HISA GDPR COMPLIANCE POLICY

Effective Date: October 28th, 2024

Introduction

The Headway Institute of Strategic Alliance (HISA Research HQ) is committed to protecting the privacy and personal data of all individuals, including event participants, partners, employees, and stakeholders. This GDPR Compliance Policy outlines how HISA processes, stores, and protects personal data in accordance with the General Data Protection Regulation (GDPR) (EU) 2016/679.

Scope

This policy applies to:

  1. Participants registering for events or conferences organized by HISA.
  2. Employees, contractors, and volunteers involved in event management and operations.
  3. Partners, sponsors, and vendors supporting HISA events.
  4. Visitors and users interacting with HISA through our website or digital platforms.

This policy applies to all personal data collected, processed, or stored by HISA, regardless of location or source.

What Data We Collect

HISA collects and processes the following categories of personal data:

  1. Personal Identification Data: Name, address, email, phone number, and passport details.
  2. Event-Related Information: Registration details, ticket purchases, session preferences, and event participation data.
  3. Financial Data: Payment information for event registrations and ticket sales.
  4. Media and Marketing Data: Photographs, videos, and testimonials for promotional purposes.
  5. Technical Data: IP addresses, cookies, and browsing activity on HISA’s website.

How We Use Personal Data

HISA processes personal data for the following purposes:

  1. Event Registration and Management: To facilitate event participation, ticket sales, and communication with attendees.
  2. Communication and Marketing: To send event updates, newsletters, and promotional offers with explicit consent.
  3. Payment Processing: To securely process ticket purchases and manage refunds where applicable.
  4. Compliance with Legal Obligations: To comply with applicable laws, including tax regulations and government reporting.
  5. Media Usage: Photographs and videos captured during events may be used for promotional purposes across HISA’s platforms.

Legal Basis for Processing

HISA processes personal data under the following legal bases:

  1. Consent: Data subjects explicitly provide consent for specific purposes, such as receiving newsletters or marketing communications.
  2. Contractual Necessity: Processing is required to fulfill our contractual obligations (e.g., event registration and participation).
  3. Legal Obligation: Compliance with applicable laws and regulations.
  4. Legitimate Interest: Data processing necessary for legitimate interests, such as improving event operations and participant engagement.

How We Protect Personal Data

HISA takes appropriate technical and organizational measures to protect personal data from unauthorized access, loss, alteration, or misuse, including:

  1. Encryption: Sensitive data is encrypted both in transit and at rest.
  2. Access Control: Personal data is accessible only to authorized personnel.
  3. Regular Audits: We conduct regular data protection audits and assessments to ensure compliance.
  4. Data Retention Policy: Personal data is retained only as long as necessary for the purposes outlined in this policy or as required by law.

Data Subject Rights

Under the GDPR, data subjects have the following rights:

  1. Right to Access: You have the right to request access to your personal data that we hold.
  2. Right to Rectification: You may request corrections to inaccurate or incomplete data.
  3. Right to Erasure: You can request the deletion of your personal data, subject to legal requirements.
  4. Right to Restriction of Processing: You can request that we restrict the processing of your data under certain circumstances.
  5. Right to Data Portability: You have the right to receive your personal data in a structured, commonly used format.
  6. Right to Object: You can object to the processing of your data based on legitimate interests or direct marketing.
  7. Right to Withdraw Consent: You can withdraw your consent to data processing at any time.

To exercise these rights, please contact [Insert Contact Email].

Third-Party Sharing and Transfers

HISA may share personal data with third parties under the following circumstances:

  1. Event Partners and Vendors: Data may be shared with event venues, sponsors, and vendors to facilitate event operations.
  2. Payment Processors: Payment information is shared securely with Stripe and other payment gateways.
  3. Legal Obligations: Data may be disclosed to regulatory authorities when required by law.
  4. International Transfers: If data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) or equivalent frameworks.

Cookies and Website Tracking

Our website uses cookies and tracking technologies to enhance user experience and analyze website traffic. You can manage your cookie preferences through your browser settings.

Data Breach Notification

In the event of a data breach, HISA will notify affected individuals and relevant authorities within 72 hours of becoming aware of the breach, in accordance with GDPR requirements.

Updates to this Policy

We may update this GDPR Compliance Policy from time to time to reflect changes in legal requirements or business operations. Any updates will be posted on our website, and significant changes will be communicated directly to participants or partners.