Legal

Privacy policy

This policy explains what personal data Footwear Future collects when you use our website and event services, why we use it, and the choices you have. It reflects how our platform is built today and should be adapted with legal advice for your operating regions.

This policy works together with our Terms of service and Cookie policy. When you register or check out, we record that you accepted these policies.

1. Data controller

Footwear Future is responsible for personal data processed through the public site, member dashboard, ticketing, and staff check-in tools described here. For questions or requests, use the contact form.

2. Data we collect

Account and profile

  • Name, email address, and authentication identifiers
  • Optional profile fields such as company name, role, country or region, and supplier details
  • Password hash if you set a password (we do not store plaintext passwords)
  • Newsletter preference if you opt in
  • Timestamp of acceptance of our legal policies

Events and commerce

  • Ticket orders, payment status, and references needed to fulfill purchases
  • Attendee names and contact details supplied for tickets
  • Check-in and check-out status for events you attend or staff process
  • Communications we send about orders, tickets, or account access

When you contact us

Messages and details you submit through our contact form or email, including the content of your enquiry.

Technical data

Server and application logs (for example IP address, user agent, and request metadata) may be collected automatically for security, debugging, and reliability. We do not operate third-party advertising or analytics trackers on the public site at this time.

3. How we use data

  • Create and secure your account, including magic link and Google sign-in
  • Process ticket purchases and deliver confirmations
  • Issue tickets, QR codes, and check-in status for events
  • Operate the member dashboard, orders list, and staff check-in scanner
  • Send service emails (for example receipts, magic links, and password resets)
  • Send marketing email only where you have opted in or applicable law allows
  • Improve security, prevent fraud, and enforce our terms
  • Comply with legal obligations and respond to lawful requests

4. Legal bases (where GDPR / UK GDPR applies)

Depending on the activity, we rely on one or more of the following:

  • Contract — to provide accounts, ticketing, and check-in you request
  • Legitimate interests — to secure our platform, improve services, and run events safely
  • Consent — for optional newsletter marketing or where required for non-essential cookies
  • Legal obligation — for tax, accounting, or regulatory requirements

5. Sharing and processors

We share data only as needed to operate the Services, with contracts or safeguards appropriate to the role:

  • Stripe — payment processing and checkout
  • Resend — transactional email delivery
  • Google — only if you choose Google sign-in (subject to Google’s policies)
  • Hosting and infrastructure providers that run our application and database
  • Event organizers and staff with a legitimate need to validate tickets and check-in

We do not sell your personal data.

6. Retention

We keep data for as long as your account is active and as needed to administer events, meet legal retention periods, resolve disputes, and prevent abuse. Order and ticket records may be retained longer where required for finance or event operations.

You may request deletion where applicable law gives you that right; we may retain certain records when we must by law or for legitimate security purposes.

7. Your rights

Depending on where you live, you may have rights to access, correct, delete, restrict, or object to certain processing, and to data portability or withdrawal of consent. You may also lodge a complaint with your local supervisory authority.

To exercise rights, contact us via the contact page. We may need to verify your identity before responding.

8. International transfers

Our providers may process data in countries other than your own. Where required, we use appropriate safeguards such as standard contractual clauses or equivalent mechanisms.

9. Children

The Services are not directed at children under 16. We do not knowingly collect personal data from children. Contact us if you believe we have done so inadvertently.

10. Changes

We may update this policy with a new "Last updated" date. Significant changes will be described on this page where appropriate.

Last updated: May 2026