy. We are not responsible for how sponsors and exhibitors handle your personal information after disclosure to them, although we will only disclose your personal information to sponsors and exhibitors who have agreed to comply with applicable privacy laws;
- to other Summit attendees through the networking app, attendee directories and similar features, in each case only to the extent of the information you have chosen to make visible through your profile settings;
- to speakers and session moderators in respect of registration details for sessions in which you have registered or are an active participant;
- internally within our group including to our employees, contractors and (if any) related companies who have a legitimate need to access the personal information to perform their duties;
- to our agents and business partners where necessary in connection with the operation of the Summit or for marketing of future events (subject, where required, to your consent);
- to law enforcement, regulators and courts as required or authorised by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights or those of others;
- to protect health and safety to first-aiders, paramedics, the police and other emergency services where necessary to respond to a medical or safety emergency; and
- to any other third parties as required or permitted by applicable privacy laws or with your consent.
- 7.3 We do not "sell" your personal information for money. To the extent the broader definition of "sale" or "share" under applicable privacy laws applies to certain disclosures we make to sponsors, exhibitors or advertising partners (for example, in connection with cross-context behavioural advertising), we provide affected residents with the right to opt out.
8. Photography, audio and video recording at the Summit
Photography, audio and video recording will take place at the Summit. Further details of this can be found in the Terms. Where applicable laws require it, we rely on our legitimate interests in promoting and documenting the Summit as the lawful basis for general photography and recording, balanced against your interests. We rely on your consent for close-up or feature photography or recording where you are the identifiable subject.
9. How we will store your personal information
- 9.1 We will not keep personal information for longer than is reasonably necessary to fulfil the purposes outlined in this Privacy Policy, or as required or permitted by applicable privacy laws. As a guide:
- registration data and Summit attendance data is generally retained for two years following the Summit, to enable us to manage queries, attendee history and recurring-attendee benefits, and to comply with our tax, accounting and audit obligations;
- financial and transaction data is retained for at least seven years to comply with our tax and accounting obligations under the Tax Administration Act 1994 and the Companies Act 1993, both of New Zealand;
- photography, audio and video recordings made at the Summit may be retained indefinitely for archival and promotional purposes; and
- marketing data is retained until you opt out of marketing or for two years from your last engagement with us, whichever is earlier.
- 9.2 We are committed to keeping personal information as safe and secure as possible and we follow generally accepted industry standards to protect the personal information submitted to us. This includes administrative, technical and physical safeguards designed to protect personal information against unauthorised access, loss, destruction, alteration or disclosure. Access to personal information is limited to those of our staff, contractors and service providers who have a legitimate business need to access it. Our service providers are required by contract to maintain appropriate safeguards.
- 9.3 While we continuously implement and update our security measures, we cannot guarantee the security of the transmission or storage of your personal information. If you have reason to believe that your interaction with us is no longer secure, please contact our Privacy Officer immediately using the contact details below.
- 9.4 If we become aware of a notifiable privacy breach (as defined in section 112 of PA20) or a personal information breach (as defined in the GDPR) we will notify the relevant regulator and affected individuals where required by law and within the timeframes required by law.
10. The circumstances in which we may disclose your personal information overseas
- 10.1 Some of the third parties to whom we disclose your personal information may be located in countries other than the country in which you live. The most common reason is that the third party service providers we use (in particular our cloud hosting providers, registration platform, ticket platform, etc.) are based or process data outside New Zealand.
- 10.2 Consistent with IPP 12 of PA20, we will only disclose your personal information to a recipient outside New Zealand where:
- the recipient is subject to privacy laws comparable to PA20;
- the recipient has agreed to safeguard your personal information in a way comparable to the safeguards in PA20 (typically through contractual obligations);
- you have authorised the disclosure after being expressly informed that the recipient may not be required to protect the personal information in a way that provides comparable safeguards to those in PA20; or
- one of the other grounds in IPP 12 applies.
- 10.3 You may request more information about how we handle overseas transfers of your personal information, including copies of any transfer mechanisms in place (with commercial information redacted), by contacting our Privacy Officer using the details below.
11. Your rights in relation to your personal information
-
11.1 You have certain rights in connection with your personal information. These rights are subject to certain limitations and exceptions as set out in applicable privacy laws. We will respond to your request within the timeframe required by the relevant applicable privacy laws (and in any case, without undue delay).
-
11.2 To exercise any of these rights, please contact our Privacy Officer using the details set out in clause 17. We may need to verify your identity (for example, by asking you to confirm details we already hold about you) before we can act on your request. We will not charge you a fee for exercising your rights, except where applicable privacy laws permit us to charge a reasonable fee (for example, for manifestly unfounded or excessive requests).
-
11.3 Rights under the New Zealand PA20 — If you are in New Zealand, or your personal information is processed by us in New Zealand, you have the following rights under PA20:
- Access (IPP 6): the right to ask us whether we hold personal information about you and, if we do, to request access to that personal information;
- Correction (IPP 7): the right to request correction of personal information we hold about you if you consider it to be inaccurate, incomplete, out of date, misleading or irrelevant; and
- Complaint: the right to complain to the Office of the Privacy Commissioner.
-
11.4 Additional rights under other applicable laws – EU / UK — If you are located in the EU or UK, or the GDPR otherwise applies to our processing of your personal information, in addition to the rights described in clause 11.3 above, you have the following rights:
- Right to be informed about the processing of your personal information (which is the purpose of this Privacy Policy);
- Right of access to your personal information and certain related information;
- Right to rectification of inaccurate personal information and to complete incomplete personal information;
- Right to erasure ("right to be forgotten") in certain circumstances;
- Right to restriction of processing in certain circumstances;
- Right to data portability — to receive personal information you have provided to us in a structured, commonly used, machine-readable format and to transmit that data to another controller, in certain circumstances;
- Right to object to processing based on our legitimate interests and to processing for direct marketing purposes;
- Right to withdraw consent at any time where we are relying on your consent to process your personal information (the withdrawal of consent does not affect the lawfulness of processing before withdrawal);
- Rights in relation to automated decision-making — we do not currently use solely automated decision-making (including profiling) that produces legal or similarly significant effects in relation to you. If we do so in the future, we will inform you and you will have the right to obtain human intervention, to express your point of view and to contest the decision; and
- Right to lodge a complaint with a supervisory authority.
-
11.5 Additional rights under applicable privacy laws — If you are a resident of California or another US state with applicable comprehensive privacy laws, you may have additional rights, including (depending on your state):
- Right to know the categories and specific pieces of personal information we have collected about you, the sources from which we collected it, the business or commercial purposes for collecting or sharing it, and the categories of third parties with whom we share it;
- Right to delete personal information we have collected from you, subject to applicable exceptions;
- Right to correct inaccurate personal information we maintain about you;
- Right to opt out of sale or sharing of your personal information, including for cross-context behavioural advertising;
- Right to data portability — to obtain a copy of your personal information in a portable, readily useable format; and
- Right of non-discrimination — you will not receive discriminatory treatment for exercising your privacy rights.
You may exercise these rights by contacting our Privacy Officer using the details in clause 17. You may use an authorised agent to make a request on your behalf, in which case we may require proof of authorisation and verification of your identity.
12. Making a complaint
If you have any concerns about, or wish to make a complaint about, our processing of your personal information, please contact our Privacy Officer using the details in clause 17, providing full details of your complaint. We will promptly investigate and respond to you in writing, setting out the outcome of our investigation and the steps we will take in response.
If you are not satisfied with our response, you may also have the right to make a complaint to the relevant data protection authority in your jurisdiction. In New Zealand, the data protection authority is the Office of the Privacy Commissioner — www.privacy.org.nz — under Part 5 of PA20.
13. Marketing and your choices
We will only send you marketing communications about the Summit, future events and related products and services where we have your consent or are otherwise permitted to do so under applicable privacy laws (including, in New Zealand, the Unsolicited Electronic Messages Act 2007).
You can unsubscribe from our marketing communications at any time by:
- clicking the "unsubscribe" link in any marketing email we send you;
- updating your preferences in your account settings on the Website; or
- contacting our Privacy Officer using the details in clause 17.
Please note that even if you opt out of marketing communications, we may still send you transactional and operational communications about your registration, your attendance at the Summit, and security or service notices.
14. Children
The Summit and our Website are directed to adults. We do not knowingly collect personal information from children under 16 years of age. If you are under 16, please do not register for the Summit or provide personal information through our Website without the involvement of a parent or legal guardian. If you become aware that a child has provided personal information to us, please contact our Privacy Officer and we will take steps to delete that personal information.
15. Links to other websites
Our Website may contain links to other websites operated by third parties, including sponsors, exhibitors, speakers and partners. We do not have any control over those websites and we are not responsible for the protection and privacy of any personal information which you provide while visiting those websites. Those websites are not governed by this Privacy Policy and we encourage you to review the privacy policy of any third party website before providing personal information to it.
16. Changes to this Privacy Policy
We may need to update this Privacy Policy from time to time, including when necessary to reflect changes to the Website, updates to the Summit, or to reflect any change in law (including, in particular, the fast-evolving US state privacy law landscape).
When we update this Privacy Policy, we will revise the "Last updated" date at the top of this Privacy Policy. Where the changes are material, we will use reasonable endeavours to notify you, usually by prominently posting a notice of those changes on our Website, by a dialog box that is presented on log-in, or by sending you an email.
17. Contact details
For any questions, requests or notices regarding this Privacy Policy or our processing of your personal information, please contact our Privacy Officer at:
Sovereignty Events Limited
Attention: Privacy Officer
Address: Level 1, Alta House, 1092 Frankton Road, Frankton, Queenstown, 9300, New Zealand
Email: info@sovereigntysummit.nz