Scope

This policy applies to:

• Participants registering for events, fellowships, or conferences organized by IIMPs.
• Employees, contractors, and volunteers engaged in program management and operations.
• Partners, sponsors, and vendors supporting IIMPs events.
• Visitors and users interacting with IIMPs through its website or digital platforms.

This policy covers all personal data collected, processed, or stored by IIMPs, regardless of location or source.

What Data We Collect

IIMPs may collect and process the following categories of personal data:

• Personal Identification Data: Name, address, email, phone number, date of birth, and passport details.
• Event-Related Information: Registration details, program applications, ticket purchases, preferences, and event participation data.
• Financial Data: Payment information for registrations, ticketing, or other services.
• Media and Marketing Data: Photographs, videos, interviews, and testimonials for promotional purposes.
• Technical Data: IP addresses, cookies, and browsing activity on IIMPs’ digital platforms.

How We Use Personal Data

IIMPs processes personal data for the following purposes:

• Event Registration and Management: To manage applications, registrations, communications, and participation.
• Communication and Marketing: To send event updates, newsletters, and promotional offers (with explicit consent).
• Payment Processing: To securely process payments and manage refunds where applicable.
• Legal Compliance: To comply with applicable tax regulations, financial audits, and government reporting.
• Media Usage: Photos, videos, and testimonials may be used for event documentation and promotional purposes.

Legal Basis for Processing

IIMPs processes personal data under the following legal bases:

• Consent: When participants or partners provide explicit consent (e.g., for newsletters or marketing).
• Contractual Necessity: When data processing is required to fulfill contractual obligations (e.g., program participation).
• Legal Obligation: To comply with applicable laws and regulatory frameworks.
• Legitimate Interest: For purposes such as improving event delivery, enhancing participant experience, and ensuring organizational efficiency.

How We Protect Personal Data

IIMPs implements technical and organizational safeguards to ensure the confidentiality and integrity of personal data, including:

• Encryption: Sensitive data is encrypted in transit and at rest.
• Access Control: Data is accessible only to authorized personnel with proper clearance.
• Regular Audits: Routine data protection assessments are carried out to maintain compliance.
• Data Retention Policy: Data is retained only as long as necessary for the purposes outlined or as legally required.

Data Subject Rights

In line with GDPR, individuals whose data is collected by IIMPs have the following rights:

• Right to Access: Request access to personal data held.
• Right to Rectification: Request corrections to inaccurate or incomplete data.
• Right to Erasure (“Right to be Forgotten”): Request deletion of personal data, subject to legal requirements.
• Right to Restriction of Processing: Request limited use of personal data under certain circumstances.
• Right to Data Portability: Receive personal data in a structured, commonly used, machine-readable format.
• Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
• Right to Withdraw Consent: Withdraw previously given consent at any time.

👉 To exercise these rights, please contact: info@iimps.org

Third-Party Sharing and Transfers

IIMPs may share personal data with third parties in limited cases:

• Event Partners and Vendors: Shared with event venues, sponsors, or vendors to support operations.
• Payment Processors: Payment information is shared securely with verified gateways.
• Legal Obligations: Data may be shared with authorities if legally required.
• International Transfers: If data is transferred outside the EEA, IIMPs ensures appropriate safeguards such as Standard Contractual Clauses (SCCs).

Cookies and Website Tracking

IIMPs’ website uses cookies and tracking technologies to enhance user experience, personalize content, and analyze site traffic. Users may manage cookie preferences through browser settings.

Data Breach Notification

In the event of a personal data breach, IIMPs will notify affected individuals and relevant authorities within 72 hours of becoming aware, in compliance with GDPR requirements.

Updates to this Policy

This GDPR Compliance Policy may be updated periodically to reflect changes in legal frameworks, technological practices, or organizational processes. Updates will be published on the IIMPs official website, and significant changes will be directly communicated to affected stakeholders.