Privacy policy

StandMatch is the controller of the personal data described here. We operate a marketplace connecting exhibitors with trade-show booth builders. If you have any privacy question, contact us at the details in section 9.

We collect only what we need to run the marketplace:

• Account and company data — your name, work email, the company you belong to and your role in it, and the company details you provide (legal name, country, website, registration or VAT details where relevant).
• Marketplace content — booth requests, bids, portfolios, messages, files, reviews and dispute records you create.
• Usage and technical data — basic log information such as IP address and device/browser type, used for security, fraud prevention and keeping the service working.

We do not sell your personal data, and we use only essential cookies before launch — see our cookie policy.

We process your data to:

• provide the marketplace and your account (performance of a contract);
• verify builders, prevent fraud and keep the platform safe (legitimate interests);
• issue and collect commission invoices and meet tax obligations (legal obligation);
• send you service messages and, where you opt in, product updates (consent or legitimate interests).

Before an award, an exhibitor’s identity is masked and direct contact details are hidden; communication stays in our messaging.

Identity reveal on award. If your company awards or wins a contract, your name and work email — and your company’s legal name — are shared with the counterparty company so the two sides can identify each other and complete the transaction. The lawful basis is performance of a contract and pre-contractual steps taken at your request, together with the counterparty’s legitimate interest in knowing who they are contracting with. We record your acceptance of this at signup, and the reveal itself is logged.

We also share data with the service providers that help us run StandMatch (hosting, email, error monitoring and, in a later phase, payments). They act on our instructions under contract. See the full list of subprocessors. We may also disclose data where required by law.

We keep personal data only as long as needed for the purpose it was collected. Account and marketplace content is retained while your account is active. Financial, contract, dispute and audit records are kept longer where the law requires it (for example, tax and accounting rules), even after an account closes. Routine notifications are removed after a short period.

Under the GDPR and similar laws you can ask us to (Articles 15–21):

• Access a copy of the personal data we hold about you;
• Rectify data that is inaccurate or incomplete;
• Erase your data where there is no overriding legal reason to keep it;
• Restrict or object to certain processing, including direct marketing;
• Port data you gave us to another provider.

Where we must keep certain records (such as contracts and invoices for tax and dispute defence), erasure means we redact your personal details rather than delete the underlying legal record. To exercise any right, contact us using section 9. You also have the right to complain to your local data protection authority.

We use managed, reputable infrastructure, encryption in transit, access controls and audit logging to protect your data. Uploaded files are scanned before they are served. No system is perfectly secure, but we take reasonable steps to keep your data safe.

StandMatch is a global service, so your data may be processed outside your country. Where data leaves the European Economic Area, we rely on appropriate safeguards such as standard contractual clauses with our providers.

For any privacy request or to reach our data protection contact, email privacy@standmatch.com. We will respond within the timeframes the law requires.