The following Privacy Policy (the "Policy"), together with our Terms of Service and any other documents referred to herein, sets out how RISK ACADEMY LTD. ("RAW", "we", "us", or "our") uses the personal data you provide us at www.riskawarenessweek.com (the "Website") and associated event platforms.

Please read this Privacy Policy carefully. By using our Website or registering for an event, you agree to the terms of this Policy.

Purpose of this Privacy Policy

The purpose of this Privacy Policy is to give you information about how RISK ACADEMY LTD. collects and processes your personal data through your use of the Risk Awareness Week services, including any data you may provide when you register for the event, sign up for workshops, or subscribe to our newsletter.

This Privacy Policy applies to all users of the Risk Awareness Week Platform and associated technology. It is important that you read this Privacy Policy together with any other privacy notice or fair processing policy we may provide on specific occasions so that you are fully aware of how and why we are using your data.

Controller

RISK ACADEMY LTD. is the "Controller" of your personal data collected through the Risk Awareness Week event. This means we are responsible for deciding how we hold and use personal information about you.

We use third-party platforms (such as HeySummit, Zoom, Vimeo, and others) to deliver our event. In these instances, these platforms act as "Processors" regarding your registration and attendance data, processing it on our behalf and under our instructions.

Changes to our Privacy Policy

We keep our Privacy Policy under regular review. We will notify you of any changes by posting an updated, date-stamped version of this Privacy Policy on our website. If we make changes that materially alter your privacy rights, we will provide notice to you via email or a prominent notice on the Website. Accordingly, please keep your account information, including your email address, updated.

Third-Party Links

Our Website and Event sessions may include links to third-party websites, plug-ins, and applications (including those of our Sponsors and Partners). Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements.

1. The Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:

• Identity Data: Includes first name, last name, username or similar identifier, job title, and company name. This may also include audio-visual content (recordings) if you speak at or actively participate in recorded sessions with your camera/microphone on.
• Contact Data: Includes email address, telephone numbers, and country of residence.
• Transaction Data: Includes details about payments to us and other details of products (tickets, replays, certificates) you have purchased. Note: We do not store card details on our server. Credit and debit card payments are processed by secure third-party payment providers (e.g., Stripe).
• Technical Data: Includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, and other technology on the devices you use to access the Website.
• Profile Data: Includes your username and password, purchases or orders made by you, your interests, preferences, feedback, and survey responses.
• Usage Data: Includes information about how you use our Services, such as which sessions you attended, length of visit, page views, and navigation paths.
• Marketing and Communications Data: Includes your preferences in receiving marketing from us and our third-party partners (Sponsors).
• Aggregated Data: We also collect, use, and share Aggregated Data such as statistical or demographic data. Aggregated Data could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.

2. How Is Your Personal Data Collected?

We use different methods to collect data from and about you including through:

• Direct interactions: You may give us your Identity and Contact Data by filling in forms or by corresponding with us by email or otherwise. This includes personal data you provide when you:
  • Register for Risk Awareness Week;
  • Subscribe to our publications or newsletter;
  • Request marketing to be sent to you;
  • Participate in a workshop, promotion, or survey;
  • Give us feedback.
• Automated technologies or interactions: As you interact with our Website, we may automatically collect Technical and Usage Data about your equipment, browsing actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
• Third-Parties: We may receive personal data about you from various third parties, including:
  • Analytics providers (such as Google Analytics);
  • Event platform providers (such as HeySummit);
  • Payment and delivery service vendors (such as Stripe).

3. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

• Performance of Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., to provide you with access to the Event and its sessions).
• Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests (e.g., to keep our records updated, to study how attendees use our event, to develop our products/services, and to grow our business).
• Comply with Legal Obligation: Where we need to comply with a legal obligation.

Purposes for which we will use your personal data

• To register you as an attendee: Identity and Contact data.
• To process your payment: Identity, Contact, Transaction data.
• To manage our relationship with you: Notifying you about changes to our terms or privacy policy, asking you to leave a review, or sending CPE/CPD certificates.
• To deliver relevant content and advertisements: Using your Profile and Usage data to recommend specific workshops or sessions relevant to your risk management interests.
• To administer and protect our business: Troubleshooting, data analysis, testing, system maintenance, support, reporting, and hosting of data.

Marketing and Sponsors

Risk Awareness Week is often made possible through the support of sponsors. We may share your relevant Registration Data (Name, Email, Company, Title) with sponsors only if you explicitly consent. Consent is typically obtained when you:

• Opt-in specifically during registration to share data with partners;
• Visit a virtual sponsor booth;
• Scan your badge (virtually or physically) at a sponsor session.

You can ask us to stop sending you marketing messages or stop sharing your data with third parties at any time by contacting us or using the unsubscribe links in emails.

4. Disclosures of Your Personal Data

We may share your personal data with the parties set out below for the purposes set out above:

• Service Providers: Acting as processors who provide IT, system administration, and event hosting services (including HeySummit, Zoom, Vimeo, email marketing platforms).
• Professional Advisers: Acting as processors or joint controllers including lawyers, bankers, auditors, and insurers.
• Regulators: And other authorities who require reporting of processing activities in certain circumstances.
• Third Parties (Business Transfer): To whom we may choose to sell, transfer, or merge parts of our business or our assets.

5. International Transfers

We operate globally, and your personal data may be transferred to, and processed in, countries other than the country in which you are resident. Many of our external third parties (such as cloud service providers) are based outside the European Economic Area (EEA).

Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

• We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data.
• Where we use certain service providers, we may use specific contracts approved by the European Commission (Standard Contractual Clauses).
• Where we use providers based in the US, we transfer data under the Data Privacy Framework (DPF) or other applicable legal mechanisms ensuring data protection.

6. Data Security

We have put in place commercially reasonable security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorized way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors, and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

7. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.

8. Your Legal Rights

Under certain circumstances, you have rights under data protection laws (including GDPR) in relation to your personal data. You have the right to:

• Request access to your personal data.
• Request correction of the personal data that we hold about you.
• Request erasure of your personal data ("right to be forgotten").
• Object to processing of your personal data where we are relying on a legitimate interest.
• Request restriction of processing of your personal data.
• Request the transfer of your personal data to you or to a third party.
• Withdraw consent at any time where we are relying on consent to process your personal data.

If you wish to exercise any of the rights set out above, please contact us.

9. Contacting Us

If you have any questions about this Privacy Policy or our privacy practices, including any requests to exercise your legal rights, please contact us as follows:

You have the right to make a complaint at any time to your applicable data protection supervisory authority. We would, however, appreciate the chance to address your concerns before you approach the authority, so please contact us in the first instance.