Privacy Policy
Last updated:
Introduction
Human Driven AI Summit ("Site") is operated by WitUp Ltd, a company registered in England and Wales with registered office at 27 Old Gloucester Street, London WC1N 3AX, United Kingdom ("Controller", "we"). This Privacy Policy describes how we process personal data collected through humandriven-ai.com and related services, in compliance with Regulation (EU) 2016/679 (GDPR) and the UK Data Protection Act 2018.
By accessing the Site or using our services you accept the practices described below. If you disagree, please do not use the Site.
1. Data controller
| Item | Detail |
|---|---|
| Legal entity | WitUp Ltd |
| Registered office | 27 Old Gloucester Street, London WC1N 3AX, United Kingdom |
| Registration | Companies House, UK |
| Privacy email | privacy@humandriven-ai.com |
| General email | info@humandriven-ai.com |
To exercise your GDPR rights write to privacy@humandriven-ai.com. Response within 30 days (extendable to 60 in complex cases, with prior notice).
2. Categories of data collected
2.1 Data provided directly by the user
- Identification data: first name, surname, professional role
- Contact data: email address, phone number (if provided), company
- Message contents: texts submitted via Contact forms, speaker applications, sponsor/partner enquiries, newsletter subscriptions
- Event registration data: where applicable, attendance and ticket data
2.2 Automatically collected data
- Technical navigation data: IP address (anonymised where possible), browser type, OS, language, timezone, pages visited, session duration, referrer
- Interaction data: CTA clicks, scroll depth, site path (via Google Analytics 4 with anonymised IP)
- Technical and analytics cookies: see Cookie Policy
2.3 Data received from third parties
In specific cases we may receive data from:
- LinkedIn / Twitter / social platforms (if you authenticate via OAuth — not currently active)
- Tickettailor (event ticket management, integration in progress)
3. Purposes of processing and legal basis
| Purpose | GDPR legal basis | Retention |
|---|---|---|
| Respond to form enquiries | Art. 6(1)(b) — pre-contractual measures | 24 months from last contact |
| Newsletter subscription | Art. 6(1)(a) — consent | Until consent withdrawal |
| Speaker / sponsor application | Art. 6(1)(b) — application handling | 36 months after event |
| Aggregate statistics (GA4) | Art. 6(1)(f) — legitimate interest | 14 months (GA4 default) |
| Security and fraud prevention | Art. 6(1)(f) — legitimate interest | 12 months access logs |
| Tax and accounting compliance | Art. 6(1)(c) — legal obligation | 10 years (UK tax law) |
We do not use your data for automated profiling. We do not make solely automated decisions producing legal effects on the data subject (Art. 22 GDPR).
4. Processing methods
Data is processed with manual and electronic tools following principles of:
- Lawfulness, fairness, transparency towards the data subject
- Purpose limitation (collection only for specified purposes)
- Data minimisation (only necessary data)
- Accuracy (kept up-to-date and correct)
- Storage limitation (kept for the minimum time necessary)
- Integrity and confidentiality (technical and organisational protection)
4.1 Security measures in place
- TLS 1.3 encryption in transit across the site (valid HTTPS certificate)
- At-rest encryption on database and storage (AES-256 via Supabase + Vercel)
- Multi-factor authentication (MFA) for administrative access
- Row Level Security on database tables
- Daily automated backups with 30-day retention
- Access logs and audit trail for administrative operations
- Periodic penetration testing and dependency updates
5. Data recipients and external processors
Your data may be processed by:
- Employees and collaborators of WitUp Ltd, authorised and trained
- Technical service providers (external processors under Art. 28 GDPR):
- Vercel Inc. (hosting, USA — Standard Contractual Clauses 2021/914 in force)
- Supabase Inc. (database and storage, EU region Frankfurt)
- Resend (transactional email, USA — SCC)
- Google LLC (Analytics 4 + reCAPTCHA, USA — SCC + Privacy Shield successor)
- Tickettailor (ticketing, UK)
- Competent authorities (only on legal request or court order)
- Professional advisors (accountants, lawyers) bound by professional secrecy
We do not sell your data to third parties. We do not share data with advertising brokers.
6. Transfers outside the EEA
Some providers (Vercel, Resend, Google) may transfer data outside the European Economic Area. In such cases we apply:
- Standard Contractual Clauses (SCC) approved by the European Commission (Decision 2021/914)
- Transfer Impact Assessments (TIA) where required
- Supplementary measures (end-to-end encryption, pseudonymisation)
7. Data subject rights (Art. 15–22 GDPR)
You have the right to:
- Access (Art. 15) — obtain confirmation of processing and a copy of the data
- Rectification (Art. 16) — correct inaccurate or incomplete data
- Erasure / "right to be forgotten" (Art. 17) — request data deletion (subject to legal retention obligations)
- Restriction (Art. 18) — restrict processing in specific cases
- Portability (Art. 20) — receive your data in a structured, readable format
- Objection (Art. 21) — object to processing based on legitimate interest or marketing
- Withdraw consent (Art. 7.3) — at any time, without affecting the lawfulness of prior processing
- Lodge a complaint with the supervisory authority:
How to exercise: send a written request to privacy@humandriven-ai.com indicating the right you intend to exercise. Response within 30 days.
8. Data retention
Retention periods are listed in the table at §3. At expiry, data is deleted or irreversibly anonymised, except where law requires longer retention (e.g. tax).
9. Minors
The Site is not intended for minors under 16. We do not knowingly collect data from minors without the consent of the parental responsibility holder. If you become aware that a minor has provided us data without consent, write to privacy@humandriven-ai.com for immediate removal.
10. Changes to this Policy
We reserve the right to update this Policy at any time. Changes take effect from the date of publication on this page. For substantial changes (new purposes, new recipients, different legal bases) we will notify you via email if you are subscribed to the newsletter, or via prominent notice on the Site.
11. Privacy contacts
| Channel | Contact |
|---|---|
| Dedicated privacy email | privacy@humandriven-ai.com |
| General email | info@humandriven-ai.com |
| Postal address | WitUp Ltd — 27 Old Gloucester Street, London WC1N 3AX, UK |
| Contact page | /en/contatti |