Privacy Policy

GRC World Forums Ltd believes in respecting your privacy. We do not collect any personally identifiable data from visitors to this website other than when you subscribe to any of our services. The basis on which we collect such data and other relevant information are set out in our Data Privacy Notice below.

We explain below how we analyse data from this website. Any links to external sites are out of our control and we encourage you to always read the privacy statements on the other websites you visit.

Visits to our websites

We use a third-party service, Abacus eMedia, to host our website. The security of the website is protected by industry standard encryption processes (SSL encryption).

For more information about how Abacus eMedia secures and processes data, please see Abacus eMedia’s privacy policy. We have no legal means of finding out the identities of persons visiting our website and do not make any attempt to do so.

GRC World Forums Ltd websites includes;

grcworldforums.com

privsecglobal.com 

privsecinfrastructure.com

privseciam.com

fincrimeworldforum.com

fraudlossprevention.com

dataprotectionworldforum.com

thedpindex.com

womeningrc.com

thegrcredflag.com

regtechglobal.live

businesscontinuityglobal.live

enterpriseriskmanagementglobal.com

digitaltrusteurope.com

grcteamawards.com

esgworldforum.live

piccasoprivacyawards (managed service)

diversity-equity-and-inclusion-in-tech-awards

community.ideasforums.com

We use a number of different cookies for various purposes, including enhancing website functionality, website analytics and marketing.

Full details of all the cookies we use can be found in our cookie tool, the link to which is the green circle situated at the bottom left corner of all the main pages of this website, including this page. When you visit this website, you are directed to this tool and asked to confirm your preferences. You are able to change your preferences at any time through this tool.

Apple and Android apps

The GRC World Forums apps available through the Apple Store and the Google Play Store do not collect or process any personal data additional to that provided by delegates when registering for conference or subscribing for our services. The contents of this privacy policy and data privacy notice apply equally to these apps.

Data Privacy Notice

The EU General Data Protection Regulation (GDPR), as read with the UK GDPR and the UK Data Protection Act 2018, give individuals in the European Union and the UK enhanced rights over the use of their personal data. Under the UK GDPR, we are required to give you certain information, including your rights when you provide us with your personal data.

Contract

If you subscribe to attend one of our conferences or other events, we will ask you for a minimal amount of personal data to enable us to process your booking, to keep you informed of any developments concerning your attendance at the conference or event and for administration purposes. Our legal basis for processing your personal data for these purposes is contractual (Article 6(1)(b) GDPR).

If you opt-in to receiving marketing information about our events and/or related services, you are giving us your explicit consent under Article 6(1)(a) GDPR to process your personal data for these specific purposes. This consent can be withdrawn at any time.

In some cases, you will have given consent for your data to be shared with a third party for marketing or other purposes and you would have been referred to that third party’s privacy policy.

Legitimate interests

We retain third-party research services to identify appropriate persons at companies and other organisations who we feel, given their position and role, may be interested in, or benefit from, receiving details of our future conferences or other services.

These researchers obtain the details of such persons from publicly-available information on the internet. The legal basis on which we process personal data and communicate with data subjects in these circumstances is our legitimate interests under Article 6(1)(f) of GDPR.

In conducting our legitimate interests’ assessment, consideration was given to the following:

  • The amount of personal data processed is minimal;
  • The data is publicly available and is not sensitive in any way;
  • The relationship is business to business and relevant to the job title;
  • There is minimal privacy risk;
  • There is no viable alternative means of communication;
  • The processing is vital to our business operations;
  • The data subjects are senior business people who would mostly be interested in the services we offer;
  • There is a simple opt-out facility.

On balance, we concluded that the processing is justified as it is vital to our business interests while having a minimal impact on the rights and freedoms of data subjects.

Data use

The personal data you provide us with when subscribing for our services will be used only for the purposes of providing you with and improving those services. Some data elements, e.g. job titles and company names, may be aggregated on an anonymised basis for analytical and statistical purposes to enable us to improve our services.

Protection of your Personal Information

We take all reasonable care and apply necessary technical and organisational measures to protect your personal data. Where we employ data processors to process your data on our behalf, we ensure that the necessary contractual protections are in place.

We will not sell your personal data under any circumstances. We will not transfer your personal data to any third parties unless you have specifically consented to this under our marketing terms, other than to our data processors who will be contractually bound to process your data only in accordance with our instructions and to keep your data secure.

We do not ourselves transfer your personal data outside of the EU/EEA. However, certain of our data processors may do so and where this occurs, such transfer will only be to the USA and will be carried out under the EU Standard Contractual Clauses.

Data retention

In accordance with the principle of minimising data retention, we will retain your personal data only for so long as is necessary for the purposes for which it was acquired, subject to legal and other relevant requirements, in accordance with our data retention policy, as follows:

  • Data acquired for contractual purposes – 7 years
  • Data acquired through marketing activities – 1 to 2 years

At the expiry of the relevant data protection period, personal data will be deleted or anonymised.

Your rights under the GDPR include the following:

  • The right at any time to withdraw your consent to the processing of your personal data for marketing purposes.
  • The right to be informed of what personal data we hold, how we obtained it, who we may have shared it with and why and how long we intend to keep it.
  • The right to have your personal data rectified in the event that it is inaccurate or incomplete.
  • The right to request the erasure of your personal data (also called the right to be forgotten), subject to our retention policy.
  • The right to restrict the processing of your personal data.
  • The right to data portability (i.e. transfer of your personal data at your request to another organisation).
  • The right to be informed of any automated profiling (We currently do not process your personal data in this manner).

Your rights above can be exercised free of charge by contacting us as described below.

In all cases, we will need to satisfy ourselves of your identity before we can action a subject access request under the GDPR. We will usually require proof of identity such as a passport or driver’s licence.

If you feel that any of your rights have been infringed, you have the right to lodge a complaint with the Information Commissioner’s Office.

Online events

GRC World Forums operate a range of online only events such as #RISK A.I. Digital, #RISK Digital, PrivSec Global, FinCrime Global and many more. All online events are sponsor led events which aim to bring you the best information and insights from across the industries. GRC aims to provide the best industry events and content and in return for providing our events and content FREE of charge, GRC would like to contact you about events, products and services that you may find interesting.

When registering for an event, we request some personal details, including a work email address. In addition to supporting your registration, this data is used for marketing purposes by GRC. This processing is carried out based on our legitimate business interests. Being able to promote our events, products and services to the attendees of our events allows us to grow and develop our business.

We do understand that not everyone wishes to receive updates. You are able to unsubscribe at any time by following the links in any marketing emails we send to you or by emailing privacy@grcworldforums.com.

Sharing your data with our partners and sponsors

We work with a wide range of industry related sponsors and partners. If you register for an event, we will share your personal data with the Gold, Platinum, Overall Headline, Theatre Sponsors and the sponsors of any of the individual sessions or webinars that you choose to attend. This processing is carried out based on our legitimate business interests. Being able to share the data relating to our attendees with our partners and sponsors allows us to grow and develop our business.

The way in which our sponsors and partners use your personal data is their responsibility only, and details will be set out in their own privacy notices. Please ensure that you read and are happy with such notices. If you would prefer for us not to share your data with our sponsors or partners, please email privacy@grcworldforums.com after each event registration.

In person events

In addition to our range of online events. GRC World Forums also operate a range of in person events. Our events take place all over the world, including the UK, Irleand, Miami and Dubai. In person events are paid and sponsored events which aim to bring you the best information and insights from the across the GRC industry. GRC and our Sponsors aim to provide access to the best industry content and would like to contact you about products and services that you may find interesting.

When registering for an event, we request some personal details, including a work email address. In addition to supporting your registration, this data is used for marketing purposes by GRC. This processing is carried out based on our legitimate business interests. Being able to promote our events, products and services to the attendees of our events allows us to grow and develop our business.

We do understand that not everyone wishes to receive updates. You can unsubscribe at any time by following the links in any marketing emails we send to you or by emailing privacy@grcworldforums.com.

During your attendance at our in-person events, exhibitors and vendors may ask to scan your visitor badge. If you agree to a vendor or exhibitor scanning your badge, your personal details will be shared with them after the event. GRC World Forums do not have control over how the exhibitors and vendors use this data and any questions around the processing should be directed to the vendor in the first instance.

Sharing your data with our partners and sponsors

We work with a wide range of industry related sponsors and partners. If you register for an event, we will share your personal data with the Gold, Platinum, Overall Headline, Theatre Sponsors and the sponsors of any of the individual sessions or webinars that you choose to attend. This processing is carried out based on our legitimate business interests. Being able to share the data relating to our attendees with our partners and sponsors allows us to grow and develop our business.

The way in which our sponsors and partners use your personal data is their responsibility only, and details will be set out in their own privacy notices. Please ensure that you read and are happy with such notices. If you would prefer for us not to share your data with our sponsors or partners, please email privacy@grcworldforums.com after each event registration.

How to contact us

If you have any queries about our website or about how we process data, you can contact us as follows:

The Cottages
Jones Court
Womanby Street
Cardiff
CF10 1BR

Email address: dataprotection@grcworldforums.com

Telephone No.: 0203 515 3010

17 August 2021

We reserve the right to make changes from time to time to our Privacy Policy and Data Privacy Notice which will be effective from the time that they are published on this website.

You can also view our terms & conditions