Paris Resilience Summit 2026 — The Unaddressed Issues

Privacy Policy

Last updated: July 2026

This document is provided for transparency. Final wording should be validated by GCBR’s legal advisers.

This Privacy Policy explains how Global Council for Business Resilience (GCBR) ("GCBR", "we", "us") collects and uses personal data when you visit https://resilience-summit.org or interact with the Paris Resilience Summit 2026 ("the Summit", "the Event").

1. Data controller

The data controller is GLOBAL COUNCIL FOR BUSINESS RESILIENCE, operating as Global Council for Business Resilience (GCBR).

Registered office: 41 rue de Fourqueux, 78100 Saint-Germain-en-Laye, France

SIREN: 993 360 601 · SIRET: 993 360 601 00013 · RNA: W783013613

Contact: info@gcbr-org.com

Organiser website: https://global-council-for-business-resilience.org/

Summit website: https://resilience-summit.org

For data protection enquiries, contact our privacy team at info@gcbr-org.com.

2. Scope

This policy applies to personal data collected through this website, including contact and registration-of-interest forms, email correspondence initiated via the site, and technical data generated when you browse our pages.

Ticket purchases are processed by HelloAsso, a separate data controller. Please review HelloAsso’s privacy policy when buying tickets.

3. Personal data we collect

Depending on how you interact with us, we may collect:

  • Identity and contact details: name, email address, organisation, job title, country.
  • Enquiry content: messages, areas of interest, enquiry type.
  • Consent records: privacy acknowledgement, optional marketing consent, cookie preferences.
  • Technical data: IP address, browser type, device information, pages visited, referral source, and approximate location derived from IP (via server logs or analytics, if enabled).
  • Event-related data: ticket status and attendance information when shared by HelloAsso or collected at the venue.

4. Purposes and legal bases (GDPR)

We process personal data only where we have a valid legal basis under the GDPR:

PurposeLegal basisRetention
Responding to enquiries and contact requestsLegitimate interest (Art. 6(1)(f)) — managing summit communicationsUp to 3 years after last contact
Registering interest in the SummitConsent (Art. 6(1)(a)) for optional marketing; legitimate interest for managing your requestUntil the event concludes + 1 year, or until you withdraw consent
Ticket salesContract performance (Art. 6(1)(b)) — processed by HelloAssoPer HelloAsso retention policy and applicable accounting rules
Website security and fraud preventionLegitimate interest (Art. 6(1)(f))Server logs: typically up to 12 months
Audience analytics (if you consent)Consent (Art. 6(1)(a))Per analytics provider settings (max. 13 months recommended)
Legal and regulatory complianceLegal obligation (Art. 6(1)(c))As required by applicable law

5. Who receives your data

We may share personal data with:

  • GCBR staff and authorised volunteers involved in organising the Summit.
  • Co-organisers and venue partners where necessary to deliver the Event (e.g. École des Ponts Business School / Leonard).
  • Service providers acting as processors (hosting, email, analytics if enabled) under data processing agreements.
  • HelloAsso for ticket transactions.
  • Authorities when required by law.

We do not sell your personal data.

6. International transfers

Some service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards such as Standard Contractual Clauses or adequacy decisions, as required by GDPR Chapter V.

7. Retention

We keep personal data only as long as necessary for the purposes described above, then delete or anonymise it unless a longer period is required by law (e.g. tax or litigation).

8. Your rights

Under the GDPR, you have the right to:

  • Access your personal data.
  • Rectify inaccurate data.
  • Erase your data in certain circumstances.
  • Restrict processing in certain circumstances.
  • Object to processing based on legitimate interests.
  • Withdraw consent at any time (without affecting prior lawful processing).
  • Data portability where processing is based on consent or contract and carried out by automated means.
  • Lodge a complaint with a supervisory authority.

To exercise your rights, email info@gcbr-org.com. We respond within one month, extendable where permitted by law.

You may also contact Commission Nationale de l'Informatique et des Libertés (CNIL) at https://www.cnil.fr/en/complaints.

9. Children

This website is not directed at children under 16. We do not knowingly collect data from children. Contact us if you believe we have collected a child’s data.

10. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. No online transmission is completely secure; please use trusted networks when submitting information.

11. Changes to this policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. The “Last updated” date will be revised accordingly. Material changes may be highlighted on the website.

12. Contact

Privacy enquiries: info@gcbr-org.com

General enquiries: info@gcbr-org.com

Buy Tickets