PRIVACY POLICY

PRIVACY POLICY

Privacy Policy for World Law Forum

Last Updated: 05 Aug, 2025

World Law Forum (“we”, “us”, “our”) operates the website worldlawforum.org and conducts in‑person and virtual events. We act as the data controller for your personal information.

If you have any concerns or questions about how your personal information is handled, please contact us at [email protected].

1. Personal Information & Why We Use It

Website Usage: We collect minimal anonymized data about website visits (e.g. page views, timing). We also capture technical information such as IP address, browser user agent, geolocation (country), and referral source for analytics and spam prevention.

  • Comments: When visitors leave comments, we process comment content, name, email, optional website, IP address, and browser details to manage spam and user engagement. We may use a hashed form of your email to query Gravatar for your profile image.
  • Contact & Event Registrations: If you submit a contact form or register for an event, we collect your name, email, organization, job title, country, and any optional information you provide. We use it to send event logistics, updates, materials, and follow-ups.
  • Event Attendees & Media: At events, we collect attendee contact details and may take photographs or recordings. We use this media for event promotion, future invitations, and with consent, public sharing.

We process personal information only as necessary, minimizing data collection and storing only what is needed for those specified uses.

2. Legal Basis for Processing

Under GDPR / UK GDPR and similar laws, we rely on:

  • Consent: For marketing communications, event photos/videos, and optional materials.
  • Legitimate Interests: To host events, maintain the website, protect from abuse, and respond to inquiries.
  • Contractual or legal obligations: Where required by law or to fulfill commitments.

3. Sharing & International Transfers

  • We use third-party service providers to facilitate our website, forms, registrations, email newsletters, analytics, storage, and photo/video hosting. Each provider is contractually bound to maintain GDPR‑ and CCPA-compliant standards and use appropriate safeguards.
  • We may share data with event sponsors or partners only with your explicit consent or disclosed in advance.
  • In case of corporate restructuring or asset transfer, personal data may be transferred, with safeguards such as standard contractual clauses in place.

Some data processors operate globally (e.g. in the EU, UK, or US). Where transfers occur outside high-standard jurisdictions, we rely on legal mechanisms such as EU–US Data Privacy Framework or Standard Contractual Clauses to ensure protection.

4. Retention of Information

  • Comments and related metadata are retained indefinitely for moderation and reference.
  • Registrant and attendee data is retained for up to ten (10) years after last interaction unless a shorter timeframe is requested or legally mandated.
  • Subscribers’ contact information is retained until unsubscribed or requested deletion.

5. Security & Risk Mitigation

We take your data protection seriously. Our safeguards include:

  • Encryption of data at rest and in transit
  • Multi-factor authentication and logging of access
  • Regular security audits and risk assessments
  • Data minimization and anonymization where feasible

However, no system is infallible, and transmission over networks may not be fully secure.

6. Children’s Privacy

Our website is intended for users aged 18 or older. We do not knowingly collect personal data from minors. If we learn of inadvertently receiving data from a minor under 18, we will promptly delete it.

7. Rights You Have Over Your Data

Depending on your location (e.g., EU/UK, Canada, California), you may have the right to:

  • Access your data
  • Correct inaccuracies
  • Request deletion
  • Restrict or object to processing
  • Port your data to another party
  • Withdraw consent (e.g. for marketing or media use)

For California residents: you also have rights under the CCPA/CPRA to know what personal information is collected, shared, or sold; to request deletion; and to opt-out of sale or sharing. We do not sell your personal information.

Requests can be submitted to [email protected]. We will respond within required legal timeframes (typically one month).

8. Automated Decision-Making & Profiling

We do not engage in automated decision-making or profiling that results in legal or similarly significant impacts.

9. Other Websites & Embedded Content

Our Site may link to or embed external sites and services (e.g. videos, social feeds). We are not responsible for their content or privacy practices. Review each site’s policy to understand how your data may be handled elsewhere.

10. Updates to This Privacy Policy

We may update this policy periodically. We will publish changes on our website and display the effective date at the top. Significant changes will be communicated to you.

11. Compliance with AI Regulations (EU AI Act & Ethical AI Practices)

Where we deploy AI tools, we adhere to emerging ethical and regulatory frameworks:

  • Conducting data protection and risk impact assessments throughout AI lifecycle
  • Limiting data collection and using anonymization/masking when feasible
  • Providing transparency on AI use and human oversight mechanisms

We monitor developments under the EU AI Act (effective August 2026) for high-risk or general-purpose AI applications that may apply to our operations.

12. Contact Information & Supervisory Authority

Email: [email protected]

Postal address: World Law Forum Ltd, Kemp House, 124-128 City Road, London, United Kingdom EC1V 2NX

If you disagree with our response to a privacy request, you may escalate your concern to the relevant data protection authority (e.g. ICO in the UK, CNIL in France, CCPA enforcement in California, etc.).