Privacy Policy

Effective date: 25 June 2025

Who We Are
Brasov Forum is the flagship annual event of the Center for Trustworthy AI (CTAI).
The Center is operated and legally owned by:
Cloud Lighthouse Ltd, 14 Spruce House, London SE10 8HF, United Kingdom
For the purposes of UK GDPR and EU GDPR, Cloud Lighthouse Ltd is the “data controller.”
How to Contact Us
Postal address: Data Protection Officer, Cloud Lighthouse Ltd, 14 Spruce House, London SE10 8HF, UK
Web form: Contact → Inquiry “Privacy Request”
What Personal Data We Collect
Website visits: IP address, browser type, device, pages visited, cookies (see section 8)
Ticket purchase: name, job title, company, billing address, email, phone (optional), ticket type, payment token processed by Stripe
Speaker proposals (Sessionize): bio, headshot, social links, session abstract
Sponsorship and media forms: name, company, email, phone, proposal details
On-site: badge scans, session attendance, event photos and video
We do not collect special-category (“sensitive”) data unless you voluntarily provide dietary or accessibility information during registration.
Legal Bases for Processing
Ticket purchase and fulfilment: Contract (Article 6 (1)(b))
Speaker and sponsor evaluation: Legitimate interest (Article 6 (1)(f))
Marketing emails to existing delegates: Legitimate interest (soft opt-in, PECR)
Marketing emails to new contacts: Consent (Article 6 (1)(a))
Web analytics and cookies: Consent (via cookie banner)
Compliance and tax records: Legal obligation (Article 6 (1)(c))
How We Use Your Data
– Issue tickets, invoices, and confirmations
– Build personalised agendas after login
– Evaluate speaker submissions and sponsorship proposals
– Run the event on-site (badges, access control, incident response)
– Send operational updates and, with consent, marketing news
– Analyse website traffic and improve content
– Comply with tax, accounting, and regulatory obligations
We never sell attendee data to third parties.
Sharing and International Transfers
Stripe Payments (USA/EEA): tokenised card processing
Sessionize (USA/EU): speaker-proposal platform
Event production vendors (EU): receive name and company for badge printing
Standard Contractual Clauses (SCCs) or UK IDTA are in place for any transfer outside the UK/EU.
Data Retention
Financial and VAT records: 7 years
Ticket and attendee profile: 3 years after event
Speaker submissions: 2 years
Marketing lists: until opt-out or 2 years of inactivity
CCTV and event photos: 12 months for non-selected material; unlimited for official gallery
Cookies and Analytics
We use first-party cookies for session security and preference storage, and optional third-party cookies for Google Analytics 4.
The cookie banner allows “Accept all” or “Manage preferences.” Refusing cookies will not block ticket-purchase functions.
Your Data Protection Rights
Under UK GDPR/EU GDPR you may access your data, correct inaccuracies, erase data, restrict or object to processing, port data to another provider, and withdraw consent at any time for marketing emails.
Submit requests via the Privacy form; we respond within 30 days.
Children
Brasov Forum is a professional event. We do not knowingly collect data from anyone under 16. Parents may request deletion of minor data via the contact details in section 2.
Security
Data is encrypted in transit (TLS 1.2+) and at rest. Access is role-based, MFA-protected, and logged. Regular penetration tests are conducted by ISO 27001-certified vendors.
Changes to This Policy
We may update this policy to reflect legal or operational changes. The effective date will change accordingly, and significant amendments will be announced via email.
Complaints
If you believe we have mishandled your data, please contact us first. You also have the right to lodge a complaint with:
UK: Information Commissioner’s Office (ico.org.uk)
EU: Your local Data Protection Authority