This website is owned and operated by GRC World Forums Ltd (“GRC World Forums”), a company registered in England and Wales with company registration number 11271283 and having its registered office at 483 Green Lanes, London, N13 4BS.
We believe in respecting your privacy. We do not collect any personally identifiable data from visitors to this website other than when you subscribe to any of our services. The basis on which we collect such data and other relevant information are set out in our Data Privacy Notice below.
We explain below how we analyse data from this website. Any links to external sites are out of our control and we encourage you to always read the privacy statements on the other websites you visit.
Cookie use and Policy
We use a number of different cookies for various purposes, ensuring a smooth browsing experience, enhancing website functionality, website analytics and marketing. Learn more about what cookies we use.
Data Privacy Notice
The EU General Data Protection Regulation (GDPR), as read with the UK GDPR and the UK Data Protection Act 2018, give individuals in the European Union and the UK enhanced rights over the use of their personal data. Under the UK GDPR, we are required to give you certain information, including your rights when you provide us with your personal data.
If you subscribe to attend one of our conferences or other events, we will ask you for a minimal amount of personal data to enable us to process your booking, to keep you informed of any developments concerning your attendance at the conference or event and for administration purposes. Our legal basis for processing your personal data for these purposes is contractual (Article 6(1)(b) GDPR).
If you opt-in to receiving marketing information about our events and/or related services, you are giving us your explicit consent under Article 6(1)(a) GDPR to process your personal data for these specific purposes. This consent can be withdrawn at any time.
We retain third-party research services to identify appropriate persons at companies and other organisations who we feel, given their position and role, may be interested in, or benefit from, receiving details of our future conferences or other services.
These researchers obtain the details of such persons from publicly-available information on the internet. The legal basis on which we process personal data and communicate with data subjects in these circumstances is our legitimate interests under Article 6(1)(f) of GDPR.
In conducting our legitimate interests’ assessment, consideration was given to the following:
- The amount of personal data processed is minimal;
- The data is publicly available and is not sensitive in any way;
- The relationship is business to business and relevant to the job title;
- There is minimal privacy risk;
- There is no viable alternative means of communication;
- The processing is vital to our business operations;
- The data subjects are senior business people who would mostly be interested in the services we offer;
- There is a simple opt-out facility.
On balance, we concluded that the processing is justified as it is vital to our business interests while having a minimal impact on the rights and freedoms of data subjects.
The personal data you provide us with when subscribing for our services will be used only for the purposes of providing you with and improving those services. Some data elements, e.g. job titles and company names, may be aggregated on an anonymised basis for analytical and statistical purposes to enable us to improve our services.
Protection of your Personal Information
We take all reasonable care and apply necessary technical and organisational measures to protect your personal data. Where we employ data processors to process your data on our behalf, we ensure that the necessary contractual protections are in place.
We will not sell your personal data under any circumstances. We will not transfer your personal data to any third parties unless you have specifically consented to this under our marketing terms, other than to our data processors who will be contractually bound to process your data only in accordance with our instructions and to keep your data secure.
We do not ourselves transfer your personal data outside of the EU/EEA. However, certain of our data processors may do so and where this occurs, such transfer will only be to the USA and will be carried out under the EU Standard Contractual Clauses.
In accordance with the principle of minimising data retention, we will retain your personal data only for so long as is necessary for the purposes for which it was acquired, subject to legal and other relevant requirements, in accordance with our data retention policy, as follows:
- Data acquired for contractual purposes – 7 years
- Data acquired through marketing activities – 1 to 2 years
At the expiry of the relevant data protection period, personal data will be deleted or anonymised.
Your rights under the GDPR include the following:
- The right at any time to withdraw your consent to the processing of your personal data for marketing purposes.
- The right to be informed of what personal data we hold, how we obtained it, who we may have shared it with and why and how long we intend to keep it.
- The right to have your personal data rectified in the event that it is inaccurate or incomplete.
- The right to request the erasure of your personal data (also called the right to be forgotten), subject to our retention policy.
- The right to restrict the processing of your personal data.
- The right to data portability (i.e. transfer of your personal data at your request to another organisation).
- The right to be informed of any automated profiling (We currently do not process your personal data in this manner).
Your rights above can be exercised free of charge by contacting us as described below.
In all cases, we will need to satisfy ourselves of your identity before we can action a subject access request under the GDPR. We will usually require proof of identity such as a passport or driver’s licence.
If you feel that any of your rights have been infringed, you have the right to lodge a complaint with the Information Commissioner’s Office.
Sharing your data with our partners and sponsors
We work with a wide range of industry related sponsors and partners. If you register for an event, we will share your personal data with the overall headline sponsor and the sponsors of any of the individual sessions or webinars that you choose to attend. This processing is carried out based on our legitimate business interests. Being able to share the data relating to our attendees with our partners and sponsors allows us to grow and develop our business.
The way in which our sponsors and partners use your personal data is their responsibility only, and details will be set out in their own privacy notices. Please ensure that you read and are happy with such notices. If you would prefer for us not to share your data with our sponsors or partners, please email email@example.com after each event registration.
In person events
In addition to our range of online events. GRC World Forums also operate a range of in person events. Our events take place all over the world, including the UK, Ireland, Miami and Dubai. In person events are paid and sponsored events which aim to bring you the best information and insights from the across the GRC industry. GRC and our Sponsors aim to provide access to the best industry content and would like to contact you about products and services that you may find interesting.
When registering for an event, we request some personal details, including a work email address. In addition to supporting your registration, this data is used for marketing purposes by GRC. This processing is carried out based on our legitimate business interests. Being able to promote our events, products and services to the attendees of our events allows us to grow and develop our business.
We do understand that not everyone wishes to receive updates. You can unsubscribe at any time by following the links in any marketing emails we send to you or by emailing firstname.lastname@example.org.
During your attendance at our in-person events, exhibitors and vendors may ask to scan your visitor badge. If you agree to a vendor or exhibitor scanning your badge, your personal details will be shared with them after the event. GRC World Forums do not have control over how the exhibitors and vendors use this data and any questions around the processing should be directed to the vendor in the first instance.
How to contact us
If you have any queries about our website or about how we process data, you can contact us as follows:
Email address: email@example.com
Telephone No.: 0203 515 3010
27 June 2022
You can also view our terms & conditions.