Data Protection

GDPR compliance and data protection measures for WHEF 2025

Last Updated: January 2025

This Data Protection page outlines our commitment to protecting your personal data in compliance with the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and other applicable data protection laws.

1. Our Data Protection Commitment

World Hindu Economic Forum ("WHEF") is committed to protecting and respecting your privacy. We process personal data in accordance with applicable data protection laws, including:

  • GDPR (General Data Protection Regulation) - for EU/EEA residents
  • CCPA (California Consumer Privacy Act) - for California residents
  • Australian Privacy Principles - for Australian residents
  • Other applicable national and regional data protection laws

Our Promise: We only collect and process personal data that is necessary for legitimate business purposes, and we implement appropriate technical and organizational measures to protect your data.

2. Lawful Basis for Processing

We process your personal data based on the following lawful bases under GDPR:

2.1 Contractual Necessity

Processing is necessary for the performance of a contract:

  • Event registration and participation
  • Travel package bookings and arrangements
  • Payment processing and invoicing
  • Customer support and service delivery

2.2 Legitimate Interest

Processing is necessary for our legitimate interests:

  • Website analytics and performance improvement
  • Fraud prevention and security measures
  • Business development and networking facilitation
  • Internal administration and record keeping

2.3 Consent

Processing is based on your explicit consent:

  • Marketing communications and newsletters
  • Optional data sharing with sponsors and partners
  • Cookies and tracking technologies (non-essential)
  • Photography and media usage during events

2.4 Legal Obligation

Processing is necessary to comply with legal requirements:

  • Tax and accounting obligations
  • Anti-money laundering and fraud prevention
  • Health and safety requirements
  • Regulatory reporting and compliance

3. Your Data Subject Rights

Under GDPR and other applicable data protection laws, you have the following rights:

Right of Access

Request a copy of the personal data we hold about you, including information about how we process it.

Right to Rectification

Request correction of inaccurate or incomplete personal data.

Right to Erasure

Request deletion of your personal data (subject to certain exceptions).

Right to Restrict Processing

Request limitation of how we process your personal data.

Right to Data Portability

Receive your personal data in a structured, commonly used format.

Right to Object

Object to processing of your personal data for certain purposes.

How to Exercise Your Rights

To exercise any of these rights, please contact us with the following information:

  • Your full name and contact information
  • Specific details of your request
  • Proof of identity (for security purposes)
  • Any relevant reference numbers or account information

We will respond to your request within 30 days (or 1 month under GDPR) and may extend this period by up to 2 months for complex requests.

4. Technical and Organizational Measures

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk:

4.1 Technical Measures

  • Encryption: Data encryption in transit (TLS/SSL) and at rest (AES-256)
  • Access Controls: Multi-factor authentication and role-based access
  • Network Security: Firewalls, intrusion detection, and monitoring systems
  • Data Backup: Regular secure backups with tested recovery procedures
  • Vulnerability Management: Regular security assessments and patch management

4.2 Organizational Measures

  • Staff Training: Regular data protection and security awareness training
  • Access Management: Principle of least privilege and need-to-know basis
  • Incident Response: Documented procedures for data breach response
  • Third-Party Management: Due diligence and contractual safeguards
  • Policy Framework: Comprehensive data protection policies and procedures

5. International Data Transfers

We may transfer your personal data to countries outside the European Economic Area (EEA) or your country of residence. When we do so, we ensure appropriate safeguards are in place:

5.1 Adequacy Decisions

Transfers to countries with adequate data protection levels recognized by relevant authorities.

5.2 Standard Contractual Clauses

Use of European Commission-approved standard contractual clauses with service providers.

5.3 Other Appropriate Safeguards

Binding corporate rules, certification schemes, or codes of conduct as approved by data protection authorities.

6. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the relevant supervisory authority within 72 hours of becoming aware of the breach
  • Notify affected individuals without undue delay if there is a high risk to their rights and freedoms
  • Document the breach, including facts, effects, and remedial action taken
  • Take immediate steps to contain and assess the breach
  • Implement measures to prevent similar breaches in the future

If you suspect a data breach or security incident, please contact us immediately at:

Email: [email protected]

7. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to monitor compliance with data protection laws and serve as a point of contact for data protection matters.

Data Protection Officer Contact:

World Hindu Economic Forum

Email: [email protected]

Email: [email protected]

Website: https://events.hindueconomy.org

You can contact our DPO directly for any data protection concerns, questions about your rights, or to file a complaint.

8. Supervisory Authority

You have the right to lodge a complaint with the relevant data protection supervisory authority if you believe we have not complied with applicable data protection laws.

For EU/EEA Residents

Contact your local Data Protection Authority. A list is available at: EDPB Members

For UK Residents

Information Commissioner's Office (ICO) - ico.org.uk

For Australian Residents

Office of the Australian Information Commissioner (OAIC) - oaic.gov.au

9. Regular Review and Updates

We regularly review and update our data protection practices to ensure ongoing compliance with applicable laws and to incorporate best practices in data security and privacy protection.

This Data Protection page will be updated to reflect any material changes in our data processing activities or legal requirements.