Last updated: March 17, 2026
Ch2 Ltd, trading as CH3, together with its subsidiaries, affiliates, and partner companies (collectively “CH3,” “we,” “us,” or “our”), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website at www.ch3.agency (the “Website”), engage with our services, attend our events, or otherwise interact with us in a business capacity.
Please read this Privacy Policy carefully. By accessing or using our Website and services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.
CH3 is a global B2B event agency delivering high-touch event production experiences for businesses and brands. We operate from 12 global hubs: Bangkok (Thailand), Barcelona (Spain), Buenos Aires (Argentina), Cannes (France), Dubai (UAE), Lisbon (Portugal), Mexico City (Mexico), Mumbai (India), Paris (France), Rio de Janeiro (Brazil), Singapore (Singapore), and St Julian’s (Malta).
Our services are directed exclusively at businesses, organisations, and professionals acting in a commercial capacity. We do not offer services to individual consumers.
For the purposes of the General Data Protection Regulation (GDPR) and applicable data protection laws, the data controller responsible for your personal data is Ch2 Ltd, a company registered in Malta with registration number C 103143 and registered address at 6, Numbered Pixels Management, The Fort Level 3, Triq Burmarrad, Naxxar, NXR 6345, Malta.
We collect personal information in several ways depending on how you interact with us. As a B2B service provider, the personal data we process primarily relates to individuals acting in their professional capacity.
When you engage with CH3 in a professional or business capacity, you may voluntarily provide us with:
When you visit our Website, we may automatically collect:
We may receive personal information about you from:
We use the personal information we collect for the following purposes:
Where the GDPR applies, we rely on the following legal bases to process your personal data:
We do not sell your personal information. We may share your data with the following categories of recipients where necessary and appropriate:
We work with trusted third-party service providers who process data on our behalf, including hosting providers, email marketing platforms, analytics services, CRM providers, and event management tools. These providers are contractually bound to protect your data and may only use it for the purposes we specify. CH3 is not liable for the acts or omissions of third-party service providers to the extent they act outside our instructions.
In the course of delivering event production services, we may share relevant business contact information with the commissioning client, event sponsors, co-organisers, venues, and vendors as necessary for event planning and execution. Such sharing is carried out under our contractual obligations and legitimate business interests. CH3 is not responsible for the data processing practices of clients or event partners once data has been shared with them in accordance with our contractual obligations.
We may share your data with our subsidiaries, affiliates, and partner companies for internal business purposes, including shared service delivery, centralised administration, and group-wide reporting.
We may share data with our legal, financial, insurance, and professional advisers where necessary for the management, protection, and defence of our business.
We may disclose your information where required by law, regulation, court order, or governmental request, or where we reasonably believe disclosure is necessary to protect our rights, safety, property, or the rights of others, to investigate potential violations of our Terms, or to detect and prevent fraud.
In the event of a merger, acquisition, reorganisation, sale of assets, or insolvency, your personal data may be transferred as part of that transaction. Where possible, we will notify you of any such change.
Given our global operations across 12 hubs, your personal data may be transferred to and processed in countries outside the European Economic Area (EEA), including but not limited to Thailand, Argentina, the United Arab Emirates, Mexico, India, Brazil, Singapore, and Malta.
Where we transfer personal data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognised transfer mechanisms. By engaging with CH3 in a business capacity and providing your data, you acknowledge that the global nature of our operations necessitates international data transfers.
We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, reporting, and contractual requirements.
Our general retention periods are as follows:
When personal data is no longer needed, we securely delete or anonymise it.
Depending on your location and applicable law, you may have the following rights regarding your personal data:
To exercise any of these rights, please contact us using the details in Section 13 below. We will respond to your request within 30 days. We may request verification of your identity before processing your request. In certain circumstances, we may be entitled to refuse or charge a reasonable fee for requests that are manifestly unfounded, excessive, or repetitive.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS/SSL), access controls, regular security assessments, and staff training on data protection.
While we strive to protect your personal information, no method of transmission over the internet or electronic storage is completely secure. CH3 cannot guarantee absolute security and shall not be liable for any unauthorised access, hacking, data loss, or other breaches of security that occur despite our reasonable security measures, except where such breach is caused by our gross negligence.
Our Website and services are directed exclusively at businesses, organisations, and professionals acting in a commercial capacity. We do not market to or knowingly collect personal data from individuals under the age of 18. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete that data promptly.
Our Website may contain links to third-party websites, services, or platforms. CH3 has no control over and accepts no responsibility for the content, privacy policies, or data processing practices of any third-party websites or services. We encourage you to read the privacy policy of any website you visit. This Privacy Policy applies solely to information collected through our Website and services. CH3 shall not be liable for any loss or damage arising from your use of third-party websites.
We reserve the right to update this Privacy Policy at any time. The “Last updated” date at the top of this page indicates when the policy was last revised. Material changes will be communicated through a prominent notice on our Website or by email where appropriate. Your continued use of the Website or services after changes are posted constitutes your acceptance of the revised Privacy Policy. We encourage you to review this Privacy Policy periodically.
If you have any questions, concerns, or requests related to this Privacy Policy or our data processing practices, please contact us:
Ch2 Ltd (trading as CH3) Email: [email protected] Website: www.ch3.agency
If you are located in the EEA and wish to raise a concern about our data processing, you have the right to contact your local data protection supervisory authority. However, we would appreciate the opportunity to address your concerns directly before you approach a supervisory authority, so please contact us first.