PRIVACY POLICY: Last Updated 21/11/2025

1. Introduction & Purpose

This Privacy Policy explains how International Law Summits (“we”, “us”, “our”) collects, uses, stores, protects, shares, and disposes of personal data in connection with our events, services, communications, website, and operations. It also describes your rights in relation to your personal data.

We are committed to handling personal data fairly, transparently, and in compliance with applicable data protection laws (e.g. GDPR in the UK/EU, UK Data Protection Act, and other relevant local laws).

This policy applies to all personal data processed by us, including data about attendees, speakers, sponsors, partners, vendors, website visitors, and subscribers.

2. Definitions & Key Terms

In this policy:

• Personal Data / Personal Information means any information relating to an identified or identifiable natural person.
•  Processing means any operation on personal data (e.g. collection, storage, use, disclosure, deletion).
• Controller means the entity which determines the purposes and means of processing personal data (in this case, International Law Summits).
• Processor means an entity that processes data on behalf of the controller (e.g. a third-party service provider).
• Data Subject /you / your means the individual whose personal data we process.
• Special Category / Sensitive Data means data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, health, sex life, biometric data, etc.

3. What Personal Data We Collect

We may collect some or all of the following types of personal data, depending on your interaction with us:

• Contact & identity details: name, title, email address, telephone number, postal address, organisation, job title
• Professional / business data: employer, industry, role, credentials, biography, professional affiliations
• Event / participation data: registration details, attendance history, session sign-ups, dietary / accommodation preferences, travel information
• Marketing / communication preferences: newsletters, opt-in preferences, event invitations
• Website & technical data: IP address, browser type, pages visited, referring / exit pages, time stamps, cookies and similar technologies
• Financial / payment data: billing address, transaction details, invoices
• Sensitive / special categories (where necessary and with extra safeguards): e.g. dietary restrictions (health), health issues (for accessibility), or other data you voluntarily provide
• Third-party / external data: any data we receive from your sponsors, employers, partners, publicly available sources, or via social media (if you grant permission)

We collect data:

• Directly from you (e.g. through registration forms, submissions, communications)
• Indirectly (e.g. via our website analytics, cookies)
• From third parties / partners (e.g. sponsors, co-organisers, social media platforms)

4. Purposes of Processing & Legal Bases

We will process your personal data only for the following purposes and on lawful grounds:

If we process special category/sensitive data, we will do so only when:

• You have given explicit consent; or
• It is necessary for carrying out legal claims or obligations; or
• It is necessary for reasons of substantial public interest or other lawful bases under applicable law.

5. Sharing & Disclosure of Personal Data

Your personal data may be shared with:

• Third-party service providers / processors (e.g. payment processors, registration platform, email platform, website hosting, CRM)
• Co-organisers, sponsors, partners (where needed for event operations)
• Speakers, panel moderators (for session coordination)
• Venue providers, accommodation / travel partners (for logistical coordination)
• Regulators, authorities, judicial bodies (where required by law
• Legal, audit or professional advisors (when needed)
• Public (only if you consent or if it is required, e.g. published speaker lists, programme)

We will ensure contractual safeguards (data processing agreements, confidentiality, security) are in place with all third parties.

If we transfer data across borders (outside the UK / EU / to other jurisdictions), we will do so only subject to adequate safeguards (e.g. Standard Contractual Clauses, approved transfer mechanisms, or other legal safeguards in your jurisdiction).

6. Data Retention & Storage

We will retain your personal data only for as long as necessary for the purposes for which it was collected, plus a reasonable period thereafter for legal, compliance, archival or archival purposes.

Typical retention periods:

• Registration, attendance, contract data: until after the event and for a period (e.g. 6 years) for recordkeeping, accounting, audit, liability, legal claims
• Marketing / communications preferences: until you unsubscribe or withdraw consent
• Website analytics: aggregate/ anonymised over longer periods; raw data for a limited period (e.g. 12-24 months)
• Sensitive data collected for accessibility / health: retained only for as long as needed for the event and follow-up, then securely deleted

We will securely delete, anonymise, or archive data when no longer needed, in accordance with applicable laws.

7. Security & Protection Measures

We implement reasonable technical and organisational measures to protect personal data, such as:

• Encryption, pseudonymisation where appropriate
• Access controls, role-based permissions
• Secure servers, firewalls, intrusion detection
• Regular audits, security assessments, penetration testing
• Employee training and confidentiality obligations
• Secure disposal of data when no longer needed

However, no system is 100% secure; we cannot guarantee absolute security of data transmissions. Any breach will be managed via our incident response plan and may be reported to regulators / data subjects as required under applicable laws.

8. Your Rights

Depending on applicable jurisdiction, you may have the following rights (subject to legal conditions):

• Access: Request a copy of the personal data we hold about you
• Correction / Rectification: Ask us to correct inaccurate or incomplete data
• Erasure / “Right to be Forgotten”: Request deletion in certain circumstances
• Restriction: Ask us to restrict processing under certain conditions
• Objection: Object to processing (especially for direct marketing or legitimate interest)
• Data Portability: Receive data in a structured, machine-readable format (where applicable)
• Withdraw Consent: Where processing is based on consent, you can withdraw consent anytime.
• Lodge a Complaint: With a supervisory authority (e.g. ICO in the UK)

To exercise your rights, contact us at the address below. We may ask you to verify your identity. We will respond within statutory timeframes (e.g. 30 days, or extended if complexity requires).

9. Cookies & Website / Online Tracking

We and our service providers use cookies and similar technologies for:

• Essential site operation (session management, security)
• Analytics / performance monitoring
• Functional or preference services
• Marketing / tracking (e.g. retargeting, ad platforms)

You can control or disable cookies via your browser settings. Please note, disabling certain cookies may impair site functionality.

Refer to our Cookie Policy (if a separate document) for greater detail.

10. Updates & Changes to This Policy

We may update this Privacy Policy from time to time (for example, to reflect legal changes or new services). When we do, we will publish the new version on our website with an updated “Last Updated” date. If changes are significant, we may notify data subjects (e.g. via email or website notice).

11. Contact & Data Protection Officer (if applicable)

If you have questions, requests, or complaints about this policy or our data practices, you may contact:

Data Protection / Privacy Lead

International Law Summits
Office 305, 1 Quality Court, London, United Kingdom, WC2A 1HR
info@internationallawsummits.org

If you reside in a jurisdiction with a supervisory authority (e.g. ICO in the UK), you may also lodge a complaint with such authority.

End of Policy