The WANTED2.0
// LEGAL · PRIVACY

PRIVACY POLICY

LAST UPDATED · 01 MAY 2026

This Privacy Policy explains how The Wanted 2.0 ("we", "us", "our") collects, uses, stores and protects personal information when you visit this website (the "Site") and interact with our services. We are committed to handling your data lawfully, fairly and transparently in line with the UK GDPR, the EU GDPR and the Data Protection Act 2018.

1. Who we are

The Wanted 2.0 is the touring and recording project of founding members Max George and Siva Kaneswaran. For the purposes of data protection law we act as the data controller for personal information collected through this Site.

For any privacy questions, requests or complaints, contact us using the form on our booking page or via the contact details in the Accessibility page.

2. What information we collect

We only collect what we genuinely need:

Mailing list signups

When you join our mailing list via the homepage popup, we collect:

  • Your email address (if provided)
  • Your phone number (if provided), including the country code you select
  • Your Instagram handle (optional)
  • The country code detected for your phone
  • Your marketing consent and the timestamp it was given
  • The source of the signup (e.g. homepage modal) and your browser user-agent string (for fraud prevention and debugging)

You must provide either an email address or a phone number — not necessarily both. Instagram is always optional.

Booking and inquiries

When you submit the form on our booking page, we collect the name, company/promoter, email, phone, event type, date, location and message you choose to send us so we can respond to your inquiry.

Automatic / technical data

Like most sites, our hosting infrastructure may automatically log basic technical information (IP address, browser type, pages requested, timestamps) for security, performance monitoring and to keep the Site running. This data is not used to build a marketing profile of you.

Approximate location

To pre-select the correct country flag in our phone number field, we make a single request to a third-party IP-geolocation service (ipapi.co) which returns the country associated with your IP address. We do not store your IP address or precise location, and we fall back to the United Kingdom if the lookup fails.

3. How we use your information

  • To send you marketing communications (tour news, music releases, merch drops, exclusives) by email and/or SMS, where you have given us consent.
  • To respond to booking and business inquiries you send through the booking form.
  • To prevent abuse (e.g. spam signups, duplicate submissions) and to keep the Site secure.
  • To comply with legal obligations, including responding to lawful requests from public authorities.

4. Legal basis for processing

We rely on the following lawful bases:

  • Consent — for sending you marketing emails and SMS messages. You can withdraw consent at any time (see "Your rights" below).
  • Legitimate interests — to operate, secure and improve the Site, prevent abuse, and respond to inquiries you initiate. We balance these interests against your rights and freedoms.
  • Legal obligation — where we are required by law to retain or disclose information.

5. Marketing messages

If you sign up to the mailing list, you may receive marketing communications about tours, music, merchandise, exclusives and related artist activity. Message and data rates may apply for SMS, depending on your mobile carrier.

You can unsubscribe at any time by following the "unsubscribe" link in any marketing email, replying STOP to any marketing SMS, or by contacting us directly.

6. Sharing your information

We do not sell your personal data. We share it only with:

  • Service providers (processors) who help us run the Site and send communications, including our cloud hosting and database provider, our email/SMS delivery providers, and the IP-geolocation lookup mentioned above. These providers are bound by contract to handle your data only as instructed by us.
  • Professional advisers such as lawyers, auditors and insurers, where strictly necessary.
  • Authorities where we are legally required to do so, or to protect our rights or the safety of others.

7. International transfers

Some of our service providers may store or process data outside the UK and the European Economic Area (EEA). Where this happens, we rely on appropriate safeguards such as the UK International Data Transfer Agreement, the EU Standard Contractual Clauses, or the provider being located in a country with an adequacy decision.

8. How long we keep your information

  • Mailing list data — until you unsubscribe or ask us to delete it.
  • Booking inquiries — for as long as is needed to handle the inquiry and any resulting business relationship, plus a reasonable period for record-keeping.
  • Technical / security logs — for short periods only (typically up to 30 days), unless needed for an active investigation.

9. How we protect your information

Mailing list and inquiry data are stored in our managed cloud database (Lovable Cloud, powered by Supabase) protected by Row-Level Security so that the data is not publicly readable. Submissions are sent over encrypted HTTPS connections. We use industry-standard administrative, technical and physical safeguards — but no system can be guaranteed 100% secure.

10. Your rights

Under UK and EU data protection law, you have the right to:

  • Access the personal data we hold about you;
  • Request correction of inaccurate or incomplete data;
  • Request erasure of your data (the "right to be forgotten");
  • Request restriction of, or object to, our processing;
  • Withdraw your consent to marketing at any time;
  • Receive your data in a portable format;
  • Lodge a complaint with a supervisory authority — in the UK, the Information Commissioner's Office (ICO).

To exercise any of these rights, see our dedicated GDPR page.

11. Cookies & tracking

This Site does not currently set advertising or analytics cookies. Our hosting platform may set strictly necessary cookies required to operate the Site securely. If we add analytics or marketing cookies in future, we will update this policy and request your consent where required.

12. Children's privacy

The Site is not directed at children under 13 (or under 16 in the EEA). We do not knowingly collect personal data from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

13. Third-party links

The Site links to third-party services such as Spotify, Instagram and our merchandise store. Those services have their own privacy policies and we are not responsible for their content or practices.

14. Changes to this policy

We may update this Privacy Policy from time to time. The "last updated" date at the top of this page reflects the most recent version. Material changes will be highlighted on the Site.