Privacy Policy — Payment and Registration

• Data collected: We collect name, email, phone number, educational institution, student ID, registration category, event choices, and payment details necessary to process conference registration.
• Payment details handling: We do not store full card numbers or CVV on our servers; card data is collected and processed through the chosen payment gateway.
• Third-party payment processors: Payment processing is performed by third-party gateways; we share only the data required to complete the transaction (name, email, amount, and masked payment reference).
• Sensitive data minimization: We collect only the minimum sensitive information required for registration and billing and do not request unnecessary sensitive personal data.
• Consent: By registering and paying, users consent to the collection, processing, and sharing of their personal data as described in this policy.
• Lawful basis: Processing of personal data for registration and payments is carried out on the lawful basis of contract performance and legitimate interest in administering the event.
• Encryption in transit: All data transmitted during registration and payment is encrypted using TLS/SSL to protect information in transit.
• Data at rest protection: Personal data stored by the conference site is protected with industry-standard technical and organisational measures, including access controls and encryption where appropriate.
• Access controls: Access to registrant data is limited to authorised staff and service providers who need the information to fulfil registration, payment reconciliation, or event administration.
• Payment gateway security compliance: We partner with payment processors that maintain industry security standards (such as PCI DSS compliance) and require those processors to protect cardholder data.
• Masked and tokenized data: Where possible, stored payment references and tokens are masked or tokenized so that raw card details are never exposed to our systems or staff.
• Fraud prevention and verification: We may share registration and payment information with fraud-prevention services and the payment gateway to detect and prevent fraudulent transactions.
• Retention period: Registrant personal and payment-related records are retained only for as long as necessary for legal, tax, or event administration purposes and then securely deleted or anonymized.
• Refunds and chargebacks: Refunds, chargebacks, and payment disputes require processing of transaction data; we retain the necessary records to investigate and resolve these requests.
• Sharing with third parties: We will not sell personal data; we disclose registrant data to third parties only for payment processing, event delivery (badges, catering), legal compliance, or with explicit consent.
• International transfers: If data is transferred outside the registrant's country for processing (including to payment processors), appropriate safeguards such as standard contractual clauses or equivalent protections will be applied.
• Registrant rights: Registrants have the right to access, correct, or request deletion of their personal data, to object to processing, and to request portability where applicable; contact details for exercising rights are provided below.
• Breach notification: In the event of a confirmed data breach affecting registrant personal data, we will notify affected individuals and relevant authorities in accordance with applicable law.
• Children and student status: If a registrant is under any legal age threshold requiring parental consent, we will request and record appropriate consent and process data in line with applicable protections for minors.
• Contact and policy changes: We provide a clear contact point for privacy inquiries and complaints; we will publish updates to this policy and notify registrants of material changes prior to implementation.

Contact for privacy requests: admin@atoms.org.in