PRIVACY POLICY
exhibitionstands.com
Operated by Expo Fish Ltd
Last updated: March 2026

1. Introduction

This Privacy Policy explains how Expo Fish Ltd (“we”, “us”, “our”) collects, uses, stores, and protects your personal data when you visit, register for, or use the website located at www.exhibitionstands.com (the “Website”) and any related services (the “Services”).

We are committed to protecting your privacy and handling your personal data in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations 2003 (PECR).

By using the Website or Services, you confirm that you have read and understood this Privacy Policy. This Privacy Policy should be read together with our Terms and Conditions, available at www.exhibitionstands.com/terms.

2. Data Controller

The data controller responsible for your personal data is:

Expo Fish Ltd
Registered Address: Unit 5G, Church Farm, Lasham, Hampshire, GU34 5FZ
Company Number: 17094521
Email: [email protected]

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at the email address above.

3. Personal Data We Collect

We collect and process the following categories of personal data:

3.1 Data You Provide to Us

When you register for an account, purchase credits, subscribe to a plan, or contact us, we may collect:

– Identity data: your name, business name, and job title where provided.
– Contact data: your email address, postal address (if applicable), and phone number (if provided).
– Account data: your username, password (stored in encrypted form), and account preferences.
– Transaction data: details of products and services you have purchased, including credits and subscription plans, together with billing records. Card details are processed by Stripe and are not stored on our systems.
– Communications data: the content of any messages, support requests, or correspondence you send to us.

3.2 Data Generated Through Your Use of the Services

– Usage data: information about how you use the Website and Services, including pages visited, features used, image generations initiated, and credits consumed.
– Prompt data: the text prompts and parameters you submit to the AI image generation tool.
– Generated content: the AI-generated images produced by your use of the Services and associated metadata.
– Technical data: your IP address, browser type and version, device type, operating system, time zone, and referring URL.

3.3 Data from Third Parties

– Payment data: transaction confirmations, fraud-prevention signals, and subscription status received from Stripe.
– Analytics data: aggregated usage information received from analytics and performance providers.

4. How We Collect Personal Data

We collect personal data in the following ways:

– Directly from you: when you register an account, make a purchase, subscribe to a plan, submit prompts, contact our support team, or otherwise interact with the Website.
– Automatically: through cookies, server logs, and similar technologies as you use the Website (see Section 11 on Cookies).
– From third parties: from Stripe in connection with payment processing, and from analytics and infrastructure providers that support the operation of the Services.

5. Lawful Bases for Processing

Under UK GDPR, we rely on the following lawful bases to process your personal data:

– Performance of a contract: to create and manage your account, provide the Services, deliver credits, process transactions, and respond to your requests.
– Legitimate interests: to operate, secure, and improve the Website; to detect and prevent fraud, abuse, and misuse of the Services; to communicate with you about service-related matters; and to develop new features.
– Consent: where you have given us consent, for example to send you marketing communications or to set non-essential cookies. You may withdraw consent at any time.
– Legal obligation: to comply with applicable laws and regulations, including tax, accounting, and record-keeping requirements, and to respond to lawful requests from public authorities.

Where we rely on legitimate interests, we balance those interests against your rights and freedoms.

6. How We Use Your Personal Data

We use your personal data for the following purposes:

– To create, administer, and secure your account.
– To provide the Services, including running the AI image generation tool, allocating and deducting credits, and delivering Generated Images to your account.
– To process payments, issue receipts and invoices, and manage subscriptions via Stripe.
– To communicate with you about your account, transactions, support requests, changes to our Services, and updates to this Privacy Policy or our Terms and Conditions.
– To monitor and analyse use of the Services in order to improve performance, reliability, and user experience.
– To detect, investigate, and prevent fraud, abuse, security incidents, and breaches of our Terms and Conditions.
– To comply with legal, regulatory, and tax obligations.
– To send marketing communications where you have opted in or where otherwise permitted by law (you can opt out at any time).

7. Sharing Your Personal Data

We do not sell your personal data. We share personal data only in the following circumstances:

7.1 Service Providers (Processors)

We share personal data with carefully selected third-party service providers who process data on our behalf under written agreements that require them to keep your data secure and use it only for the purposes we specify. These include:

– Stripe, Inc. — payment processing and fraud prevention.
– Hosting and cloud infrastructure providers — to operate the Website and store account data.
– AI model and image generation infrastructure providers — to process prompts and deliver Generated Images.
– Email delivery providers — to send transactional and service-related emails.
– Analytics providers — to help us understand how the Website is used.
– Customer support tools — to manage and respond to support queries.

7.2 Legal and Regulatory Disclosures

We may disclose personal data where required to do so by law, court order, or regulatory authority, or where necessary to establish, exercise, or defend legal claims, or to protect the rights, property, or safety of Expo Fish Ltd, our users, or others.

7.3 Business Transfers

If Expo Fish Ltd is involved in a merger, acquisition, reorganisation, or sale of assets, personal data may be transferred as part of that transaction. We will notify affected users where required by law.

8. International Transfers

Some of our service providers may process personal data outside the United Kingdom. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place in accordance with UK GDPR, including:

– Transfers to countries recognised by the UK government as providing an adequate level of data protection; or
– Use of the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or other approved transfer mechanisms.

You may request further information about the safeguards in place by contacting us at [email protected].

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy any legal, accounting, or reporting requirements. Our general retention principles are:

– Account data: retained for the lifetime of your account and for a reasonable period after closure, to resolve disputes, enforce our agreements, and comply with legal obligations.
– Transaction and billing records: retained for a minimum of six years after the end of the relevant financial year, in accordance with UK tax and accounting law.
– Prompts and Generated Images: retained in accordance with your account settings and operational needs. Prompts and outputs may be retained on a short-term basis for abuse prevention, model integrity, and troubleshooting purposes.
– Support communications: retained for as long as necessary to resolve your query and for a reasonable period afterwards for quality and training purposes.
– Marketing data: retained until you opt out or withdraw your consent.

When personal data is no longer required, we will securely delete or anonymise it.

10. Your Rights

Under UK GDPR, you have the following rights in relation to your personal data:

– Right of access: to request a copy of the personal data we hold about you.
– Right to rectification: to request that inaccurate or incomplete personal data be corrected.
– Right to erasure (“right to be forgotten”): to request deletion of your personal data in certain circumstances.
– Right to restrict processing: to request that we limit how we use your personal data in certain circumstances.
– Right to data portability: to receive your personal data in a structured, commonly used, machine-readable format, and to have it transferred to another controller where technically feasible.
– Right to object: to object to processing based on legitimate interests, and to object to direct marketing at any time.
– Right to withdraw consent: where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before withdrawal.
– Rights in relation to automated decision-making: you have the right not to be subject to decisions based solely on automated processing that produce legal or similarly significant effects, except in limited circumstances permitted by law.

To exercise any of these rights, please contact us at [email protected]. We will respond within one month, although this period may be extended by up to two further months where requests are complex or numerous.

We may need to verify your identity before responding to your request.

11. Cookies and Similar Technologies

The Website uses cookies and similar technologies to provide core functionality, remember your preferences, secure your account, and analyse how the Website is used.

We use the following categories of cookies:

– Strictly necessary cookies: required for the Website to function, including authentication, session management, and security.
– Functional cookies: remember your preferences and improve your experience.
– Analytics cookies: help us understand how visitors interact with the Website so we can improve it.
– Payment cookies: set by Stripe to process transactions securely and prevent fraud.

Strictly necessary cookies do not require your consent. Non-essential cookies are set only where you have given consent via our cookie banner. You can manage or withdraw your consent at any time through the cookie settings on the Website, and you can also control cookies through your browser settings.

12. Security

We take appropriate technical and organisational measures to protect your personal data against unauthorised access, disclosure, alteration, loss, or destruction. These include encryption in transit, access controls, secure hosting, and regular review of our security practices.

No method of transmission over the internet or electronic storage is completely secure. While we take reasonable steps to protect your personal data, we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and for notifying us immediately at [email protected] if you suspect any unauthorised access to your account.

13. Children’s Privacy

The Services are not intended for individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us at [email protected] and we will take appropriate steps to delete it.

14. Third-Party Links and Services

The Website may contain links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party services and are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party service you use.

15. AI Image Generation and Prompts

When you use our AI image generation tool, the prompts you submit and the resulting Generated Images may be processed by our infrastructure and third-party AI model providers to deliver the Service. We may retain prompts and outputs on a limited basis for the purposes of operating the Service, abuse prevention, debugging, and service improvement, in accordance with our retention principles in Section 9.

You should not submit personal data about other individuals, confidential information, or any content you do not have the right to use as a prompt.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will notify you by email or by posting a prominent notice on the Website. The “Last updated” date at the top of this Privacy Policy indicates when it was most recently revised.

Your continued use of the Services after the effective date of any changes constitutes your acceptance of the revised Privacy Policy.

17. Complaints

If you have any concerns about how we handle your personal data, please contact us first at [email protected] so that we can try to resolve the matter.

You also have the right to lodge a complaint with the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection:

Information Commissioner’s Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Helpline: 0303 123 1113
Website: www.ico.org.uk

18. Contact Us

If you have any questions, requests, or complaints relating to this Privacy Policy or our handling of your personal data, please contact:

Expo Fish Ltd
Website: www.exhibitionstands.com
Email: [email protected]
Registered Address — Unit 5G, Church Farm, Lasham, Hampshire, GU34 5FZ
Company Number — 17094521

© 2026 Expo Fish Ltd. All rights reserved.

ONLY DEAD FISH GO WITH THE FLOW.

STAND OUT WITH EXHIBITION BOOTH  CONCEPTS  BY EXPO.FISH AI.

© 2026 exhibitionstands.com expo.fish. All rights reserved.  All trademarks, brand names, logos, and images are the property of their respective owners. No affiliation or endorsement is implied.  Designs are AI-generated visual concepts for inspiration only. They are not engineering drawings and have not been tested for structural integrity, safety, or regulatory compliance.

Privacy Preference Center

Privacy Preferences