Privacy Policy
Invictus UK 2027 Ltd & Invictus UK 2027 Trading Limited
Last updated: May 2026
1. Who We Are
Invictus UK 2027 Ltd & Invictus UK 2027 Trading Limited (“Invictus”, “we”, “us”, “our”) is a company registered in England and Wales. We operate in the events industry, providing event management, ticketing, and related services to clients and event attendees across the UK and internationally.
We are the data controller of the personal data we collect and process, as described in this Privacy Policy. This means we are responsible for deciding how and why your personal data is used.
Contact details:
Data Controllers: Invictus UK 2027 Ltd and Invictus UK 2027 Trading Limited (acting as joint data controllers)
Registered address: 199 Borough High Street, London, SE1 1AA
ICO Registration Numbers: ZB780560 ; ZB976633
Data Protection contact: Sonia Howe, contact@invictusgames2027.org
Telephone: 0121 516 8993
2. Scope of This Policy
This policy relates to information collected from our websites (including its subdomains), from our social media channels, from our contact centre, via email and any forms or questionnaires which you may complete on the websites, or otherwise, as well as any postal, telephone or email enquiries you may make to us.
This Policy does not apply to personal data we process on behalf of our clients as a data processor. In those circumstances, our clients are the data controller and their privacy policy will apply.
3. Personal Data We Collect
We process the personal information provided by you, or a third party acting on your behalf (such as a relative or friend), in order to respond to your requests including applications to participate in events and campaigns organised by us and to receive communications from us. To keep you updated about the 2027 Invictus Games, we wish to collect the following information about you to personalise your communications:
"Contact Data" includes information such as your name, preferred name, postal address, business and/or personal email address, telephone number, organisation, role.
"Account Data" includes name, email address (username) and password.
“Marketing and Communications Data” includes your preferences in receiving marketing and promotional messaging from us and our third parties including partners, your communication preferences, and also your participating team and sport preferences.
Newsletter and SMS communications
If you also consent to receive marketing information from us then we will use your personal information, with your consent, to provide specific email and/or mobile communications related to the 2027 Invictus Games or any future Invictus Games.
Invictus Games Foundation
If you also consent to receive marketing information from, and about, the official charity of the Invictus Games Foundation, then we will use your personal information, with your consent, to provide specific email and/or mobile communications related to the Invictus Games Foundation. We will also share your personal information, with your consent, to the Invictus Games Foundation for them to provide you with specific email and/or mobile communications related to their charitable objectives, news and events.
Games Sponsors and Partners
If you also consent to receive marketing information from, and about, Games partners or sponsors from us and/or the Invictus Games Foundation, then we will use your personal information, with your consent, to provide specific email communications related to such partners and sponsors that we think will be relevant to you. We will also share your personal information, with your consent, with Games partners and sponsors, for them to provide specific email and/or mobile communications. We will never share your personal information with our partners or sponsors unless you have given consent to do so. We will never sell your personal data to third parties or any other organisations.
4. How We Collect Your Personal Data
We collect personal data through the following means:
Direct interactions: when you contact us by email, telephone, or via our website contact form; when you enter into a contract with us; or when you subscribe to our communications;
Automated technologies: when you browse our website, we may automatically collect technical and usage data via cookies and similar technologies (see Section 9);
Third parties: including publicly available sources and sponsors
5. Legal Basis for Processing
We process your personal data only where we have a valid legal basis to do so under the UK GDPR and the Data Protection Act 2018 (“DPA 2018”). The legal bases we rely upon are:
(a) Contractual necessity: where processing is necessary to perform a contract with you, or to take pre-contractual steps at your request (UK GDPR Art. 6(1)(b)).
(b) Legitimate interests: where processing is necessary for our legitimate business interests (or those of a third party), provided those interests are not overridden by your rights and interests (UK GDPR Art. 6(1)(f)). Our legitimate interests include operating and improving our services, managing our business relationships, and preventing fraud.
(c) Legal obligation: where processing is necessary for compliance with a legal obligation to which we are subject (UK GDPR Art. 6(1)(c)), such as tax, accounting, and regulatory requirements.
(d) Consent: where you have given us clear, freely given, informed, and unambiguous consent to process your personal data for a specific purpose (UK GDPR Art. 6(1)(a)), such as for marketing communications. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
6. Purposes of Processing
We use your personal data for the following purposes:
To deliver and administer the services you have requested or contracted with us;
To respond to enquiries, feedback, and support requests;
To manage our commercial relationship with you, including billing and contract management;
To send you marketing communications where you have provided consent or where we rely on legitimate interests (with an opt-out available at all times);
To improve our website, services, and user experience through analytics;
To comply with applicable laws and regulations, including tax and accounting obligations;
To detect, prevent, and investigate fraud, security incidents, and other unlawful activity;
To enforce our terms and conditions and to protect our legal rights.
7. Sharing and Disclosure of Personal Data
We do not sell your personal data to third parties. We may share your data in the following limited circumstances:
Service providers and processors We engage trusted third-party suppliers who process data on our behalf (for example, IT systems providers, payment processors, email platforms, and analytics providers). These suppliers are bound by data processing agreements and may only process your data on our instructions.
Business partners Where necessary to deliver our services, we may share data with co-organisers, venues, or other event partners. We will ensure appropriate contractual protections are in place.
Legal and regulatory authorities We may disclose data where required by law, court order, or regulation; or where necessary to protect our legal rights or the rights of others.
Business transfers In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of that transaction. We will notify you of any such change and ensure your rights are protected.
8. International Transfers of Personal Data
In the course of providing our services, your personal data may be transferred to, and processed in, countries outside the United Kingdom. Some of our third-party service providers and business partners operate outside the UK.
Where we transfer personal data internationally, we ensure that appropriate safeguards are in place in accordance with the UK GDPR and DPA 2018, including:
Transfers to countries which the UK Secretary of State has determined to offer an adequate level of data protection (“adequacy regulations”);
Use of UK International Data Transfer Agreements (IDTAs) or UK Addenda to the EU Standard Contractual Clauses, as approved by the Information Commissioner’s Office;
Other legally recognised transfer mechanisms as may be applicable.
You may request further information about the specific safeguards in place for any international transfer by contacting us at the details in Section 1.
9. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies to improve your browsing experience and to help us understand how our site is used. A cookie is a small text file placed on your device when you visit a website.
9.1 Types of Cookies We Use
Strictly necessary cookies Required for the operation of our website. These cannot be switched off. No consent is required for these cookies.
Analytical/performance cookies Allow us to recognise and count website visitors and understand how visitors move around the site. This helps us improve the way our website works (for example, ensuring pages load correctly). We use Squarespace Analytics to understand how visitors use our website and improve performance.
Marketing cookies Used to deliver relevant advertising to you and to track the effectiveness of marketing campaigns. We obtain your consent before placing these cookies.
Your cookie choices When you first visit our website, you will be presented with a cookie consent banner. You can withdraw or change your cookie preferences at any time through your browser settings or our cookie preference centre. Please note that disabling certain cookies may affect the functionality of our website.
10. Data Retention
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting, or reporting obligations.
Our general retention periods are:
Client and contract records: 7 years from the end of the commercial relationship (to comply with statutory limitation periods and tax obligations);
Prospect and marketing contact records: 3 years from last interaction, or until consent is withdrawn;
Website analytics data: 26 months from collection (standard analytics tool retention);
Correspondence and enquiry records: 3 years from last contact.
Where there is no defined retention period for a specific category of data, we will review and delete personal data when it is no longer necessary for the purpose for which it was collected.
11. Your Rights
Under the UK GDPR and DPA 2018, you have the following rights in relation to your personal data:
Right of access (Subject Access Request):You have the right to request a copy of the personal data we hold about you, together with information about how and why we process it. We will respond within one calendar month.
Right to rectification You have the right to request correction of inaccurate personal data or completion of incomplete data.
Right to erasure (‘right to be forgotten’) You may request deletion of your personal data where there is no compelling reason for its continued processing. This right is not absolute and may be limited by legal obligations.
Right to restriction of processing You may request that we restrict the processing of your data in certain circumstances, for example while a complaint is being investigated.
Right to data portability Where we process your data by automated means on the basis of your consent or a contract, you may request that we provide your data in a structured, commonly used, machine-readable format.
Right to object You have the right to object to processing based on our legitimate interests, and to object to the use of your personal data for direct marketing purposes at any time.
Rights in relation to automated decision-making You have the right not to be subject to decisions made solely by automated processing (including profiling) where those decisions produce legal or similarly significant effects on you. We do not currently carry out such processing.
Right to withdraw consent Where we rely on consent as the legal basis for processing, you may withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing carried out prior to withdrawal.
To exercise any of these rights, please contact us using the details set out in Section 1. We will not charge a fee for handling rights requests unless the request is manifestly unfounded or excessive. We may need to verify your identity before processing your request.
12. Marketing Communications
Where you have given us consent, or where we rely on legitimate interests, we may contact you with information about our services, events, and promotions. You can opt out of marketing communications at any time by:
Clicking the “unsubscribe” link in any marketing email we send;
Contacting us directly at contact@invictusgames2027.org
Please note that even if you opt out of marketing, we may still need to contact you for administrative or service-related purposes.
13. Data Security
We have implemented appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include access controls, encryption, secure network infrastructure, and regular staff training.
Where we engage third-party processors, we require them by contract to maintain equivalent security standards.
In the event of a personal data breach that is likely to result in a risk to individuals’ rights and freedoms, we will notify the Information Commissioner’s Office (ICO) within 72 hours and, where required, affected individuals without undue delay.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in law, regulatory guidance, or our business practices. The “Last updated” date at the top of this document indicates when the Policy was last revised.
Where we make material changes, we will notify you by email (if we hold your contact details) or by posting a prominent notice on our website. We encourage you to review this Policy periodically.
15. Complaints and the Right to Lodge a Complaint
If you have any concerns about how we handle your personal data, we encourage you to contact us in the first instance using the contact details in Section 1, so that we may address your concern directly.
If you remain dissatisfied, you have the right to lodge a complaint with the UK supervisory authority:
Information Commissioner’s Office (ICO)
Website: https://ico.org.uk
Telephone: 0303 123 1113
Post: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
16. Contact Us
If you have any questions about this Privacy Policy or wish to exercise any of your data protection rights, please contact is:
By email: contact@invictusgames2027.org
By post: 199 Borough High Street, London, SE1 1AA
By telephone: 0121 516 8993