Privacy Policy
Last updated: July 2026
This document is provided for transparency. Final wording should be validated by GCBR’s legal advisers.
This Privacy Policy explains how Global Council for Business Resilience (GCBR) ("GCBR", "we", "us") collects and uses personal data when you visit https://resilience-summit.org or interact with the Paris Resilience Summit 2026 ("the Summit", "the Event").
1. Data controller
The data controller is GLOBAL COUNCIL FOR BUSINESS RESILIENCE, operating as Global Council for Business Resilience (GCBR).
Registered office: 41 rue de Fourqueux, 78100 Saint-Germain-en-Laye, France
SIREN: 993 360 601 · SIRET: 993 360 601 00013 · RNA: W783013613
Contact: info@gcbr-org.com
Organiser website: https://global-council-for-business-resilience.org/
Summit website: https://resilience-summit.org
For data protection enquiries, contact our privacy team at info@gcbr-org.com.
2. Scope
This policy applies to personal data collected through this website, including contact and registration-of-interest forms, email correspondence initiated via the site, and technical data generated when you browse our pages.
Ticket purchases are processed by HelloAsso, a separate data controller. Please review HelloAsso’s privacy policy when buying tickets.
3. Personal data we collect
Depending on how you interact with us, we may collect:
- Identity and contact details: name, email address, organisation, job title, country.
- Enquiry content: messages, areas of interest, enquiry type.
- Consent records: privacy acknowledgement, optional marketing consent, cookie preferences.
- Technical data: IP address, browser type, device information, pages visited, referral source, and approximate location derived from IP (via server logs or analytics, if enabled).
- Event-related data: ticket status and attendance information when shared by HelloAsso or collected at the venue.
4. Purposes and legal bases (GDPR)
We process personal data only where we have a valid legal basis under the GDPR:
| Purpose | Legal basis | Retention |
|---|---|---|
| Responding to enquiries and contact requests | Legitimate interest (Art. 6(1)(f)) — managing summit communications | Up to 3 years after last contact |
| Registering interest in the Summit | Consent (Art. 6(1)(a)) for optional marketing; legitimate interest for managing your request | Until the event concludes + 1 year, or until you withdraw consent |
| Ticket sales | Contract performance (Art. 6(1)(b)) — processed by HelloAsso | Per HelloAsso retention policy and applicable accounting rules |
| Website security and fraud prevention | Legitimate interest (Art. 6(1)(f)) | Server logs: typically up to 12 months |
| Audience analytics (if you consent) | Consent (Art. 6(1)(a)) | Per analytics provider settings (max. 13 months recommended) |
| Legal and regulatory compliance | Legal obligation (Art. 6(1)(c)) | As required by applicable law |
5. Who receives your data
We may share personal data with:
- GCBR staff and authorised volunteers involved in organising the Summit.
- Co-organisers and venue partners where necessary to deliver the Event (e.g. École des Ponts Business School / Leonard).
- Service providers acting as processors (hosting, email, analytics if enabled) under data processing agreements.
- HelloAsso for ticket transactions.
- Authorities when required by law.
We do not sell your personal data.
6. International transfers
Some service providers may process data outside the European Economic Area (EEA). Where this occurs, we ensure appropriate safeguards such as Standard Contractual Clauses or adequacy decisions, as required by GDPR Chapter V.
7. Retention
We keep personal data only as long as necessary for the purposes described above, then delete or anonymise it unless a longer period is required by law (e.g. tax or litigation).
8. Your rights
Under the GDPR, you have the right to:
- Access your personal data.
- Rectify inaccurate data.
- Erase your data in certain circumstances.
- Restrict processing in certain circumstances.
- Object to processing based on legitimate interests.
- Withdraw consent at any time (without affecting prior lawful processing).
- Data portability where processing is based on consent or contract and carried out by automated means.
- Lodge a complaint with a supervisory authority.
To exercise your rights, email info@gcbr-org.com. We respond within one month, extendable where permitted by law.
You may also contact Commission Nationale de l'Informatique et des Libertés (CNIL) at https://www.cnil.fr/en/complaints.
9. Children
This website is not directed at children under 16. We do not knowingly collect data from children. Contact us if you believe we have collected a child’s data.
10. Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, loss, or alteration. No online transmission is completely secure; please use trusted networks when submitting information.
11. Changes to this policy
We may update this Privacy Policy to reflect legal, technical, or operational changes. The “Last updated” date will be revised accordingly. Material changes may be highlighted on the website.
12. Contact
Privacy enquiries: info@gcbr-org.com
General enquiries: info@gcbr-org.com
